Headline
CVE-2016-2338: [SECURITY] [DLA 2158-1] ruby2.1 security update
An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer “head” allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow.
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]
- To: [email protected]
- Subject: [SECURITY] [DLA 2158-1] ruby2.1 security update
- From: Abhijith PA <[email protected]>
- Date: Wed, 25 Mar 2020 18:52:09 +0530
- Message-id: <[🔎] [email protected]>
- Mail-followup-to: [email protected]
- Reply-to: [email protected]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Package : ruby2.1 Version : 2.1.5-2+deb8u9 CVE ID : CVE-2016-2338
An exploitable heap overflow vulnerability exists in the Psych::Emitter startdocument function of Ruby. In Psych::Emitter startdocument function heap buffer “head” allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow
For Debian 8 "Jessie", this problem has been fixed in version 2.1.5-2+deb8u9.
We recommend that you upgrade your ruby2.1 packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl57WvoACgkQhj1N8u2c KO+V8xAAiB/hoW3mVneUuakeHhQ2RsSjMSHKGSgqR2BToppkp1KEtKFAVCMfxUAE aF+7vqx4kVyexGAOJqW52e61uQL6hYh7VrpAfpZXcTV9Fwfb9qLp78d2c3dHYU9z xMQJDv5ioMYJtBLnjyNll0sSOvv3HcrLTyvakBv+VcWCPKzCklX5eN7OCojyiAZO Ze0xrEyh/G2IBQ/ugYRkCMTciHdD8C5hs+JtrT0O+7hn3v15MRIIrMwqiVOle0+H YjqIZSsDB6QI7A57x4c01ju+oRr8YSP99ST/gB5zALKAd08O5itfR70fURvtCNHL RFGBEtWum47vJg3/F/oUzbQkU+pE7KknOvMzQetX7I3PvTFpF+uzMeKJhnu9hYAX jmSj/nlf26if27/kACO11tb7HH9MnCrwBuG5JanWjiJ04dNuo+Ov+KZS89JV+N+W 42arwO893uuIzI/bEQfcfJ4QKzYB5HkKyS3UHIH8yE72EULMymhs6VaLg3AeNtC9 aSrBMSTyzgPEJ03h8sQ4hJ00pCyYtnYeH/WZwT1Sxet05X+rLKZ8XL3M4OC+Ttja vZV7/8oFIRJnHPtkwbDhHaN8QbdcRbxhaU0DqM+CfJuHb2+mOAxMsXej1baQ0P0c KWKLzIEeAYFgpLuHDJ1/E2MftatkwCIfBHaDfTadhK6JYr1wzOM= =0HFa -----END PGP SIGNATURE-----
Reply to:
Abhijith PA (on-list)
Abhijith PA (off-list)
Prev by Date: [SECURITY] [DLA 2157-1] weechat security update
Next by Date: [SECURITY] [DLA 2159-1] okular security update
Previous by thread: [SECURITY] [DLA 2157-1] weechat security update
Next by thread: [SECURITY] [DLA 2159-1] okular security update
Index(es):
- Date
- Thread