Lucene search

K
debianDebianDEBIAN:DLA-88-1:4DC9E
HistoryNov 21, 2014 - 3:18 p.m.

[SECURITY] [DLA 88-1] ruby1.8 security update

2014-11-2115:18:14
lists.debian.org
9

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.02 Low

EPSS

Percentile

88.6%

Package : ruby1.8
Version : 1.8.7.302-2squeeze3
CVE ID : CVE-2011-0188 CVE-2011-2686 CVE-2011-2705 CVE-2011-4815
CVE-2014-8080 CVE-2014-8090

This update fixes multiple local and remote denial of service and remote code
execute problems:

CVE-2011-0188

Properly allocate memory, to prevent arbitrary code execution or application
crash. Reported by Drew Yao.

CVE-2011-2686

Reinitialize the random seed when forking to prevent CVE-2003-0900 like
situations.

CVE-2011-2705

Modify PRNG state to prevent random number sequence repeatation at forked
child process which has same pid. Reported by Eric Wong.

CVE-2011-4815

Fix a problem with predictable hash collisions resulting in denial of service
(CPU consumption) attacks. Reported by Alexander Klink and Julian Waelde.

CVE-2014-8080

Fix REXML parser to prevent memory consumption denial of service via crafted
XML documents. Reported by Willis Vandevanter.

CVE-2014-8090

Add REXML::Document#document to complement the fix for CVE-2014-8080.
Reported by Tomas Hoger.
Attachment:
signature.asc
Description: This is a digitally signed message part.

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.02 Low

EPSS

Percentile

88.6%

Related for DEBIAN:DLA-88-1:4DC9E