1. Home
  2. Security Advisories
  3. Amazon Linux
  4. ALAS-2012-35

[ALAS-2012-35] Amazon Linux - ALAS-2012-35: important priority package update for ruby

Severity Important
Affected Packages 14
CVEs 1
Info Packages References Vulnerabilities

Package updates are available for Amazon Linux that fix the following vulnerabilities:
CVE-2011-4815:
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
A denial of service flaw was found in the implementation of associative arrays (hashes) in Ruby. An attacker able to supply a large number of inputs to a Ruby application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.

Package Affected Version
pkg:rpm/amazonlinux/ruby?arch=x86_64&distro=amazonlinux-1 < 1.8.7.357-1.10.amzn1
pkg:rpm/amazonlinux/ruby?arch=i686&distro=amazonlinux-1 < 1.8.7.357-1.10.amzn1
pkg:rpm/amazonlinux/ruby-static?arch=x86_64&distro=amazonlinux-1 < 1.8.7.357-1.10.amzn1
pkg:rpm/amazonlinux/ruby-static?arch=i686&distro=amazonlinux-1 < 1.8.7.357-1.10.amzn1
pkg:rpm/amazonlinux/ruby-ri?arch=x86_64&distro=amazonlinux-1 < 1.8.7.357-1.10.amzn1
pkg:rpm/amazonlinux/ruby-ri?arch=i686&distro=amazonlinux-1 < 1.8.7.357-1.10.amzn1
pkg:rpm/amazonlinux/ruby-rdoc?arch=noarch&distro=amazonlinux-1 < 1.8.7.357-1.10.amzn1
pkg:rpm/amazonlinux/ruby-libs?arch=x86_64&distro=amazonlinux-1 < 1.8.7.357-1.10.amzn1
pkg:rpm/amazonlinux/ruby-libs?arch=i686&distro=amazonlinux-1 < 1.8.7.357-1.10.amzn1
pkg:rpm/amazonlinux/ruby-irb?arch=noarch&distro=amazonlinux-1 < 1.8.7.357-1.10.amzn1
pkg:rpm/amazonlinux/ruby-devel?arch=x86_64&distro=amazonlinux-1 < 1.8.7.357-1.10.amzn1
pkg:rpm/amazonlinux/ruby-devel?arch=i686&distro=amazonlinux-1 < 1.8.7.357-1.10.amzn1
pkg:rpm/amazonlinux/ruby-debuginfo?arch=x86_64&distro=amazonlinux-1 < 1.8.7.357-1.10.amzn1
pkg:rpm/amazonlinux/ruby-debuginfo?arch=i686&distro=amazonlinux-1 < 1.8.7.357-1.10.amzn1
ID
ALAS-2012-35
Severity
important
URL
https://alas.aws.amazon.com/ALAS-2012-35.html
Published
2012-01-19T20:02:00
(12 years ago)
Modified
2014-09-14T15:12:00
(10 years ago)
Rights
Amazon Linux Security Team
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/amazonlinux/ruby?arch=x86_64&distro=amazonlinux-1 amazonlinux ruby < 1.8.7.357-1.10.amzn1 amazonlinux-1 x86_64
Affected pkg:rpm/amazonlinux/ruby?arch=i686&distro=amazonlinux-1 amazonlinux ruby < 1.8.7.357-1.10.amzn1 amazonlinux-1 i686
Affected pkg:rpm/amazonlinux/ruby-static?arch=x86_64&distro=amazonlinux-1 amazonlinux ruby-static < 1.8.7.357-1.10.amzn1 amazonlinux-1 x86_64
Affected pkg:rpm/amazonlinux/ruby-static?arch=i686&distro=amazonlinux-1 amazonlinux ruby-static < 1.8.7.357-1.10.amzn1 amazonlinux-1 i686
Affected pkg:rpm/amazonlinux/ruby-ri?arch=x86_64&distro=amazonlinux-1 amazonlinux ruby-ri < 1.8.7.357-1.10.amzn1 amazonlinux-1 x86_64
Affected pkg:rpm/amazonlinux/ruby-ri?arch=i686&distro=amazonlinux-1 amazonlinux ruby-ri < 1.8.7.357-1.10.amzn1 amazonlinux-1 i686
Affected pkg:rpm/amazonlinux/ruby-rdoc?arch=noarch&distro=amazonlinux-1 amazonlinux ruby-rdoc < 1.8.7.357-1.10.amzn1 amazonlinux-1 noarch
Affected pkg:rpm/amazonlinux/ruby-libs?arch=x86_64&distro=amazonlinux-1 amazonlinux ruby-libs < 1.8.7.357-1.10.amzn1 amazonlinux-1 x86_64
Affected pkg:rpm/amazonlinux/ruby-libs?arch=i686&distro=amazonlinux-1 amazonlinux ruby-libs < 1.8.7.357-1.10.amzn1 amazonlinux-1 i686
Affected pkg:rpm/amazonlinux/ruby-irb?arch=noarch&distro=amazonlinux-1 amazonlinux ruby-irb < 1.8.7.357-1.10.amzn1 amazonlinux-1 noarch
Affected pkg:rpm/amazonlinux/ruby-devel?arch=x86_64&distro=amazonlinux-1 amazonlinux ruby-devel < 1.8.7.357-1.10.amzn1 amazonlinux-1 x86_64
Affected pkg:rpm/amazonlinux/ruby-devel?arch=i686&distro=amazonlinux-1 amazonlinux ruby-devel < 1.8.7.357-1.10.amzn1 amazonlinux-1 i686
Affected pkg:rpm/amazonlinux/ruby-debuginfo?arch=x86_64&distro=amazonlinux-1 amazonlinux ruby-debuginfo < 1.8.7.357-1.10.amzn1 amazonlinux-1 x86_64
Affected pkg:rpm/amazonlinux/ruby-debuginfo?arch=i686&distro=amazonlinux-1 amazonlinux ruby-debuginfo < 1.8.7.357-1.10.amzn1 amazonlinux-1 i686
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date