Debian DLA-209-1 : jruby security update

JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table. Note: This update includes...

[oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision

2012-001 multiple implementations denial-of-service via MurmurHash algorithm collision Description: A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting...

CVE-2012-5370

JRuby before 1.6.5.1 is vulnerable to a denial-of-service due to hash-collision attacks in hash table implementations. The root cause is insufficient randomization/restriction of hash collisions, allowing crafted input to trigger CPU consumption. Remediation: upgrade to JRuby 1.6.5.1 or newer (as...

CVE-2012-5370 jruby: Murmur hash function collisions (oCERT-2012-001)

JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table, as demonstrated by a universal...