Advisories » MGASA-2016-0007

Updated ruby packages fix security vulnerability

Publication date: 12 Jan 2016
Modification date: 12 Jan 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-7551

Description

There is an unsafe tainted string vulnerability in Fiddle and DL. This
issue was originally reported and fixed with CVE-2009-5147 in DL, but
reappeared after DL was reimplemented using Fiddle and libffi
(CVE-2015-7551).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17351
• https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/
• https://www.ruby-lang.org/en/news/2015/12/16/ruby-2-0-0-p648-released/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7551

SRPMS

5/core

• ruby-2.0.0.p648-1.mga5