Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Slackware 14.1 SSA:2013-350-06 Critical: Ruby Heap Overflow

slackware
Calendar Grey December 17, 2013
Dist Slackware Esm H88
Recent updates to ruby libraries address a critical buffer overflow issue in Slackware. It's advisable to upgrade to enhance safety and system integrity.
New ruby packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue

Summary

Here are the details from the Slackware 14.1 ChangeLog: patches/packages/ruby-1.9.3_p484-i486-1_slack14.1.txz: Upgraded. This update fixes a heap overflow in floating point parsing. A specially crafted string could cause a heap overflow leading to a denial of service attack via segmentation faults and possibly arbitrary code execution. For more information, see: https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/ https://www.cve.org/CVERecord?id=CVE-2013-4164 (* Security fix *)

Topics%20covered

Topics Covered

security advisory denial of service critical code execution slackware heap overflow ruby

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ruby-1.9.3_p484-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ruby-1.9.3_p484-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ruby-1.9.3_p484-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ruby-1.9.3_p484-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ruby-1.9.3_p484-i486-1_slack14.0.txz
Updated pa...

Read the Full Advisory

MD5 Signatures

Slackware 13.1 package: a9c7fc1b752d9dbebf729639768f0ff9 ruby-1.9.3_p484-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: b78129d604ac455d1b28d54f28c2742a ruby-1.9.3_p484-x86_64-1_slack13.1.txz
Slackware 13.37 package: b195b07dff2bea6a3c4ad26686ed2bfe ruby-1.9.3_p484-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: a24d37e579ec1756896fabe5c158a83a ruby-1.9.3_p484-x86_64-1_slack13.37.txz
Slackware 14.0 package: 334fab8b88a0474b7ddd551c3f945492 ruby-1.9.3_p484-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: ad5cc7610fd06dae0bcae1b89c8b9659 ruby-1.9.3_p484-x86_64-1_slack14.0.txz
Slackware 14.1 package: 74555154cbd4bac223f6121f30821f1f ruby-1.9.3_p484-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 172e5c26ed18318e28668820e36ac0a0 ruby-1.9.3_p484-x86_64-1_slack14.1.txz
Slackware -current package: b865aec63c8a52ad041ea3d7b6febfda d/ruby-1.9.3_p484-i486-1.txz
Slackware x86_64 -current package: 9ddaa67e1d06d2d37eda294b749ff91d d/ruby-1.9.3_p484-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory denial of service critical code execution slackware heap overflow ruby

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg ruby-1.9.3_p484-i486-1_slack14.1.txz

Related News

Your message here