Oval Definition:oval:org.mitre.oval:def:21247
Revision Date:2014-02-17Version:12
Title:RHSA-2013:1764: ruby security update (Critical)
Description:Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CESA-2013:1764
CVE-2013-4164
RHSA-2013:1764-00
Platform(s):CentOS Linux 6
Red Hat Enterprise Linux 6
Product(s):ruby
Definition Synopsis
  • Redhat 6 or Centos 6 release
  • The operating system installed on the system is Red Hat Enterprise Linux 6
  • OR The operating system installed on the system is CentOS Linux 6.x
  • AND Packages section
  • ruby-tcltk is earlier than 0:1.8.7.352-13.el6
  • OR ruby-static is earlier than 0:1.8.7.352-13.el6
  • OR ruby-rdoc is earlier than 0:1.8.7.352-13.el6
  • OR ruby-ri is earlier than 0:1.8.7.352-13.el6
  • OR ruby-irb is earlier than 0:1.8.7.352-13.el6
  • OR ruby-devel is earlier than 0:1.8.7.352-13.el6
  • OR ruby-libs is earlier than 0:1.8.7.352-13.el6
  • OR ruby-docs is earlier than 0:1.8.7.352-13.el6
  • OR ruby is earlier than 0:1.8.7.352-13.el6
    • BACK