7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
88.3%
Package : ruby1.9.1
Version : 1.9.2.0-2+deb6u5
CVE ID : CVE-2012-5371 CVE-2013-0269
Debian Bug : 693024 700471
Two vulnerabilities were identified in the Ruby language interpreter,
version 1.9.1.
CVE-2012-5371
Jean-Philippe Aumasson identified that Ruby computed hash values
without properly restricting the ability to trigger hash collisions
predictably, allowing context-dependent attackers to cause a denial
of service (CPU consumption). This is a different vulnerability than
CVE-2011-4815.
CVE-2013-0269
Thomas Hollstegge and Ben Murphy found that the JSON gem for Ruby
allowed remote attackers to cause a denial of service (resource
consumption) or bypass the mass assignment protection mechanism via
a crafted JSON document that triggers the creation of arbitrary Ruby
symbols or certain internal objects.
For the squeeze distribution, theses vulnerabilities have been fixed in
version 1.9.2.0-2+deb6u5 of ruby1.9.1. We recommend that you upgrade
your ruby1.9.1 package.
Attachment:
signature.asc
Description: Digital signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | amd64 | libjson-ruby1.8 | < 1.1.9-1+deb6u1 | libjson-ruby1.8_1.1.9-1+deb6u1_amd64.deb |
Debian | 6 | all | ruby1.9.1-examples | < 1.9.2.0-2+deb6u5 | ruby1.9.1-examples_1.9.2.0-2+deb6u5_all.deb |
Debian | 6 | amd64 | libruby1.9.1 | < 1.9.2.0-2+deb6u5 | libruby1.9.1_1.9.2.0-2+deb6u5_amd64.deb |
Debian | 6 | all | libjson-ruby | < 1.1.9-1+deb6u1 | libjson-ruby_1.1.9-1+deb6u1_all.deb |
Debian | 6 | all | ruby1.9.1-elisp | < 1.9.2.0-2+deb6u5 | ruby1.9.1-elisp_1.9.2.0-2+deb6u5_all.deb |
Debian | 6 | all | ruby1.9.1-full | < 1.9.2.0-2+deb6u5 | ruby1.9.1-full_1.9.2.0-2+deb6u5_all.deb |
Debian | 6 | i386 | ruby1.9.1 | < 1.9.2.0-2+deb6u5 | ruby1.9.1_1.9.2.0-2+deb6u5_i386.deb |
Debian | 6 | all | ri1.9.1 | < 1.9.2.0-2+deb6u5 | ri1.9.1_1.9.2.0-2+deb6u5_all.deb |
Debian | 6 | i386 | libtcltk-ruby1.9.1 | < 1.9.2.0-2+deb6u5 | libtcltk-ruby1.9.1_1.9.2.0-2+deb6u5_i386.deb |
Debian | 6 | i386 | libruby1.9.1 | < 1.9.2.0-2+deb6u5 | libruby1.9.1_1.9.2.0-2+deb6u5_i386.deb |