Lucene search
AmazonALAS-2012-035HistoryJan 19, 2012 - 8:02 p.m.
Important: ruby
2012-01-1920:02:00
alas.aws.amazon.com
14
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.02 Low
EPSS
Percentile
88.7%
Issue Overview:
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Affected Packages:
ruby
Issue Correction:
Run yum update ruby to update your system.
New Packages:
i686:
ruby-1.8.7.357-1.10.amzn1.i686
ruby-static-1.8.7.357-1.10.amzn1.i686
ruby-libs-1.8.7.357-1.10.amzn1.i686
ruby-ri-1.8.7.357-1.10.amzn1.i686
ruby-debuginfo-1.8.7.357-1.10.amzn1.i686
ruby-devel-1.8.7.357-1.10.amzn1.i686
noarch:
ruby-irb-1.8.7.357-1.10.amzn1.noarch
ruby-rdoc-1.8.7.357-1.10.amzn1.noarch
src:
ruby-1.8.7.357-1.10.amzn1.src
x86_64:
ruby-devel-1.8.7.357-1.10.amzn1.x86_64
ruby-ri-1.8.7.357-1.10.amzn1.x86_64
ruby-libs-1.8.7.357-1.10.amzn1.x86_64
ruby-1.8.7.357-1.10.amzn1.x86_64
ruby-static-1.8.7.357-1.10.amzn1.x86_64
ruby-debuginfo-1.8.7.357-1.10.amzn1.x86_64
Additional References
Red Hat: CVE-2011-4815
Mitre: CVE-2011-4815
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | ruby | < 1.8.7.357-1.10.amzn1 | ruby-1.8.7.357-1.10.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | ruby-static | < 1.8.7.357-1.10.amzn1 | ruby-static-1.8.7.357-1.10.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | ruby-libs | < 1.8.7.357-1.10.amzn1 | ruby-libs-1.8.7.357-1.10.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | ruby-ri | < 1.8.7.357-1.10.amzn1 | ruby-ri-1.8.7.357-1.10.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | ruby-debuginfo | < 1.8.7.357-1.10.amzn1 | ruby-debuginfo-1.8.7.357-1.10.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | ruby-devel | < 1.8.7.357-1.10.amzn1 | ruby-devel-1.8.7.357-1.10.amzn1.i686.rpm |
| Amazon Linux | 1 | noarch | ruby-irb | < 1.8.7.357-1.10.amzn1 | ruby-irb-1.8.7.357-1.10.amzn1.noarch.rpm |
| Amazon Linux | 1 | noarch | ruby-rdoc | < 1.8.7.357-1.10.amzn1 | ruby-rdoc-1.8.7.357-1.10.amzn1.noarch.rpm |
| Amazon Linux | 1 | x86_64 | ruby-devel | < 1.8.7.357-1.10.amzn1 | ruby-devel-1.8.7.357-1.10.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | ruby-ri | < 1.8.7.357-1.10.amzn1 | ruby-ri-1.8.7.357-1.10.amzn1.x86_64.rpm |
Related
openvas
openvas
RedHat Update for ruby RHSA-2012:0069-01
2012-07-09 00:00:00
Mandriva Update for ruby MDVSA-2012:024 (ruby)
2012-03-07 00:00:00
RedHat Update for ruby RHSA-2012:0069-01
2012-07-09 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : ruby (MDVSA-2012:024)
2012-02-29 00:00:00
Oracle Linux 6 : ruby (ELSA-2012-0069)
2013-07-12 00:00:00
CentOS 6 : ruby (CESA-2012:0069)
2012-01-31 00:00:00
seebug
seebug
Ruby哈希冲突拒绝服务漏洞
2011-12-30 00:00:00
oraclelinux
oraclelinux
ruby security update
2012-01-30 00:00:00
ruby security update
2012-01-30 00:00:00
centos
centos
ruby security update
2012-01-30 20:27:31
irb, ruby security update
2012-01-30 18:44:29
jvn
jvn
JVN#90615481: Ruby hash table implementation vulnerable to denial-of-service
2012-07-06 00:00:00
cve
cve
CVE-2011-4815
2011-12-30 01:55:00
CVE-2012-5371
2012-11-28 13:03:00
securityvulns
securityvulns
n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table
2012-01-02 00:00:00
[oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision
2012-01-02 00:00:00
Apple Mac OS X multiple security vulnerabilities
2012-08-20 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: ruby-1.8.7.357-1.fc16
2012-01-11 06:06:56
[SECURITY] Fedora 15 Update: ruby-1.8.7.357-1.fc15
2012-01-11 06:14:53
[SECURITY] Fedora 16 Update: ruby-1.8.7.358-4.fc16
2012-10-14 03:52:43
prion
prion
Code injection
2011-12-30 01:55:00
Design/Logic Flaw
2012-11-28 13:03:00
redhat
redhat
(RHSA-2012:0069) Moderate: ruby security update
2012-01-30 00:00:00
(RHSA-2012:0070) Moderate: ruby security update
2012-01-30 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:07:08
ubuntucve
ubuntucve
CVE-2011-4815
2011-12-29 00:00:00
CVE-2012-5371
2012-11-28 00:00:00
rubygems
rubygems
CVE-2011-4815 ruby: hash table collisions CPU usage DoS (oCERT-2011-003)
2011-12-27 20:00:00
osv
osv
ruby1.9.1 - security update
2015-07-01 00:00:00
ruby1.8 - security update
2014-11-21 00:00:00
debian
debian
[SECURITY] [DLA 263-1] ruby1.9.1 security update
2015-07-01 10:09:26
[SECURITY] [DLA 88-1] ruby1.8 security update
2014-11-21 15:18:14
freebsd
freebsd
Multiple implementations -- DoS via hash algorithm collision
2011-12-28 00:00:00
cert
cert
Hash table implementations vulnerable to algorithmic complexity attacks
2011-12-28 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2012-02-28 00:00:00
gentoo
gentoo
Ruby: Denial of service
2014-12-13 00:00:00
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.02 Low
EPSS
Percentile
88.7%
Related for ALAS-2012-035