[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2158-1] ruby2.1 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : ruby2.1
Version        : 2.1.5-2+deb8u9
CVE ID         : CVE-2016-2338


An exploitable heap overflow vulnerability exists in the
Psych::Emitter startdocument function of Ruby. In Psych::Emitter
startdocument function heap buffer "head" allocation is made based on
tags array length. Specially constructed object passed as element of
tags array can increase this array size after mentioned allocation and
cause heap overflow

For Debian 8 "Jessie", this problem has been fixed in version
2.1.5-2+deb8u9.

We recommend that you upgrade your ruby2.1 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl57WvoACgkQhj1N8u2c
KO+V8xAAiB/hoW3mVneUuakeHhQ2RsSjMSHKGSgqR2BToppkp1KEtKFAVCMfxUAE
aF+7vqx4kVyexGAOJqW52e61uQL6hYh7VrpAfpZXcTV9Fwfb9qLp78d2c3dHYU9z
xMQJDv5ioMYJtBLnjyNll0sSOvv3HcrLTyvakBv+VcWCPKzCklX5eN7OCojyiAZO
Ze0xrEyh/G2IBQ/ugYRkCMTciHdD8C5hs+JtrT0O+7hn3v15MRIIrMwqiVOle0+H
YjqIZSsDB6QI7A57x4c01ju+oRr8YSP99ST/gB5zALKAd08O5itfR70fURvtCNHL
RFGBEtWum47vJg3/F/oUzbQkU+pE7KknOvMzQetX7I3PvTFpF+uzMeKJhnu9hYAX
jmSj/nlf26if27/kACO11tb7HH9MnCrwBuG5JanWjiJ04dNuo+Ov+KZS89JV+N+W
42arwO893uuIzI/bEQfcfJ4QKzYB5HkKyS3UHIH8yE72EULMymhs6VaLg3AeNtC9
aSrBMSTyzgPEJ03h8sQ4hJ00pCyYtnYeH/WZwT1Sxet05X+rLKZ8XL3M4OC+Ttja
vZV7/8oFIRJnHPtkwbDhHaN8QbdcRbxhaU0DqM+CfJuHb2+mOAxMsXej1baQ0P0c
KWKLzIEeAYFgpLuHDJ1/E2MftatkwCIfBHaDfTadhK6JYr1wzOM=
=0HFa
-----END PGP SIGNATURE-----


Reply to: