[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 209-1] jruby security update



Package        : jruby
Version        : 1.5.1-1+deb6u1
CVE ID         : CVE-2011-4838
Debian Bug     : 686867

JRuby before 1.6.5.1 computes hash values without restricting the ability to
trigger hash collisions predictably, which allows context-dependent attackers
to cause a denial of service (CPU consumption) via crafted input to an
application that maintains a hash table. Note: This update includes
corrections to the original fix for later Debian releases to avoid the issues
identified in CVE-2012-5370.

Attachment: signature.asc
Description: This is a digitally signed message part.


Reply to: