Oval Definition:oval:org.mitre.oval:def:21762
Revision Date:2014-05-26Version:36
Title:ELSA-2008:0561: ruby security update (Moderate)
Description:Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2008-2376
CVE-2008-2662
CVE-2008-2663
CVE-2008-2664
CVE-2008-2725
CVE-2008-2726
ELSA-2008:0561-01
Platform(s):Oracle Linux 5
Product(s):ruby
Definition Synopsis
  • Oracle Linux 5.x
  • AND rpm test
  • ruby-docs is earlier than 0:1.8.5-5.el5_2.3
  • OR ruby-ri is earlier than 0:1.8.5-5.el5_2.3
  • OR ruby-mode is earlier than 0:1.8.5-5.el5_2.3
  • OR ruby-libs is earlier than 0:1.8.5-5.el5_2.3
  • OR ruby-tcltk is earlier than 0:1.8.5-5.el5_2.3
  • OR ruby-irb is earlier than 0:1.8.5-5.el5_2.3
  • OR ruby-rdoc is earlier than 0:1.8.5-5.el5_2.3
  • OR ruby is earlier than 0:1.8.5-5.el5_2.3
  • OR ruby-devel is earlier than 0:1.8.5-5.el5_2.3
  • BACK