logo
DATABASE RESOURCES PRICING ABOUT US

ruby1.9.1 - security update

Description

Two vulnerabilities were identified in the Ruby language interpreter, version 1.9.1. * [CVE-2012-5371](https://security-tracker.debian.org/tracker/CVE-2012-5371) Jean-Philippe Aumasson identified that Ruby computed hash values without properly restricting the ability to trigger hash collisions predictably, allowing context-dependent attackers to cause a denial of service (CPU consumption). This is a different vulnerability than [CVE-2011-4815](https://security-tracker.debian.org/tracker/CVE-2011-4815). * [CVE-2013-0269](https://security-tracker.debian.org/tracker/CVE-2013-0269) Thomas Hollstegge and Ben Murphy found that the JSON gem for Ruby allowed remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects. For the squeeze distribution, theses vulnerabilities have been fixed in version 1.9.2.0-2+deb6u5 of ruby1.9.1. We recommend that you upgrade your ruby1.9.1 package.


Affected Software


CPE Name Name Version
ruby1.9.1 1.9.2.0-2+armhf
ruby1.9.1 1.9.2.0-2

Related