DLA 2158-1: ruby2.1 security update

Debian 9909 Published by

A ruby2.1 security update has been released for Debian GNU/Linux 8 LTS to address a heap overflow vulnerability in the Psych::Emitter startdocument function of Ruby.



Package : ruby2.1
Version : 2.1.5-2+deb8u9
CVE ID : CVE-2016-2338

An exploitable heap overflow vulnerability exists in the
Psych::Emitter startdocument function of Ruby. In Psych::Emitter
startdocument function heap buffer "head" allocation is made based on
tags array length. Specially constructed object passed as element of
tags array can increase this array size after mentioned allocation and
cause heap overflow

For Debian 8 "Jessie", this problem has been fixed in version
2.1.5-2+deb8u9.

We recommend that you upgrade your ruby2.1 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at:   https://wiki.debian.org/LTS

GLSA 202003-52 : Samba: Multiple vulnerabilities

ELSA-2020-0913 Important: Oracle Linux 7 libvncserver security update

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...