[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1167-1] ruby-yajl security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : ruby-yajl
Version        : 1.1.0-2+deb7u1
CVE ID         : CVE-2017-16516
Debian Bug     : 880691

A vulnerability was found in ruby-yajl, an interface to Yajl, a JSON
stream-based parser library. When a crafted JSON file is supplied to
Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT
in the yajl_string_decode function in yajl_encode.c. This may result
in a denial of service.

For Debian 7 "Wheezy", these problems have been fixed in version
1.1.0-2+deb7u1.

We recommend that you upgrade your ruby-yajl packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloDhhpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeTBJA/+PJWkDYYIwEJFWlOVuAh1Fw0LhJMcC2zvpsntzznnKd7LquKn+pEK4wRX
D8ymltb/LtkMtzPWTVvmLiKL7a6YlhWzqZiJ+tDMgS6oOdcUVwGTnXlcVc8wv1xb
OTYk6eUKVu71tpYEdcKRlOa9nB61GwRWp9jb0fjjC05SW0nXq2C7J/ovhUUEW9C+
jaBJo+eghpKK9fUm7v4uPagatz+7De7WQZ+h81853X2kp08U7d5a7zu59liAaRgl
RlupNlhpfFNFJv0RT4UJkYXfV30wvDZEPK4DZnjavC3P5m9pzeJRv0oy4TIr9dDt
Fux14wh1NulAtNW5ymUnG9SmGt3LrY5uVLZCAxISvQ8XUBMQxShO29Eow9+0tJMa
EECxoiCnwI58BDRqwz/DYqR2xTQTNwhrBn9PhKtGVLX4fkkq1Ci3bs/y4ntnkfyT
5U2ikVqsN/gcaDm0uy/ggGrk66hrAJBsWkD9Sf0+8S0RIRSeVtBn1THnGJA7aMlr
44Z2MAH66BXCsZieIwulaAQd+KsAJLMFSyaNtp9WwT6+5IDqU+SI+nLMF2F48f0+
fTgH4mgA9LHJYnFYuR2rSUOp3TlKng+OE8/Os26NT/RAzV14KPz5k61HiG5D1H4y
gu1c8nAl+6Mf3430480hL23DoV4mt6LL1w0XtVb7JFdO5O50lT0=
=Q612
-----END PGP SIGNATURE-----


Reply to: