Ruby: Denial of service — GLSA 201412-27

Multiple vulnerabilities have been found in Ruby, allowing context-dependent attackers to cause a Denial of Service condition.

Affected packages

dev-lang/ruby on all architectures
Affected versions < 2.0.0_p598
Unaffected versions revision >= 1.9.3_p551
>= 2.0.0_p598

Background

Ruby is an object-oriented scripting language.

Description

Multiple vulnerabilities have been discovered in Ruby. Please review the CVE identifiers referenced below for details.

Impact

A context-dependent attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or bypass security restrictions.

Workaround

There is no known workaround at this time.

Resolution

All Ruby 1.9 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.9.3_p551"
 

All Ruby 2.0 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-lang/ruby-2.0.0_p598"
 

References

Release date
December 13, 2014

Latest revision
December 13, 2014: 1

Severity
normal

Exploitable
local, remote

Bugzilla entries