CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
AI Score
Confidence
High
EPSS
Percentile
95.6%
Package : ruby1.8
Version : 1.8.7.302-2squeeze3
CVE ID : CVE-2011-0188 CVE-2011-2686 CVE-2011-2705 CVE-2011-4815
CVE-2014-8080 CVE-2014-8090
This update fixes multiple local and remote denial of service and remote code
execute problems:
CVE-2011-0188
Properly allocate memory, to prevent arbitrary code execution or application
crash. Reported by Drew Yao.
CVE-2011-2686
Reinitialize the random seed when forking to prevent CVE-2003-0900 like
situations.
CVE-2011-2705
Modify PRNG state to prevent random number sequence repeatation at forked
child process which has same pid. Reported by Eric Wong.
CVE-2011-4815
Fix a problem with predictable hash collisions resulting in denial of service
(CPU consumption) attacks. Reported by Alexander Klink and Julian Waelde.
CVE-2014-8080
Fix REXML parser to prevent memory consumption denial of service via crafted
XML documents. Reported by Willis Vandevanter.
CVE-2014-8090
Add REXML::Document#document to complement the fix for CVE-2014-8080.
Reported by Tomas Hoger.
Attachment:
signature.asc
Description: This is a digitally signed message part.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | all | ruby1.8 | < 1.8.7.358-7.1+deb7u2 | ruby1.8_1.8.7.358-7.1+deb7u2_all.deb |
Debian | 7 | amd64 | libruby1.9.1 | < 1.9.3.194-8.1+deb7u3 | libruby1.9.1_1.9.3.194-8.1+deb7u3_amd64.deb |
Debian | 6 | amd64 | libruby1.9.1-dbg | < 1.9.2.0-2+deb6u3 | libruby1.9.1-dbg_1.9.2.0-2+deb6u3_amd64.deb |
Debian | 7 | kfreebsd-i386 | libruby1.8-dbg | < 1.8.7.358-7.1+deb7u2 | libruby1.8-dbg_1.8.7.358-7.1+deb7u2_kfreebsd-i386.deb |
Debian | 7 | sparc | libtcltk-ruby1.8 | < 1.8.7.358-7.1+deb7u2 | libtcltk-ruby1.8_1.8.7.358-7.1+deb7u2_sparc.deb |
Debian | 6 | amd64 | libruby1.8 | < 1.8.7.302-2squeeze3 | libruby1.8_1.8.7.302-2squeeze3_amd64.deb |
Debian | 7 | s390x | libruby1.9.1 | < 1.9.3.194-8.1+deb7u3 | libruby1.9.1_1.9.3.194-8.1+deb7u3_s390x.deb |
Debian | 7 | s390x | libruby1.8 | < 1.8.7.358-7.1+deb7u2 | libruby1.8_1.8.7.358-7.1+deb7u2_s390x.deb |
Debian | 6 | all | ruby1.9.1-elisp | < 1.9.2.0-2+deb6u3 | ruby1.9.1-elisp_1.9.2.0-2+deb6u3_all.deb |
Debian | 6 | amd64 | libruby1.8-dbg | < 1.8.7.302-2squeeze3 | libruby1.8-dbg_1.8.7.302-2squeeze3_amd64.deb |