drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in Ruby
| Name: |
Pufferüberlauf in Ruby |
|
| ID: |
MDVSA-2013:286 |
|
| Distribution: |
Mandriva |
|
| Plattformen: |
Mandriva Enterprise Server 5.0, Mandriva Business Server 1.0 |
|
| Datum: |
Mi, 27. November 2013, 07:37 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164 |
|
| Applikationen: |
Ruby |
|
Originalnachricht |
This is a multi-part message in MIME format...
------------=_1385470102-2618-44
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:286
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : ruby
Date : November 26, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability was found and corrected in ruby:
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0
before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision
43780 allows context-dependent attackers to cause a denial of service
(segmentation fault) and possibly execute arbitrary code via a string
that is converted to a floating point value, as demonstrated using
(1) the to_f method or (2) JSON.parse (CVE-2013-4164).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
1294917053856fc539899d0b44ad0dbc
mes5/i586/ruby-1.8.7-7p72.7mdvmes5.2.i586.rpm
3f2db72bc1631e542779316343e966c4
mes5/i586/ruby-devel-1.8.7-7p72.7mdvmes5.2.i586.rpm
39cfc6c4609fcc57176672475790b32b
mes5/i586/ruby-doc-1.8.7-7p72.7mdvmes5.2.i586.rpm
0ec33b39a54d3bdf697f45da9f89e47a
mes5/i586/ruby-tk-1.8.7-7p72.7mdvmes5.2.i586.rpm
fd07a01ddd78a658dfc153a62031321f
mes5/SRPMS/ruby-1.8.7-7p72.7mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
a931882acf32d122e07627496390d938
mes5/x86_64/ruby-1.8.7-7p72.7mdvmes5.2.x86_64.rpm
b501426a2e620f092bbb599859250cbe
mes5/x86_64/ruby-devel-1.8.7-7p72.7mdvmes5.2.x86_64.rpm
ff3c3946cadf9572f9a9156ce1acc4d1
mes5/x86_64/ruby-doc-1.8.7-7p72.7mdvmes5.2.x86_64.rpm
7e11dfe3289d721f58692552d2dffe92
mes5/x86_64/ruby-tk-1.8.7-7p72.7mdvmes5.2.x86_64.rpm
fd07a01ddd78a658dfc153a62031321f
mes5/SRPMS/ruby-1.8.7-7p72.7mdvmes5.2.src.rpm
Mandriva Business Server 1/X86_64:
19f50bdda7f4d5298aad37fffcc161d2
mbs1/x86_64/ruby-1.8.7.p358-2.3.mbs1.x86_64.rpm
cb212eb9e77942130daa03bd00129647
mbs1/x86_64/ruby-devel-1.8.7.p358-2.3.mbs1.x86_64.rpm
61727a178644e24a90893fd521beaf26
mbs1/x86_64/ruby-doc-1.8.7.p358-2.3.mbs1.noarch.rpm
7c7c74b929d64434f5fac3e9a6a16eac
mbs1/x86_64/ruby-tk-1.8.7.p358-2.3.mbs1.x86_64.rpm
3b57d1f0167760c15f5a2b7187f9301b mbs1/SRPMS/ruby-1.8.7.p358-2.3.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFSlGwWmqjQ0CJFipgRAro6AKDxx5aol75oiREPEvp6GwJOdrHV4ACdEiEp
IDtHqkEQ0Csfty0PsqPR7Xg=
=XUfQ
-----END PGP SIGNATURE-----
------------=_1385470102-2618-44
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit
To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________
------------=_1385470102-2618-44--
|
|
|
|
