Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 536362 - <dev-lang/ruby-{2.0.0_p598, 2.1.5, 2.2.0}: Buffer overflow vulnerability (CVE-2014-{3916,4975})
Summary: <dev-lang/ruby-{2.0.0_p598, 2.1.5, 2.2.0}: Buffer overflow vulnerability (CVE...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on: ruby19-removal
Blocks:
  Show dependency tree
 
Reported: 2015-01-11 20:55 UTC by GLSAMaker/CVETool Bot
Modified: 2016-11-26 00:34 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2015-01-11 20:55:56 UTC
CVE-2014-4975 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4975):
  Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and
  earlier, and 2.x through 2.1.2, when using certain format string specifiers,
  allows context-dependent attackers to cause a denial of service
  (segmentation fault) via vectors that trigger a stack-based buffer overflow.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2015-01-11 20:58:02 UTC
CVE-2014-3916 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3916):
  The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows
  context-dependent attackers to cause a denial of service (segmentation fault
  and crash) via a long string.
Comment 2 Hans de Graaff gentoo-dev Security 2015-01-18 10:47:48 UTC
CVE-2014-4975  https://bugs.ruby-lang.org/issues/10019

As far as I can tell CVE-2014-4975 was fixed upstream for the 2.1 and 2.2 series only. Both 2.1.5 and 2.2.0 in tree are fixed.

ruby-1.9.3_p551 and ruby-2.2.0_p598 do not have upstream fixes at the moment. I would expect only 2.2.0 to receive fixes, since 1.9.3 will be deprecated shortly.
Comment 3 Hans de Graaff gentoo-dev Security 2015-01-18 10:51:04 UTC
CVE-2014-3916  https://bugs.ruby-lang.org/issues/9709

This is fixed in the 2.0, 2.1, and 2.2 series. 2.0.0_p598, 2.1.5, and 2.2.0 in tree are all fixed.

ruby-1.9.3_p551 is still vulnerable but will be deprecated by upstream shortly.
Comment 4 Hans de Graaff gentoo-dev Security 2015-10-11 13:54:35 UTC
ruby 1.9 is now masked for removal so we no longer have any vulnerable versions in the tree.
Comment 5 Aaron Bauman (RETIRED) gentoo-dev 2016-11-26 00:34:07 UTC
GLSA Vote: No