[GLSA-201412-27] Ruby: Denial of service
Multiple vulnerabilities have been found in Ruby, allowing context-dependent attackers to cause a Denial of Service condition.
Background
Ruby is an object-oriented scripting language.
Description
Multiple vulnerabilities have been discovered in Ruby. Please review the
CVE identifiers referenced below for details.
Impact
A context-dependent attacker could possibly execute arbitrary code with
the privileges of the process, cause a Denial of Service condition, or
bypass security restrictions.
Workaround
There is no known workaround at this time.
Resolution
All Ruby 1.9 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.9.3_p551"
All Ruby 2.0 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/ruby-2.0.0_p598"
Package | Affected Version |
---|---|
pkg:ebuild/dev-lang/ruby?distro=gentoo | < 2.0.0_p598 |
Package | Unaffected Version |
---|---|
pkg:ebuild/dev-lang/ruby?distro=gentoo | >= 1.9.3_p551 |
pkg:ebuild/dev-lang/ruby?distro=gentoo | >= 2.0.0_p598 |
- ID
- GLSA-201412-27
- Severity
- normal
- URL
- https://security.gentoo.org/glsa/201412-27
- Published
-
2014-12-13T00:00:00
(9 years ago) - Modified
-
2014-12-13T00:00:00
(9 years ago) - Rights
- Gentoo Foundation, Inc.
- Other Advisories
-
- ALAS-2012-35
- ALAS-2013-173
- ALAS-2013-195
- ALAS-2013-247
- ALAS-2013-248
- ALAS-2014-439
- ALAS-2014-441
- ALAS-2014-447
- ALAS-2014-448
- ALAS-2014-449
- DSA-2738-1
- DSA-2809-1
- DSA-2810-1
- DSA-3157-1
- DSA-3159-1
- ELSA-2011-0909
- ELSA-2011-0910
- ELSA-2012-0069
- ELSA-2012-0070
- ELSA-2013-0129
- ELSA-2013-0611
- ELSA-2013-0612
- ELSA-2013-1764
- ELSA-2014-1911
- ELSA-2014-1912
- FEDORA-2011-17542
- FEDORA-2011-17551
- FEDORA-2011-1913
- FEDORA-2012-15507
- FEDORA-2012-17949
- FEDORA-2012-18017
- FEDORA-2013-12062
- FEDORA-2013-22315
- FEDORA-2013-22393
- FEDORA-2013-22423
- FEDORA-2013-3038
- FEDORA-2013-3050
- FEDORA-2013-3052
- FEDORA-2013-8411
- FEDORA-2014-14096
- FREEBSD:5E647CA3-2AEA-11E2-B745-001FD0AF1A4C
- FREEBSD:91BE81E7-3FEA-11E1-AFC7-2C4138874F7D
- FREEBSD:C79EB109-A754-45D7-B552-A42099EB2265
- FREEBSD:CC9043CF-7F7A-426E-B2CC-8D1980618113
- MAVEN:GHSA-HGG7-CGHQ-XHF4
- RHSA-2011:0910
- RHSA-2012:0069
- RHSA-2013:0612
- RHSA-2013:1764
- RHSA-2014:1911
- RHSA-2014:1912
- RUBYSEC:JSON-2013-0269
- RUBYSEC:JSON-2020-10663
- SSA:2012-341-04
- SSA:2013-075-01
- SSA:2013-350-06
- USN-1377-1
- USN-1583-1
- USN-1603-1
- USN-1603-2
- USN-1733-1
- USN-1780-1
- USN-2035-1
- USN-2397-1
- USN-2412-1
- VU:903934
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:ebuild/dev-lang/ruby?distro=gentoo | dev-lang | ruby | < 2.0.0_p598 | gentoo | ||
Unaffected | pkg:ebuild/dev-lang/ruby?distro=gentoo | dev-lang | ruby | >= 1.9.3_p551 | gentoo | ||
Unaffected | pkg:ebuild/dev-lang/ruby?distro=gentoo | dev-lang | ruby | >= 2.0.0_p598 | gentoo |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |