logo
DATABASE RESOURCES PRICING ABOUT US

ruby2.1 - security update

Description

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.1 has an unsafe object creation vulnerability. This is quite similar to [CVE-2013-0269](https://security-tracker.debian.org/tracker/CVE-2013-0269), but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. For Debian 8 Jessie, this problem has been fixed in version 2.1.5-2+deb8u10. We recommend that you upgrade your ruby2.1 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: <https://wiki.debian.org/LTS>


Affected Software


CPE Name Name Version
ruby2.1 2.1.5-2+deb8u3
ruby2.1 2.1.5-2+deb8u4
ruby2.1 2.1.5-2+deb8u2
ruby2.1 2.1.5-2+deb8u8
ruby2.1 2.1.5-2+deb8u7
ruby2.1 2.1.5-2+deb8u1
ruby2.1 2.1.5-2+deb8u5
ruby2.1 2.1.5-2+deb8u6
ruby2.1 2.1.5-2
ruby2.1 2.1.5-2+deb8u9

Related