[ALAS-2012-35] Amazon Linux - ALAS-2012-35: important priority package update for ruby
Package updates are available for Amazon Linux that fix the following vulnerabilities:
CVE-2011-4815:
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
A denial of service flaw was found in the implementation of associative arrays (hashes) in Ruby. An attacker able to supply a large number of inputs to a Ruby application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.
- ID
- ALAS-2012-35
- Severity
- important
- URL
- https://alas.aws.amazon.com/ALAS-2012-35.html
- Published
-
2012-01-19T20:02:00
(12 years ago) - Modified
-
2014-09-14T15:12:00
(10 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2011-4815 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4815 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/ruby?arch=x86_64&distro=amazonlinux-1 | amazonlinux | ruby | < 1.8.7.357-1.10.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/ruby?arch=i686&distro=amazonlinux-1 | amazonlinux | ruby | < 1.8.7.357-1.10.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/ruby-static?arch=x86_64&distro=amazonlinux-1 | amazonlinux | ruby-static | < 1.8.7.357-1.10.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/ruby-static?arch=i686&distro=amazonlinux-1 | amazonlinux | ruby-static | < 1.8.7.357-1.10.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/ruby-ri?arch=x86_64&distro=amazonlinux-1 | amazonlinux | ruby-ri | < 1.8.7.357-1.10.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/ruby-ri?arch=i686&distro=amazonlinux-1 | amazonlinux | ruby-ri | < 1.8.7.357-1.10.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/ruby-rdoc?arch=noarch&distro=amazonlinux-1 | amazonlinux | ruby-rdoc | < 1.8.7.357-1.10.amzn1 | amazonlinux-1 | noarch | |
Affected | pkg:rpm/amazonlinux/ruby-libs?arch=x86_64&distro=amazonlinux-1 | amazonlinux | ruby-libs | < 1.8.7.357-1.10.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/ruby-libs?arch=i686&distro=amazonlinux-1 | amazonlinux | ruby-libs | < 1.8.7.357-1.10.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/ruby-irb?arch=noarch&distro=amazonlinux-1 | amazonlinux | ruby-irb | < 1.8.7.357-1.10.amzn1 | amazonlinux-1 | noarch | |
Affected | pkg:rpm/amazonlinux/ruby-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | ruby-devel | < 1.8.7.357-1.10.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/ruby-devel?arch=i686&distro=amazonlinux-1 | amazonlinux | ruby-devel | < 1.8.7.357-1.10.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/ruby-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | ruby-debuginfo | < 1.8.7.357-1.10.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/ruby-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | ruby-debuginfo | < 1.8.7.357-1.10.amzn1 | amazonlinux-1 | i686 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |