DSA-1695-1 ruby1.8, ruby1.9 -- memory leakID: oval:org.secpod.oval:def:600300 | Date: (C)2011-05-13 (M)2022-10-10 |
Class: PATCH | Family: unix |
The regular expression engine of Ruby, a scripting language, contains a memory leak which can be triggered remotely under certain circumstances, leading to a denial of service condition . In addition, this security update addresses a regression in the REXML XML parser of the ruby1.8 package; the regression was introduced in DSA-1651-1. For the stable distribution , this problem has been fixed in version 1.8.5-4etch4 of the ruby1.8 package, and version 1.9.0+20060609-1etch4 of the ruby1.9 package. For the unstable distribution , this problem has been fixed in version 1.8.7.72-1 of the ruby1.8 package. The ruby1.9 package will be fixed soon. We recommend that you upgrade your Ruby packages.