Security update for ruby2.2, ruby2.3 (important)

2017-04-05T15:08:17
ID OPENSUSE-SU-2017:0933-1
Type suse
Reporter Suse
Modified 2017-04-05T15:08:17

Description

This update for ruby2.2, ruby2.3 fixes the following issues:

Security issues fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new"initialize" (boo#1018808) - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (boo#959495)

Detailed ChangeLog: - <a rel="nofollow" href="http://svn.ruby-lang.org/repos/ruby/tags/v2_2_6/ChangeLog">http://svn.ruby-lang.org/repos/ruby/tags/v2_2_6/ChangeLog</a> - <a rel="nofollow" href="http://svn.ruby-lang.org/repos/ruby/tags/v2_3_3/ChangeLog">http://svn.ruby-lang.org/repos/ruby/tags/v2_3_3/ChangeLog</a>