Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-263-1:BBAC7
HistoryJul 01, 2015 - 10:09 a.m.

[SECURITY] [DLA 263-1] ruby1.9.1 security update

2015-07-0110:09:26
lists.debian.org
23

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.3%

JSON

Package : ruby1.9.1
Version : 1.9.2.0-2+deb6u5
CVE ID : CVE-2012-5371 CVE-2013-0269
Debian Bug : 693024 700471

Two vulnerabilities were identified in the Ruby language interpreter,
version 1.9.1.

CVE-2012-5371

Jean-Philippe Aumasson identified that Ruby computed hash values
without properly restricting the ability to trigger hash collisions
predictably, allowing context-dependent attackers to cause a denial
of service (CPU consumption). This is a different vulnerability than
CVE-2011-4815.

CVE-2013-0269

Thomas Hollstegge and Ben Murphy found that the JSON gem for Ruby
allowed remote attackers to cause a denial of service (resource
consumption) or bypass the mass assignment protection mechanism via
a crafted JSON document that triggers the creation of arbitrary Ruby
symbols or certain internal objects.

For the squeeze distribution, theses vulnerabilities have been fixed in
version 1.9.2.0-2+deb6u5 of ruby1.9.1. We recommend that you upgrade
your ruby1.9.1 package.
Attachment:
signature.asc
Description: Digital signature

OSVersionArchitecturePackageVersionFilename
Debian6amd64libjson-ruby1.8< 1.1.9-1+deb6u1libjson-ruby1.8_1.1.9-1+deb6u1_amd64.deb
Debian6allruby1.9.1-examples< 1.9.2.0-2+deb6u5ruby1.9.1-examples_1.9.2.0-2+deb6u5_all.deb
Debian6amd64libruby1.9.1< 1.9.2.0-2+deb6u5libruby1.9.1_1.9.2.0-2+deb6u5_amd64.deb
Debian6alllibjson-ruby< 1.1.9-1+deb6u1libjson-ruby_1.1.9-1+deb6u1_all.deb
Debian6allruby1.9.1-elisp< 1.9.2.0-2+deb6u5ruby1.9.1-elisp_1.9.2.0-2+deb6u5_all.deb
Debian6allruby1.9.1-full< 1.9.2.0-2+deb6u5ruby1.9.1-full_1.9.2.0-2+deb6u5_all.deb
Debian6i386ruby1.9.1< 1.9.2.0-2+deb6u5ruby1.9.1_1.9.2.0-2+deb6u5_i386.deb
Debian6allri1.9.1< 1.9.2.0-2+deb6u5ri1.9.1_1.9.2.0-2+deb6u5_all.deb
Debian6i386libtcltk-ruby1.9.1< 1.9.2.0-2+deb6u5libtcltk-ruby1.9.1_1.9.2.0-2+deb6u5_i386.deb
Debian6i386libruby1.9.1< 1.9.2.0-2+deb6u5libruby1.9.1_1.9.2.0-2+deb6u5_i386.deb
Rows per page:
1-10 of 201

Related

openvas 56
nessus 54
osv 5
cve 5
ubuntucve 4
prion 4
rubygems 5
securityvulns 5
ubuntu 2
fedora 10
slackware 2
freebsd 4
veracode 5
seebug 2
centos 2
amazon 7
oraclelinux 2
jvn 1
redhat 6
debiancve 2
suse 5
hackerone 1
debian 3
github 2
gentoo 1
alpinelinux 1
redhatcve 1
threatpost 1
cert 1
openvas
openvas
Debian: Security Advisory (DLA-263-1)
2023-03-08 00:00:00
Ubuntu Update for ruby1.9.1 USN-1733-1
2013-02-22 00:00:00
Ubuntu: Security Advisory (USN-1733-1)
2013-02-22 00:00:00
nessus
nessus
Debian DLA-263-1 : ruby1.9.1 security update
2015-07-02 00:00:00
Ubuntu 12.04 LTS / 12.10 : ruby1.9.1 vulnerabilities (USN-1733-1)
2013-02-22 00:00:00
FreeBSD : ruby -- Hash-flooding DoS vulnerability for ruby 1.9 (5e647ca3-2aea-11e2-b745-001fd0af1a4c)
2012-11-12 00:00:00
osv
osv
ruby1.9.1 - security update
2015-07-01 00:00:00
JSON gem has Improper Input Validation vulnerability
2017-10-24 18:33:37
CVE-2020-10663
2020-04-28 21:15:11
cve
cve
CVE-2012-5371
2012-11-28 13:03:00
CVE-2011-4815
2011-12-30 01:55:00
CVE-2013-0269
2013-02-13 01:55:00
ubuntucve
ubuntucve
CVE-2012-5371
2012-11-28 00:00:00
CVE-2011-4815
2011-12-29 00:00:00
CVE-2013-0269
2013-02-12 00:00:00
prion
prion
Design/Logic Flaw
2012-11-28 13:03:00
Code injection
2011-12-30 01:55:00
Sql injection
2013-02-13 01:55:00
rubygems
rubygems
CVE-2012-5371 ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)
2012-11-22 20:00:00
CVE-2011-4815 ruby: hash table collisions CPU usage DoS (oCERT-2011-003)
2011-12-27 20:00:00
CVE-2013-0269 rubygem-json: Denial of Service and SQL Injection
2013-02-11 20:00:00
securityvulns
securityvulns
Ruby multiple security vulnerabilities
2013-02-24 00:00:00
[USN-1733-1] Ruby vulnerabilities
2013-02-24 00:00:00
n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table
2012-01-02 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2013-02-21 00:00:00
Ruby vulnerabilities
2012-02-28 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: ruby-1.9.3.327-22.fc18
2012-11-23 07:52:57
[SECURITY] Fedora 16 Update: ruby-1.8.7.357-1.fc16
2012-01-11 06:06:56
[SECURITY] Fedora 18 Update: rubygem-json-1.6.8-1.fc18
2013-03-05 23:31:15
slackware
slackware
[slackware-security] ruby
2012-12-07 03:51:38
ruby
2013-03-16 01:11:53
freebsd
freebsd
ruby -- Hash-flooding DoS vulnerability for ruby 1.9
2012-11-10 00:00:00
Ruby -- Denial of Service and Unsafe Object Creation Vulnerability in JSON
2013-02-11 00:00:00
rubygem-json -- Unsafe Objection Creation Vulnerability in JSON (Additional fix)
2020-03-19 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:53:45
Denial Of Service (DoS)
2020-04-10 01:07:08
Denial Of Service (DoS)
2020-03-23 03:14:43
seebug
seebug
Ruby哈希冲突拒绝服务漏洞
2011-12-30 00:00:00
Multiple Programming Language Implementations Vulnerable to Hash Table Collision Attacks
2011-12-29 00:00:00
centos
centos
ruby security update
2012-01-30 20:27:31
irb, ruby security update
2012-01-30 18:44:29
amazon
amazon
Important: ruby
2012-01-19 20:02:00
Medium: ruby19, ruby21
2020-08-26 23:10:00
Medium: rubygem-json
2020-08-26 23:09:00
oraclelinux
oraclelinux
ruby security update
2012-01-30 00:00:00
ruby security update
2012-01-30 00:00:00
jvn
jvn
JVN#90615481: Ruby hash table implementation vulnerable to denial-of-service
2012-07-06 00:00:00
redhat
redhat
(RHSA-2012:0069) Moderate: ruby security update
2012-01-30 00:00:00
(RHSA-2012:0070) Moderate: ruby security update
2012-01-30 00:00:00
(RHSA-2013:0701) Moderate: ruby193-ruby, rubygem-json and rubygem-rdoc security update
2013-04-02 00:00:00
debiancve
debiancve
CVE-2013-0269
2013-02-13 01:55:00
CVE-2020-10663
2020-04-28 21:15:00
suse
suse
Security update for rubygem-json_pure (important)
2013-04-09 19:04:58
Security update for rubygem-json_pure (important)
2013-04-03 20:08:23
Security update for rubygem-extlib (important)
2013-04-03 20:10:37
hackerone
hackerone
Ruby: Variant of CVE-2013-0269 (Denial of Service and Unsafe Object Creation Vulnerability in JSON)
2019-10-03 05:19:48
debian
debian
[SECURITY] [DLA 215-1] libjson-ruby security update
2015-04-30 16:34:41
[SECURITY] [DLA 2192-1] ruby2.1 security update
2020-04-30 22:01:47
[SECURITY] [DLA 88-1] ruby1.8 security update
2014-11-21 15:18:14
github
github
JSON gem has Improper Input Validation vulnerability
2017-10-24 18:33:37
Unsafe object creation in json RubyGem
2020-07-27 18:08:21
gentoo
gentoo
Ruby: Denial of service
2014-12-13 00:00:00
alpinelinux
alpinelinux
CVE-2020-10663
2020-04-28 21:15:00
redhatcve
redhatcve
CVE-2020-10663
2020-04-24 04:33:39
threatpost
threatpost
Ruby on Rails Patches DoS, Remote Execution Flaws
2013-02-13 17:51:57
cert
cert
Hash table implementations vulnerable to algorithmic complexity attacks
2011-12-28 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.3%

JSON
Related for DEBIAN:DLA-263-1:BBAC7
openvas56nessus54osv5cve5ubuntucve4prion4rubygems5securityvulns5ubuntu2fedora10slackware2freebsd4veracode5seebug2centos2amazon7oraclelinux2jvn1redhat6debiancve2suse5hackerone1debian3github2gentoo1alpinelinux1redhatcve1threatpost1cert1