Debian Security Advisory

DLA-235-1 ruby1.9.1 -- LTS security update

Date Reported:
30 May 2015
Affected Packages:
ruby1.9.1
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2011-0188, CVE-2011-2705, CVE-2012-4522, CVE-2013-0256, CVE-2013-2065, CVE-2015-1855.
More information:
  • CVE-2011-0188

    The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."

  • CVE-2011-2705

    use upstream SVN r32050 to modify PRNG state to prevent random number sequence repeatation at forked child process which has same pid. Reported by Eric Wong.

  • CVE-2012-4522

    The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.

  • CVE-2013-0256

    darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

  • CVE-2013-2065

    (1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.

  • CVE-2015-1855

    OpenSSL extension hostname matching implementation violates RFC 6125