Arch Linux Security Advisory ASA-201512-11 ==========================================
Severity: Low Date : 2015-12-17 CVE-ID : CVE-2015-7551 Package : ruby Type : unsafe tainted string usage Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package ruby before version 2.2.4-1 is vulnerable to unsafe tainted string usage. Resolution ========== Upgrade to 2.2.4-1. # pacman -Syu "ruby>=2.2.4-1" The problem has been fixed upstream in version 2.2.4. Workaround ========== None. Description =========== There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL was reimplemented using Fiddle and libffi. Impact ====== A remote attacker is able to open a library via Fiddle with tainted library name if passed from an untrusted input. References ========== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7551 https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/
signature.asc
Description: OpenPGP digital signature
