Описание
ELSA-2013-1764: ruby security update (CRITICAL)
[1.8.7.352-13]
- Workaround build issues against OpenSSL with enabled ECC curves.
- Make DRb compatible with OpenSSL 1.0.1.
- ruby-1.9.3-p222-generate-1024-bits-RSA-key-instead-of-512-bits.patch
- Fix CVE-2013-4164 Heap Overflow in Floating Point Parsing
- ruby-1.9.3-p484-CVE-2013-4164-ignore-too-long-fraction-part-which-does-not-affect-the-result.patch
- Resolves: rhbz#1033500
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
ruby
1.8.7.352-13.el6
ruby-devel
1.8.7.352-13.el6
ruby-docs
1.8.7.352-13.el6
ruby-irb
1.8.7.352-13.el6
ruby-libs
1.8.7.352-13.el6
ruby-rdoc
1.8.7.352-13.el6
ruby-ri
1.8.7.352-13.el6
ruby-static
1.8.7.352-13.el6
ruby-tcltk
1.8.7.352-13.el6
Oracle Linux i686
ruby
1.8.7.352-13.el6
ruby-devel
1.8.7.352-13.el6
ruby-docs
1.8.7.352-13.el6
ruby-irb
1.8.7.352-13.el6
ruby-libs
1.8.7.352-13.el6
ruby-rdoc
1.8.7.352-13.el6
ruby-ri
1.8.7.352-13.el6
ruby-static
1.8.7.352-13.el6
ruby-tcltk
1.8.7.352-13.el6
Связанные CVE
Связанные уязвимости
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 bef ...
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.