MDVSA-2013:286 -- Mandriva rubyID: oval:org.secpod.oval:def:1300254 | Date: (C)2013-12-09 (M)2022-10-10 |
Class: PATCH | Family: unix |
A vulnerability was found and corrected in ruby: Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using the to_f method or JSON.parse . The updated packages have been patched to correct these issues.
Platform: |
Mandriva Enterprise Server 5.2 |