Debian Security Advisory
DLA-235-1 ruby1.9.1 -- LTS security update
- Date Reported:
- 30 May 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2011-0188, CVE-2011-2705, CVE-2012-4522, CVE-2013-0256, CVE-2013-2065, CVE-2015-1855.
- More information:
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."
use upstream SVN r32050 to modify PRNG state to prevent random number sequence repeatation at forked child process which has same pid. Reported by Eric Wong.
The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.
OpenSSL extension hostname matching implementation violates RFC 6125