Lucene search
GoogleOSV:DSA-3157-1HistoryFeb 09, 2015 - 12:00 a.m.
ruby1.9.1 - security update
2015-02-0900:00:00
Google
osv.dev
13
0.13 Low
EPSS
Percentile
95.6%
Multiple vulnerabilities were discovered in the interpreter for the Ruby
language:
- CVE-2014-4975
The encodes() function in pack.c had an off-by-one error that could
lead to a stack-based buffer overflow. This could allow remote
attackers to cause a denial of service (crash) or arbitrary code
execution. - CVE-2014-8080,
CVE-2014-8090
The REXML parser could be coerced into allocating large string
objects that could consume all available memory on the system. This
could allow remote attackers to cause a denial of service (crash).
For the stable distribution (wheezy), these problems have been fixed in
version 1.9.3.194-8.1+deb7u3.
For the upcoming stable distribution (jessie), these problems have been
fixed in version 2.1.5-1 of the ruby2.1 source package.
For the unstable distribution (sid), these problems have been fixed in
version 2.1.5-1 of the ruby2.1 source package.
We recommend that you upgrade your ruby1.9.1 packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ruby1.9.1 | eq | 1.9.3.194-8.1 | |
| ruby1.9.1 | eq | 1.9.3.194-8.1+deb7u1 | |
| ruby1.9.1 | eq | 1.9.3.194-8.1+deb7u2 |
References
Related
oraclelinux
oraclelinux
ruby security update
2014-11-26 00:00:00
ruby193-ruby security update
2016-02-04 00:00:00
ruby security update
2014-11-26 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-200-1)
2023-03-08 00:00:00
Mageia: Security Advisory (MGASA-2014-0472)
2022-01-28 00:00:00
Oracle: Security Advisory (ELSA-2014-1913)
2016-02-05 00:00:00
mageia
mageia
Updated ruby packages fix security vulnerabilities
2014-11-21 15:44:16
Updated ruby packages fix CVE-2014-8080
2014-11-14 03:57:44
redhat
redhat
(RHSA-2014:1914) Moderate: ruby200-ruby security update
2014-11-26 00:00:00
(RHSA-2014:1912) Moderate: ruby security update
2014-11-26 00:00:00
(RHSA-2014:1913) Moderate: ruby193-ruby security update
2014-11-26 00:00:00
nessus
nessus
Debian DLA-200-1 : ruby1.9.1 security update
2015-04-16 00:00:00
Debian DSA-3157-1 : ruby1.9.1 - security update
2015-02-10 00:00:00
RHEL 7 : ruby (RHSA-2014:1912)
2014-11-27 00:00:00
osv
osv
ruby1.9.1 - security update
2015-04-15 00:00:00
ruby1.8 - security update
2015-02-10 00:00:00
ruby1.8 - security update
2014-11-21 00:00:00
centos
centos
ruby, rubygem, rubygems security update
2014-12-01 13:45:48
ruby security update
2014-12-01 12:57:41
debian
debian
[SECURITY] [DSA 3157-1] ruby1.9.1 security update
2015-02-09 17:10:22
[SECURITY] [DLA 200-1] ruby1.9.1 security update
2015-04-15 18:17:59
[SECURITY] [DSA 3159-1] ruby1.8 security update
2015-02-10 17:49:21
securityvulns
securityvulns
Ruby DoS
2014-11-24 00:00:00
[USN-2412-1] Ruby vulnerability
2014-11-24 00:00:00
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
2015-10-05 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: ruby-2.1.4-24.fc21
2014-11-10 06:32:27
amazon
amazon
ubuntu
ubuntu
Ruby vulnerabilities
2014-11-04 00:00:00
Ruby vulnerability
2014-11-20 00:00:00
nvd
nvd
cve
cve
ubuntucve
ubuntucve
cvelist
cvelist
prion
prion
Design/Logic Flaw
2014-11-21 15:59:00
Design/Logic Flaw
2014-11-03 16:55:00
Stack overflow
2014-11-15 20:59:00
rubygems
rubygems
CVE-2014-8090 ruby: REXML incomplete fix for CVE-2014-8080
2014-11-12 21:00:00
veracode
veracode
XML Entity Expansion (XEE)
2019-01-15 09:03:29
XML Entity Expansion (XEE)
2019-05-02 05:05:32
Denial Of Service (DoS)
2019-01-15 09:03:14
archlinux
archlinux
ruby: denial of service
2014-11-17 00:00:00
gentoo
gentoo
Ruby: Denial of service
2014-12-13 00:00:00
suse
suse
Security update for ruby2.1 (important)
2017-04-28 18:11:28
Security update for ruby2.1 (important)
2017-04-20 12:08:57