[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 88-1] ruby1.8 security update



Package        : ruby1.8
Version        : 1.8.7.302-2squeeze3
CVE ID         : CVE-2011-0188 CVE-2011-2686 CVE-2011-2705 CVE-2011-4815
                 CVE-2014-8080 CVE-2014-8090

This update fixes multiple local and remote denial of service and remote code
execute problems:

CVE-2011-0188 
 
Properly allocate memory, to prevent arbitrary code execution or application 
crash. Reported by Drew Yao.

CVE-2011-2686

Reinitialize the random seed when forking to prevent  CVE-2003-0900 like 
situations.

CVE-2011-2705 
 
Modify PRNG state to prevent random number sequence repeatation at forked 
child process which has same pid. Reported by Eric Wong.

CVE-2011-4815

Fix a problem with predictable hash collisions resulting in denial of service 
(CPU consumption) attacks. Reported by Alexander Klink and Julian Waelde.

CVE-2014-8080

Fix REXML parser to prevent memory consumption denial of service via crafted 
XML documents. Reported by Willis Vandevanter.

CVE-2014-8090

Add REXML::Document#document to complement the fix for  CVE-2014-8080.
Reported by Tomas Hoger.

Attachment: signature.asc
Description: This is a digitally signed message part.


Reply to: