[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 88-1] ruby1.8 security update

Package        : ruby1.8
Version        :
CVE ID         : CVE-2011-0188 CVE-2011-2686 CVE-2011-2705 CVE-2011-4815
                 CVE-2014-8080 CVE-2014-8090

This update fixes multiple local and remote denial of service and remote code
execute problems:

Properly allocate memory, to prevent arbitrary code execution or application 
crash. Reported by Drew Yao.


Reinitialize the random seed when forking to prevent  CVE-2003-0900 like 

Modify PRNG state to prevent random number sequence repeatation at forked 
child process which has same pid. Reported by Eric Wong.


Fix a problem with predictable hash collisions resulting in denial of service 
(CPU consumption) attacks. Reported by Alexander Klink and Julian Waelde.


Fix REXML parser to prevent memory consumption denial of service via crafted 
XML documents. Reported by Willis Vandevanter.


Add REXML::Document#document to complement the fix for  CVE-2014-8080.
Reported by Tomas Hoger.

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: