1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2810-1] ruby1.9.1 security update

    From Salvatore Bonaccorso@1:229/2 to All on Wed Dec 4 23:40:02 2013
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2810-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 04, 2013 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : ruby1.9.1
    Vulnerability : heap overflow
    Problem type : remote
    Debian-specific: no
    CVE ID : CVE-2013-4164
    Debian Bug : 730178

    Charlie Somerville discovered that Ruby incorrectly handled floating
    point number conversion. If an application using Ruby accepted untrusted
    input strings and converted them to floating point numbers, an attacker
    able to provide such input could cause the application to crash or,
    possibly, execute arbitrary code with the privileges of the application.

    For the oldstable distribution (squeeze), this problem has been fixed in version 1.9.2.0-2+deb6u2.

    For the stable distribution (wheezy), this problem has been fixed in
    version 1.9.3.194-8.1+deb7u2.

    For the unstable distribution (sid), this problem has been fixed in
    version 1.9.3.484-1.

    We recommend that you upgrade your ruby1.9.1 packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.15 (GNU/Linux)

    iQIcBAEBCgAGBQJSn6paAAoJEAVMuPMTQ89EppAP/3gJqyFH2O8X54DRK9kWPegb Y02HT+HhDvCIxTRsMZFndelL2Q5ATvajMfygBxIGhp/Um72uoS6SvSX1qsB2KM+o wWG2L/NeuV9x2QlJIoMpAC1BFSMHSUz+s1/DypkaoXyM0NaczLHxqOBHTc8OcGM5 8o+TfalFNBvwiJB9JpSqODMZqRVJwLISHtm8d5PTIqwJ+s4NRq9q+URZzWLArSmI bne2ZX/I7ZJF5bljMfS2DybSZiGd0EOY7j1Wh9FMQOBFWcaGC7LtAKL/GixHs6aq 2ac0sWFd0osQdMlmQ4raTkeP9wqmxxA6r8t1IGvBQskn0wpwP49PA3ZbsWWW7M3F qwnIuRen+Qqpr5K0rcmB4NUmTSbC9CRYeRVlgulJHOQk3H+RDOCMtyr61Pb4yA0+ U9Cb6iytERXqz6gXve4CNX8HgojTj8UF+RwELmh6c8oOp4bawvW/43iZDjkyyPyL EE7rXAraEaHGa94kkfPO0ijLQB9jcPJOECatNtj62FYEgmAIDxBNnEfWxGgXFC1p jxvUmLbliVMQ7RnWDkrtthnm/7zS9iHZ9/JAhVbKwITxlCvZGjG84Iaofb5UW+wR nZw5lL6YydwrXPJoj0ZpWrPobMSZ/aATp0kiS5IJdLTwyZqoapVRXCZHhOmbyeh4 J2FfysOY3Wmx7cLiM6Bb
    =5fWg
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)