(RHSA-2013:1767) Critical: ruby security update

2013-11-26T05:00:00
ID RHSA-2013:1767
Type redhat
Reporter RedHat
Modified 2015-04-24T14:20:16

Description

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2013-4164)

All ruby users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.