Advisories » MGASA-2018-0491

Updated ruby-i18n packages fix security vulnerability

Publication date: 28 Dec 2018
Modification date: 28 Dec 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2014-10077

Description

A flaw was found in the i18n gem before 0.8.0 for Ruby. The Hash#slice
in lib/i18n/core_ext/hash.rb allows remote attackers to cause a denial
of service (application crash) via a call in a situation where :some_key
is present in keep_keys but not present in the hash (CVE-2014-10077).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=24057
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PI2JAP4MREQEIWMTIONOLWSYZIWZ3AAL/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10077

SRPMS

6/core

• ruby-i18n-0.7.0-1.1.mga6