[SECURITY] [DLA 215-1] libjson-ruby security update

2015-04-30T16:34:59
ID DEBIAN:DLA-215-1:65755
Type debian
Reporter Debian
Modified 2015-04-30T16:34:59

Description

Package : libjson-ruby Version : 1.1.9-1+deb6u1 CVE ID : CVE-2013-0269

The JSON gem for Ruby allowed remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability."

For Debian 6 “Squeeze”, this issue has been fixed in libjson-ruby version 1.1.9-1+deb6u1.

-- Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/