7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.02 Low
EPSS
Percentile
88.6%
Package : ruby1.8
Version : 1.8.7.302-2squeeze3
CVE ID : CVE-2011-0188 CVE-2011-2686 CVE-2011-2705 CVE-2011-4815
CVE-2014-8080 CVE-2014-8090
This update fixes multiple local and remote denial of service and remote code
execute problems:
CVE-2011-0188
Properly allocate memory, to prevent arbitrary code execution or application
crash. Reported by Drew Yao.
CVE-2011-2686
Reinitialize the random seed when forking to prevent CVE-2003-0900 like
situations.
CVE-2011-2705
Modify PRNG state to prevent random number sequence repeatation at forked
child process which has same pid. Reported by Eric Wong.
CVE-2011-4815
Fix a problem with predictable hash collisions resulting in denial of service
(CPU consumption) attacks. Reported by Alexander Klink and Julian Waelde.
CVE-2014-8080
Fix REXML parser to prevent memory consumption denial of service via crafted
XML documents. Reported by Willis Vandevanter.
CVE-2014-8090
Add REXML::Document#document to complement the fix for CVE-2014-8080.
Reported by Tomas Hoger.
Attachment:
signature.asc
Description: This is a digitally signed message part.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | amd64 | libruby1.8-dbg | < 1.8.7.302-2squeeze3 | libruby1.8-dbg_1.8.7.302-2squeeze3_amd64.deb |
Debian | 6 | i386 | libruby1.8-dbg | < 1.8.7.302-2squeeze3 | libruby1.8-dbg_1.8.7.302-2squeeze3_i386.deb |
Debian | 6 | all | ri1.8 | < 1.8.7.302-2squeeze3 | ri1.8_1.8.7.302-2squeeze3_all.deb |
Debian | 6 | all | ruby1.8-examples | < 1.8.7.302-2squeeze3 | ruby1.8-examples_1.8.7.302-2squeeze3_all.deb |
Debian | 6 | i386 | libruby1.8 | < 1.8.7.302-2squeeze3 | libruby1.8_1.8.7.302-2squeeze3_i386.deb |
Debian | 6 | all | ruby1.8 | < 1.8.7.302-2squeeze3 | ruby1.8_1.8.7.302-2squeeze3_all.deb |
Debian | 6 | i386 | libtcltk-ruby1.8 | < 1.8.7.302-2squeeze3 | libtcltk-ruby1.8_1.8.7.302-2squeeze3_i386.deb |
Debian | 6 | all | ruby1.8-elisp | < 1.8.7.302-2squeeze3 | ruby1.8-elisp_1.8.7.302-2squeeze3_all.deb |
Debian | 6 | amd64 | ruby1.8 | < 1.8.7.302-2squeeze3 | ruby1.8_1.8.7.302-2squeeze3_amd64.deb |
Debian | 6 | amd64 | libtcltk-ruby1.8 | < 1.8.7.302-2squeeze3 | libtcltk-ruby1.8_1.8.7.302-2squeeze3_amd64.deb |