[GLSA-201412-27] Ruby: Denial of service

Severity Normal

Affected Packages 1

Unaffected Packages 2

CVEs 11

Multiple vulnerabilities have been found in Ruby, allowing context-dependent attackers to cause a Denial of Service condition.

Background
Ruby is an object-oriented scripting language.

Description
Multiple vulnerabilities have been discovered in Ruby. Please review the
CVE identifiers referenced below for details.

Impact
A context-dependent attacker could possibly execute arbitrary code with
the privileges of the process, cause a Denial of Service condition, or
bypass security restrictions.

Workaround
There is no known workaround at this time.

Resolution
All Ruby 1.9 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.9.3_p551"

All Ruby 2.0 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/ruby-2.0.0_p598"

Package	Affected Version
pkg:ebuild/dev-lang/ruby?distro=gentoo	< 2.0.0_p598

Package	Unaffected Version
pkg:ebuild/dev-lang/ruby?distro=gentoo	>= 1.9.3_p551
pkg:ebuild/dev-lang/ruby?distro=gentoo	>= 2.0.0_p598

ID

GLSA-201412-27

Severity

normal

URL

https://security.gentoo.org/glsa/201412-27

Published

2014-12-13T00:00:00
(9 years ago)

Modified

2014-12-13T00:00:00
(9 years ago)

Rights

Gentoo Foundation, Inc.

Other Advisories

Source	# ID	Name	URL
CVE	CVE-2011-0188	CVE-2011-0188	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0188
CVE	CVE-2011-1004	CVE-2011-1004	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1004
CVE	CVE-2011-1005	CVE-2011-1005	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1005
CVE	CVE-2011-4815	CVE-2011-4815	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4815
CVE	CVE-2012-4481	CVE-2012-4481	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4481
CVE	CVE-2012-5371	CVE-2012-5371	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5371
CVE	CVE-2013-0269	CVE-2013-0269	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0269
CVE	CVE-2013-1821	CVE-2013-1821	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1821
CVE	CVE-2013-4164	CVE-2013-4164	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4164
CVE	CVE-2014-8080	CVE-2014-8080	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8080
CVE	CVE-2014-8090	CVE-2014-8090	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8090
Bugzilla	355439	Bugzilla #355439	https://bugs.gentoo.org/show_bug.cgi?id=355439
Bugzilla	369141	Bugzilla #369141	https://bugs.gentoo.org/show_bug.cgi?id=369141
Bugzilla	396301	Bugzilla #396301	https://bugs.gentoo.org/show_bug.cgi?id=396301
Bugzilla	437366	Bugzilla #437366	https://bugs.gentoo.org/show_bug.cgi?id=437366
Bugzilla	442580	Bugzilla #442580	https://bugs.gentoo.org/show_bug.cgi?id=442580
Bugzilla	458776	Bugzilla #458776	https://bugs.gentoo.org/show_bug.cgi?id=458776
Bugzilla	492282	Bugzilla #492282	https://bugs.gentoo.org/show_bug.cgi?id=492282
Bugzilla	527084	Bugzilla #527084	https://bugs.gentoo.org/show_bug.cgi?id=527084
Bugzilla	529216	Bugzilla #529216	https://bugs.gentoo.org/show_bug.cgi?id=529216

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:ebuild/dev-lang/ruby?distro=gentoo	dev-lang	ruby	< 2.0.0_p598	gentoo
Unaffected	pkg:ebuild/dev-lang/ruby?distro=gentoo	dev-lang	ruby	>= 1.9.3_p551	gentoo
Unaffected	pkg:ebuild/dev-lang/ruby?distro=gentoo	dev-lang	ruby	>= 2.0.0_p598	gentoo

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date