VAR-201311-0106
Vulnerability from variot - Updated: 2026-03-09 20:00Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse. Ruby is prone to a heap-based buffer overflow vulnerability because it fails to adequate boundary checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of the application using the affected function. Failed exploit attempts will likely crash the application. Following versions are vulnerable: Ruby 1.8 Ruby 1.9 prior to 1.9.3-p484 Ruby 2.0 prior to 2.0.0-p353 Ruby 2.1 prior to 2.1.0 preview2.
For the oldstable distribution (squeeze), this problem has been fixed in version 1.9.2.0-2+deb6u2.
For the stable distribution (wheezy), this problem has been fixed in version 1.9.3.194-8.1+deb7u2.
For the unstable distribution (sid), this problem has been fixed in version 1.9.3.484-1.
We recommend that you upgrade your ruby1.9.1 packages. ========================================================================== Ubuntu Security Notice USN-2035-1 November 27, 2013
ruby1.8, ruby1.9.1 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Ruby. (CVE-2013-4164)
Vit Ondruch discovered that Ruby did not perform taint checking for certain functions. An attacker could possibly use this issue to bypass certain intended restrictions. (CVE-2013-2065)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 13.10: libruby1.8 1.8.7.358-7ubuntu2.1 libruby1.9.1 1.9.3.194-8.1ubuntu2.1 ruby1.8 1.8.7.358-7ubuntu2.1 ruby1.9.1 1.9.3.194-8.1ubuntu2.1
Ubuntu 13.04: libruby1.8 1.8.7.358-7ubuntu1.2 libruby1.9.1 1.9.3.194-8.1ubuntu1.2 ruby1.8 1.8.7.358-7ubuntu1.2 ruby1.9.1 1.9.3.194-8.1ubuntu1.2
Ubuntu 12.10: libruby1.8 1.8.7.358-4ubuntu0.4 libruby1.9.1 1.9.3.194-1ubuntu1.6 ruby1.8 1.8.7.358-4ubuntu0.4 ruby1.9.1 1.9.3.194-1ubuntu1.6
Ubuntu 12.04 LTS: libruby1.8 1.8.7.352-2ubuntu1.4 libruby1.9.1 1.9.3.0-1ubuntu2.8 ruby1.8 1.8.7.352-2ubuntu1.4 ruby1.9.1 1.9.3.0-1ubuntu2.8
In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-27
http://security.gentoo.org/
Severity: Normal Title: Ruby: Denial of Service Date: December 13, 2014 Bugs: #355439, #369141, #396301, #437366, #442580, #458776, #492282, #527084, #529216 ID: 201412-27
Synopsis
Multiple vulnerabilities have been found in Ruby, allowing context-dependent attackers to cause a Denial of Service condition.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-lang/ruby < 2.0.0_p598 *>= 1.9.3_p551 >= 2.0.0_p598
Description
Multiple vulnerabilities have been discovered in Ruby. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Ruby 1.9 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.9.3_p551"
All Ruby 2.0 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/ruby-2.0.0_p598"
References
[ 1 ] CVE-2011-0188 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0188 [ 2 ] CVE-2011-1004 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1004 [ 3 ] CVE-2011-1005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1005 [ 4 ] CVE-2011-4815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4815 [ 5 ] CVE-2012-4481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4481 [ 6 ] CVE-2012-5371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5371 [ 7 ] CVE-2013-0269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0269 [ 8 ] CVE-2013-1821 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1821 [ 9 ] CVE-2013-4164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4164 [ 10 ] CVE-2014-8080 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8080 [ 11 ] CVE-2014-8090 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8090
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-27.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ruby-1.9.3_p484-i486-1_slack14.1.txz: Upgraded. For more information, see: https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ruby-1.9.3_p484-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ruby-1.9.3_p484-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ruby-1.9.3_p484-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ruby-1.9.3_p484-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ruby-1.9.3_p484-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ruby-1.9.3_p484-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ruby-1.9.3_p484-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ruby-1.9.3_p484-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/ruby-1.9.3_p484-i486-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/ruby-1.9.3_p484-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.1 package: a9c7fc1b752d9dbebf729639768f0ff9 ruby-1.9.3_p484-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: b78129d604ac455d1b28d54f28c2742a ruby-1.9.3_p484-x86_64-1_slack13.1.txz
Slackware 13.37 package: b195b07dff2bea6a3c4ad26686ed2bfe ruby-1.9.3_p484-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: a24d37e579ec1756896fabe5c158a83a ruby-1.9.3_p484-x86_64-1_slack13.37.txz
Slackware 14.0 package: 334fab8b88a0474b7ddd551c3f945492 ruby-1.9.3_p484-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: ad5cc7610fd06dae0bcae1b89c8b9659 ruby-1.9.3_p484-x86_64-1_slack14.0.txz
Slackware 14.1 package: 74555154cbd4bac223f6121f30821f1f ruby-1.9.3_p484-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 172e5c26ed18318e28668820e36ac0a0 ruby-1.9.3_p484-x86_64-1_slack14.1.txz
Slackware -current package: b865aec63c8a52ad041ea3d7b6febfda d/ruby-1.9.3_p484-i486-1.txz
Slackware x86_64 -current package: 9ddaa67e1d06d2d37eda294b749ff91d d/ruby-1.9.3_p484-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg ruby-1.9.3_p484-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: ruby security update Advisory ID: RHSA-2013:1764-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1764.html Issue date: 2013-11-25 CVE Names: CVE-2013-4164 =====================================================================
- Summary:
Updated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. (CVE-2013-4164)
All ruby users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1033460 - CVE-2013-4164 ruby: heap overflow in floating point parsing
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm
i386: ruby-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-irb-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-rdoc-1.8.7.352-13.el6.i686.rpm
x86_64: ruby-1.8.7.352-13.el6.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.x86_64.rpm ruby-irb-1.8.7.352-13.el6.x86_64.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm
i386: ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-docs-1.8.7.352-13.el6.i686.rpm ruby-ri-1.8.7.352-13.el6.i686.rpm ruby-static-1.8.7.352-13.el6.i686.rpm ruby-tcltk-1.8.7.352-13.el6.i686.rpm
x86_64: ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-docs-1.8.7.352-13.el6.x86_64.rpm ruby-ri-1.8.7.352-13.el6.x86_64.rpm ruby-static-1.8.7.352-13.el6.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm
x86_64: ruby-1.8.7.352-13.el6.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.x86_64.rpm ruby-irb-1.8.7.352-13.el6.x86_64.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm
x86_64: ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-docs-1.8.7.352-13.el6.x86_64.rpm ruby-ri-1.8.7.352-13.el6.x86_64.rpm ruby-static-1.8.7.352-13.el6.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm
i386: ruby-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-irb-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-rdoc-1.8.7.352-13.el6.i686.rpm
ppc64: ruby-1.8.7.352-13.el6.ppc64.rpm ruby-debuginfo-1.8.7.352-13.el6.ppc.rpm ruby-debuginfo-1.8.7.352-13.el6.ppc64.rpm ruby-devel-1.8.7.352-13.el6.ppc.rpm ruby-devel-1.8.7.352-13.el6.ppc64.rpm ruby-irb-1.8.7.352-13.el6.ppc64.rpm ruby-libs-1.8.7.352-13.el6.ppc.rpm ruby-libs-1.8.7.352-13.el6.ppc64.rpm ruby-rdoc-1.8.7.352-13.el6.ppc64.rpm
s390x: ruby-1.8.7.352-13.el6.s390x.rpm ruby-debuginfo-1.8.7.352-13.el6.s390.rpm ruby-debuginfo-1.8.7.352-13.el6.s390x.rpm ruby-devel-1.8.7.352-13.el6.s390.rpm ruby-devel-1.8.7.352-13.el6.s390x.rpm ruby-irb-1.8.7.352-13.el6.s390x.rpm ruby-libs-1.8.7.352-13.el6.s390.rpm ruby-libs-1.8.7.352-13.el6.s390x.rpm ruby-rdoc-1.8.7.352-13.el6.s390x.rpm
x86_64: ruby-1.8.7.352-13.el6.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.x86_64.rpm ruby-irb-1.8.7.352-13.el6.x86_64.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm
i386: ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-docs-1.8.7.352-13.el6.i686.rpm ruby-ri-1.8.7.352-13.el6.i686.rpm ruby-static-1.8.7.352-13.el6.i686.rpm ruby-tcltk-1.8.7.352-13.el6.i686.rpm
ppc64: ruby-debuginfo-1.8.7.352-13.el6.ppc64.rpm ruby-docs-1.8.7.352-13.el6.ppc64.rpm ruby-ri-1.8.7.352-13.el6.ppc64.rpm ruby-static-1.8.7.352-13.el6.ppc64.rpm ruby-tcltk-1.8.7.352-13.el6.ppc64.rpm
s390x: ruby-debuginfo-1.8.7.352-13.el6.s390x.rpm ruby-docs-1.8.7.352-13.el6.s390x.rpm ruby-ri-1.8.7.352-13.el6.s390x.rpm ruby-static-1.8.7.352-13.el6.s390x.rpm ruby-tcltk-1.8.7.352-13.el6.s390x.rpm
x86_64: ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-docs-1.8.7.352-13.el6.x86_64.rpm ruby-ri-1.8.7.352-13.el6.x86_64.rpm ruby-static-1.8.7.352-13.el6.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm
i386: ruby-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-irb-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-rdoc-1.8.7.352-13.el6.i686.rpm
x86_64: ruby-1.8.7.352-13.el6.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.x86_64.rpm ruby-irb-1.8.7.352-13.el6.x86_64.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm
i386: ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-docs-1.8.7.352-13.el6.i686.rpm ruby-ri-1.8.7.352-13.el6.i686.rpm ruby-static-1.8.7.352-13.el6.i686.rpm ruby-tcltk-1.8.7.352-13.el6.i686.rpm
x86_64: ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-docs-1.8.7.352-13.el6.x86_64.rpm ruby-ri-1.8.7.352-13.el6.x86_64.rpm ruby-static-1.8.7.352-13.el6.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2013-4164.html https://access.redhat.com/security/updates/classification/#critical
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFSk6BNXlSAg2UNWIIRAlZiAKDAAPRSZ1H9cccz0veRzTeGoeJjcACcCB69 P78u5S2/0ZOC5eh3GKqWcx0= =VMn2 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2014-10-16-3 OS X Server v4.0
OS X Server v4.0 is now available and addresses the following:
BIND Available for: OS X Yosemite v10.10 or later Impact: Multiple vulnerabilities in BIND, the most serious of which may lead to a denial of service Description: Multiple vulnerabilities existed in BIND. These issues were addressed by updating BIND to version 9.9.2-P2 CVE-ID CVE-2013-3919 CVE-2013-4854 CVE-2014-0591
CoreCollaboration Available for: OS X Yosemite v10.10 or later Impact: A remote attacker may be able to execute arbitrary SQL queries Description: A SQL injection issue existed in Wiki Server. This issue was addressed through additional validation of SQL queries. CVE-ID CVE-2014-4424 : Sajjad Pourali (sajjad@securation.com) of CERT of Ferdowsi University of Mashhad
CoreCollaboration Available for: OS X Yosemite v10.10 or later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-site scripting issue existed in Xcode Server. This issue was addressed through improved encoding of HTML output. CVE-ID CVE-2014-4406 : David Hoyt of Hoyt LLC
CoreCollaboration Available for: OS X Yosemite v10.10 or later Impact: Multiple vulnerabilities in PostgreSQL, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in PostgreSQL. These issues were addressed by updating PostgreSQL to version 9.2.7. CVE-ID CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066
Mail Service Available for: OS X Yosemite v10.10 or later Impact: Group SACL changes for Mail may not be respected until after a restart of the Mail service Description: SACL settings for Mail were cached and changes to the SACLs were not respected until after a restart of the Mail service. This issue was addressed by resetting the cache upon changes to the SACLs. CVE-ID CVE-2014-4446 : Craig Courtney
Profile Manager Available for: OS X Yosemite v10.10 or later Impact: Multiple vulnerabilities in LibYAML, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in LibYAML. These issues were addressed by switching from YAML to JSON as Profile Manager's internal serialization format. CVE-ID CVE-2013-4164 CVE-2013-6393
Profile Manager Available for: OS X Yosemite v10.10 or later Impact: A local user may obtain passwords after setting up or editing profiles in Profile Manager Description: In certain circumstances, setting up or editing profiles in Profile Manager may have logged passwords to a file. This issue was addressed through improved handling of credentials. CVE-ID CVE-2014-4447 : Mayo Jordanov
Server Available for: OS X Yosemite v10.10 or later Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling SSL 3.0 support in Web Server, Calendar & Contacts Server, and Remote Administration. CVE-ID CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of Google Security Team
ServerRuby Available for: OS X Yosemite v10.10 or later Impact: Running a Ruby script that handles untrusted YAML tags may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in LibYAML's handling of YAML tags. This issue was addressed through additional validation of YAML tags. This issue does not affect systems prior to OS X Mavericks. CVE-ID CVE-2013-6393
OS X Server v4.0 may be obtained from the Mac App Store. Relevant releases/architectures:
Management Engine - noarch, x86_64
- Description:
Red Hat CloudForms Management Engine delivers the insight, control, and automation enterprises need to address the challenges of managing virtual environments, which are far more complex than physical ones. This technology enables enterprises with existing virtual infrastructures to improve visibility and control, and those just starting virtualization deployments to build and operate a well-managed virtual infrastructure. (CVE-2013-4164)
It was found that Red Hat CloudForms Management Engine did not properly sanitize user-supplied values in the ServiceController. (CVE-2014-0057)
It was found that several number conversion helpers in Action View did not properly escape all their parameters. An attacker could use these flaws to perform a cross-site scripting (XSS) attack on an application that uses data submitted by a user as parameters to the affected helpers. (CVE-2014-0081)
A memory consumption issue was discovered in the text rendering component of Action View. A remote attacker could use this flaw to perform a denial of service attack by sending specially crafted queries that would result in the creation of Ruby symbols that were never garbage collected. (CVE-2014-0082)
Red Hat would like to thank the Ruby on Rails Project for reporting CVE-2014-0081 and CVE-2014-0082. Upstream acknowledges Kevin Reintjes as the original reporter of CVE-2014-0081, and Toby Hsieh of SlideShare as the original reporter of CVE-2014-0082.
This update fixes several bugs and adds multiple enhancements. Documentation for these changes will be available shortly from the Red Hat CloudForms 3.0 Management Engine 5.2 Technical Notes linked to in the References section
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ruby",
"scope": "eq",
"trust": 2.4,
"vendor": "ruby lang",
"version": "1.8"
},
{
"_id": null,
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "1.9"
},
{
"_id": null,
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "2.0.0"
},
{
"_id": null,
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "1.9.2"
},
{
"_id": null,
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "1.9.1"
},
{
"_id": null,
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "2.1"
},
{
"_id": null,
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "1.9.3"
},
{
"_id": null,
"model": "ruby",
"scope": "lt",
"trust": 0.8,
"vendor": "ruby lang",
"version": "2.0"
},
{
"_id": null,
"model": "ruby",
"scope": "eq",
"trust": 0.8,
"vendor": "ruby lang",
"version": "1.9.3-p484"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.8.5"
},
{
"_id": null,
"model": "macos server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "3.2.1"
},
{
"_id": null,
"model": "macos server",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(os x mavericks v10.9.5 or later )"
},
{
"_id": null,
"model": "ruby",
"scope": "eq",
"trust": 0.8,
"vendor": "ruby lang",
"version": "2.1.0 preview2"
},
{
"_id": null,
"model": "macos server",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(os x yosemite v10.10 or later )"
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7.5"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.9.2"
},
{
"_id": null,
"model": "ruby",
"scope": "lt",
"trust": 0.8,
"vendor": "ruby lang",
"version": "2.1"
},
{
"_id": null,
"model": "ruby",
"scope": "lt",
"trust": 0.8,
"vendor": "ruby lang",
"version": "1.9"
},
{
"_id": null,
"model": "macos server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "4.0"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7.5"
},
{
"_id": null,
"model": "ruby",
"scope": "eq",
"trust": 0.8,
"vendor": "ruby lang",
"version": "2.0.0-p353"
},
{
"_id": null,
"model": "matsumoto ruby dev",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.3"
},
{
"_id": null,
"model": "matsumoto ruby rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.2"
},
{
"_id": null,
"model": "matsumoto ruby p180",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.2"
},
{
"_id": null,
"model": "matsumoto ruby p136",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.2"
},
{
"_id": null,
"model": "matsumoto ruby p0",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.2"
},
{
"_id": null,
"model": "matsumoto ruby -rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.2"
},
{
"_id": null,
"model": "matsumoto ruby p431",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.1"
},
{
"_id": null,
"model": "matsumoto ruby -p429",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.1"
},
{
"_id": null,
"model": "matsumoto ruby -p376",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.1"
},
{
"_id": null,
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.1"
},
{
"_id": null,
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9-2"
},
{
"_id": null,
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9-1"
},
{
"_id": null,
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9"
},
{
"_id": null,
"model": "matsumoto ruby -p72",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.7"
},
{
"_id": null,
"model": "matsumoto ruby -p71",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.7"
},
{
"_id": null,
"model": "matsumoto ruby -p22",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.7"
},
{
"_id": null,
"model": "matsumoto ruby -p21",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.7"
},
{
"_id": null,
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.7"
},
{
"_id": null,
"model": "matsumoto ruby -p287",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.6"
},
{
"_id": null,
"model": "matsumoto ruby -p286",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.6"
},
{
"_id": null,
"model": "matsumoto ruby -p230",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.6"
},
{
"_id": null,
"model": "matsumoto ruby -p229",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.6"
},
{
"_id": null,
"model": "matsumoto ruby -p114",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.6"
},
{
"_id": null,
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.6"
},
{
"_id": null,
"model": "matsumoto ruby -p231",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.5"
},
{
"_id": null,
"model": "matsumoto ruby -p230",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.5"
},
{
"_id": null,
"model": "matsumoto ruby -p2",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.5"
},
{
"_id": null,
"model": "matsumoto ruby -p115",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.5"
},
{
"_id": null,
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.5"
},
{
"_id": null,
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.4"
},
{
"_id": null,
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.3"
},
{
"_id": null,
"model": "matsumoto ruby pre4",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.2"
},
{
"_id": null,
"model": "matsumoto ruby pre3",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.2"
},
{
"_id": null,
"model": "matsumoto ruby pre2",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.2"
},
{
"_id": null,
"model": "matsumoto ruby pre1",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.2"
},
{
"_id": null,
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.2"
},
{
"_id": null,
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.1"
},
{
"_id": null,
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8"
},
{
"_id": null,
"model": "matsumoto ruby 2.1.0-preview1",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 2.0.0-p247",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 2.0.0-p195",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "2.0"
},
{
"_id": null,
"model": "matsumoto ruby 1.9.3-p448",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 1.9.3-p426",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 1.9.3-p392",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 1.9.3-p327",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 1.9.3-p0",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby pre3",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.2"
},
{
"_id": null,
"model": "matsumoto ruby 1.9.1-p430",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 1.9.1-p378",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.0-3"
},
{
"_id": null,
"model": "matsumoto ruby 1.8.8dev",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 1.8.7-p374",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 1.8.7-p357",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 1.8.7-p352",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 1.8.7-p334",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 1.8.7-p330",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 1.8.7-p302",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 1.8.7-p299",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 1.8.7-p249",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 1.8.7-p248",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 1.8.7-p173",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 1.8.7-p160",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 1.8.6-p420",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 1.8.6-p399",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 1.8.6-p388",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 1.8.6-p383",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 1.8.6-p369",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 1.8.6-p368",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "13.10"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "13.04"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.10"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"_id": null,
"model": "linux enterprise software development kit sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise server sp3 for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise server sp2 for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise desktop sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise desktop sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "studio onsite",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "1.3"
},
{
"_id": null,
"model": "linux enterprise software development kit sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "lifecycle management server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "1.3"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "13.1"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "12.3"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "12.2"
},
{
"_id": null,
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"_id": null,
"model": "openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux server eus 6.4.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "enterprise linux server eus 6.3.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "enterprise linux server eus 6.2.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.4"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.2"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux high availability eus 6.4.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "cloudforms",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "3.1"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.8.3"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.8.2"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.8.0"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"_id": null,
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"_id": null,
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"_id": null,
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "security network protection xgs",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "51005.1.1"
},
{
"_id": null,
"model": "security network protection xgs",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "51005.1"
},
{
"_id": null,
"model": "security network protection xgs",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "os mavericks",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.3"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x3.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x2.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.2"
},
{
"_id": null,
"model": "matsumoto ruby 2.1.0-preview2",
"scope": "ne",
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 2.0.0-p353",
"scope": "ne",
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "matsumoto ruby 1.9.3-p484",
"scope": "ne",
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "3.1.1"
},
{
"_id": null,
"model": "puppet enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.8.4"
},
{
"_id": null,
"model": "os mavericks",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.3"
},
{
"_id": null,
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x3.1.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x4.0"
}
],
"sources": [
{
"db": "BID",
"id": "63873"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005257"
},
{
"db": "NVD",
"id": "CVE-2013-4164"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ruby-lang:ruby",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:os_x_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005257"
}
]
},
"credits": {
"_id": null,
"data": "Charlie Somerville",
"sources": [
{
"db": "BID",
"id": "63873"
}
],
"trust": 0.3
},
"cve": "CVE-2013-4164",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2013-4164",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-4164",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-4164",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201311-353",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005257"
},
{
"db": "NVD",
"id": "CVE-2013-4164"
}
]
},
"description": {
"_id": null,
"data": "Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse. Ruby is prone to a heap-based buffer overflow vulnerability because it fails to adequate boundary checks on user-supplied input. \nAn attacker can exploit this issue to execute arbitrary code in the context of the application using the affected function. Failed exploit attempts will likely crash the application. \nFollowing versions are vulnerable:\nRuby 1.8\nRuby 1.9 prior to 1.9.3-p484\nRuby 2.0 prior to 2.0.0-p353\nRuby 2.1 prior to 2.1.0 preview2. \n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.9.2.0-2+deb6u2. \n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.9.3.194-8.1+deb7u2. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.9.3.484-1. \n\nWe recommend that you upgrade your ruby1.9.1 packages. ==========================================================================\nUbuntu Security Notice USN-2035-1\nNovember 27, 2013\n\nruby1.8, ruby1.9.1 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 13.10\n- Ubuntu 13.04\n- Ubuntu 12.10\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Ruby. (CVE-2013-4164)\n\nVit Ondruch discovered that Ruby did not perform taint checking for certain\nfunctions. An attacker could possibly use this issue to bypass certain\nintended restrictions. (CVE-2013-2065)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 13.10:\n libruby1.8 1.8.7.358-7ubuntu2.1\n libruby1.9.1 1.9.3.194-8.1ubuntu2.1\n ruby1.8 1.8.7.358-7ubuntu2.1\n ruby1.9.1 1.9.3.194-8.1ubuntu2.1\n\nUbuntu 13.04:\n libruby1.8 1.8.7.358-7ubuntu1.2\n libruby1.9.1 1.9.3.194-8.1ubuntu1.2\n ruby1.8 1.8.7.358-7ubuntu1.2\n ruby1.9.1 1.9.3.194-8.1ubuntu1.2\n\nUbuntu 12.10:\n libruby1.8 1.8.7.358-4ubuntu0.4\n libruby1.9.1 1.9.3.194-1ubuntu1.6\n ruby1.8 1.8.7.358-4ubuntu0.4\n ruby1.9.1 1.9.3.194-1ubuntu1.6\n\nUbuntu 12.04 LTS:\n libruby1.8 1.8.7.352-2ubuntu1.4\n libruby1.9.1 1.9.3.0-1ubuntu2.8\n ruby1.8 1.8.7.352-2ubuntu1.4\n ruby1.9.1 1.9.3.0-1ubuntu2.8\n\nIn general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201412-27\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Ruby: Denial of Service\n Date: December 13, 2014\n Bugs: #355439, #369141, #396301, #437366, #442580, #458776,\n #492282, #527084, #529216\n ID: 201412-27\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Ruby, allowing\ncontext-dependent attackers to cause a Denial of Service condition. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-lang/ruby \u003c 2.0.0_p598 *\u003e= 1.9.3_p551\n \u003e= 2.0.0_p598\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Ruby. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Ruby 1.9 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-lang/ruby-1.9.3_p551\"\n\nAll Ruby 2.0 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-lang/ruby-2.0.0_p598\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-0188\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0188\n[ 2 ] CVE-2011-1004\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1004\n[ 3 ] CVE-2011-1005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1005\n[ 4 ] CVE-2011-4815\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4815\n[ 5 ] CVE-2012-4481\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4481\n[ 6 ] CVE-2012-5371\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5371\n[ 7 ] CVE-2013-0269\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0269\n[ 8 ] CVE-2013-1821\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1821\n[ 9 ] CVE-2013-4164\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4164\n[ 10 ] CVE-2014-8080\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8080\n[ 11 ] CVE-2014-8090\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8090\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-27.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ruby-1.9.3_p484-i486-1_slack14.1.txz: Upgraded. \n For more information, see:\n https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ruby-1.9.3_p484-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ruby-1.9.3_p484-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ruby-1.9.3_p484-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ruby-1.9.3_p484-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ruby-1.9.3_p484-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ruby-1.9.3_p484-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ruby-1.9.3_p484-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ruby-1.9.3_p484-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/ruby-1.9.3_p484-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/ruby-1.9.3_p484-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.1 package:\na9c7fc1b752d9dbebf729639768f0ff9 ruby-1.9.3_p484-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\nb78129d604ac455d1b28d54f28c2742a ruby-1.9.3_p484-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\nb195b07dff2bea6a3c4ad26686ed2bfe ruby-1.9.3_p484-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\na24d37e579ec1756896fabe5c158a83a ruby-1.9.3_p484-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n334fab8b88a0474b7ddd551c3f945492 ruby-1.9.3_p484-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nad5cc7610fd06dae0bcae1b89c8b9659 ruby-1.9.3_p484-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n74555154cbd4bac223f6121f30821f1f ruby-1.9.3_p484-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n172e5c26ed18318e28668820e36ac0a0 ruby-1.9.3_p484-x86_64-1_slack14.1.txz\n\nSlackware -current package:\nb865aec63c8a52ad041ea3d7b6febfda d/ruby-1.9.3_p484-i486-1.txz\n\nSlackware x86_64 -current package:\n9ddaa67e1d06d2d37eda294b749ff91d d/ruby-1.9.3_p484-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ruby-1.9.3_p484-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: ruby security update\nAdvisory ID: RHSA-2013:1764-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2013-1764.html\nIssue date: 2013-11-25\nCVE Names: CVE-2013-4164 \n=====================================================================\n\n1. Summary:\n\nUpdated ruby packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section. \n\n2. Relevant releases/architectures:\n\n Red Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nRuby is an extensible, interpreted, object-oriented, scripting language. \nIt has features to process text files and to perform system management\ntasks. \n\nA buffer overflow flaw was found in the way Ruby parsed floating point\nnumbers from their text representation. (CVE-2013-4164)\n\nAll ruby users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1033460 - CVE-2013-4164 ruby: heap overflow in floating point parsing\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm\n\ni386:\nruby-1.8.7.352-13.el6.i686.rpm\nruby-debuginfo-1.8.7.352-13.el6.i686.rpm\nruby-devel-1.8.7.352-13.el6.i686.rpm\nruby-irb-1.8.7.352-13.el6.i686.rpm\nruby-libs-1.8.7.352-13.el6.i686.rpm\nruby-rdoc-1.8.7.352-13.el6.i686.rpm\n\nx86_64:\nruby-1.8.7.352-13.el6.x86_64.rpm\nruby-debuginfo-1.8.7.352-13.el6.i686.rpm\nruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm\nruby-devel-1.8.7.352-13.el6.i686.rpm\nruby-devel-1.8.7.352-13.el6.x86_64.rpm\nruby-irb-1.8.7.352-13.el6.x86_64.rpm\nruby-libs-1.8.7.352-13.el6.i686.rpm\nruby-libs-1.8.7.352-13.el6.x86_64.rpm\nruby-rdoc-1.8.7.352-13.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm\n\ni386:\nruby-debuginfo-1.8.7.352-13.el6.i686.rpm\nruby-docs-1.8.7.352-13.el6.i686.rpm\nruby-ri-1.8.7.352-13.el6.i686.rpm\nruby-static-1.8.7.352-13.el6.i686.rpm\nruby-tcltk-1.8.7.352-13.el6.i686.rpm\n\nx86_64:\nruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm\nruby-docs-1.8.7.352-13.el6.x86_64.rpm\nruby-ri-1.8.7.352-13.el6.x86_64.rpm\nruby-static-1.8.7.352-13.el6.x86_64.rpm\nruby-tcltk-1.8.7.352-13.el6.x86_64.rpm\n\n Red Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm\n\nx86_64:\nruby-1.8.7.352-13.el6.x86_64.rpm\nruby-debuginfo-1.8.7.352-13.el6.i686.rpm\nruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm\nruby-devel-1.8.7.352-13.el6.i686.rpm\nruby-devel-1.8.7.352-13.el6.x86_64.rpm\nruby-irb-1.8.7.352-13.el6.x86_64.rpm\nruby-libs-1.8.7.352-13.el6.i686.rpm\nruby-libs-1.8.7.352-13.el6.x86_64.rpm\nruby-rdoc-1.8.7.352-13.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm\n\nx86_64:\nruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm\nruby-docs-1.8.7.352-13.el6.x86_64.rpm\nruby-ri-1.8.7.352-13.el6.x86_64.rpm\nruby-static-1.8.7.352-13.el6.x86_64.rpm\nruby-tcltk-1.8.7.352-13.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm\n\ni386:\nruby-1.8.7.352-13.el6.i686.rpm\nruby-debuginfo-1.8.7.352-13.el6.i686.rpm\nruby-devel-1.8.7.352-13.el6.i686.rpm\nruby-irb-1.8.7.352-13.el6.i686.rpm\nruby-libs-1.8.7.352-13.el6.i686.rpm\nruby-rdoc-1.8.7.352-13.el6.i686.rpm\n\nppc64:\nruby-1.8.7.352-13.el6.ppc64.rpm\nruby-debuginfo-1.8.7.352-13.el6.ppc.rpm\nruby-debuginfo-1.8.7.352-13.el6.ppc64.rpm\nruby-devel-1.8.7.352-13.el6.ppc.rpm\nruby-devel-1.8.7.352-13.el6.ppc64.rpm\nruby-irb-1.8.7.352-13.el6.ppc64.rpm\nruby-libs-1.8.7.352-13.el6.ppc.rpm\nruby-libs-1.8.7.352-13.el6.ppc64.rpm\nruby-rdoc-1.8.7.352-13.el6.ppc64.rpm\n\ns390x:\nruby-1.8.7.352-13.el6.s390x.rpm\nruby-debuginfo-1.8.7.352-13.el6.s390.rpm\nruby-debuginfo-1.8.7.352-13.el6.s390x.rpm\nruby-devel-1.8.7.352-13.el6.s390.rpm\nruby-devel-1.8.7.352-13.el6.s390x.rpm\nruby-irb-1.8.7.352-13.el6.s390x.rpm\nruby-libs-1.8.7.352-13.el6.s390.rpm\nruby-libs-1.8.7.352-13.el6.s390x.rpm\nruby-rdoc-1.8.7.352-13.el6.s390x.rpm\n\nx86_64:\nruby-1.8.7.352-13.el6.x86_64.rpm\nruby-debuginfo-1.8.7.352-13.el6.i686.rpm\nruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm\nruby-devel-1.8.7.352-13.el6.i686.rpm\nruby-devel-1.8.7.352-13.el6.x86_64.rpm\nruby-irb-1.8.7.352-13.el6.x86_64.rpm\nruby-libs-1.8.7.352-13.el6.i686.rpm\nruby-libs-1.8.7.352-13.el6.x86_64.rpm\nruby-rdoc-1.8.7.352-13.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm\n\ni386:\nruby-debuginfo-1.8.7.352-13.el6.i686.rpm\nruby-docs-1.8.7.352-13.el6.i686.rpm\nruby-ri-1.8.7.352-13.el6.i686.rpm\nruby-static-1.8.7.352-13.el6.i686.rpm\nruby-tcltk-1.8.7.352-13.el6.i686.rpm\n\nppc64:\nruby-debuginfo-1.8.7.352-13.el6.ppc64.rpm\nruby-docs-1.8.7.352-13.el6.ppc64.rpm\nruby-ri-1.8.7.352-13.el6.ppc64.rpm\nruby-static-1.8.7.352-13.el6.ppc64.rpm\nruby-tcltk-1.8.7.352-13.el6.ppc64.rpm\n\ns390x:\nruby-debuginfo-1.8.7.352-13.el6.s390x.rpm\nruby-docs-1.8.7.352-13.el6.s390x.rpm\nruby-ri-1.8.7.352-13.el6.s390x.rpm\nruby-static-1.8.7.352-13.el6.s390x.rpm\nruby-tcltk-1.8.7.352-13.el6.s390x.rpm\n\nx86_64:\nruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm\nruby-docs-1.8.7.352-13.el6.x86_64.rpm\nruby-ri-1.8.7.352-13.el6.x86_64.rpm\nruby-static-1.8.7.352-13.el6.x86_64.rpm\nruby-tcltk-1.8.7.352-13.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm\n\ni386:\nruby-1.8.7.352-13.el6.i686.rpm\nruby-debuginfo-1.8.7.352-13.el6.i686.rpm\nruby-devel-1.8.7.352-13.el6.i686.rpm\nruby-irb-1.8.7.352-13.el6.i686.rpm\nruby-libs-1.8.7.352-13.el6.i686.rpm\nruby-rdoc-1.8.7.352-13.el6.i686.rpm\n\nx86_64:\nruby-1.8.7.352-13.el6.x86_64.rpm\nruby-debuginfo-1.8.7.352-13.el6.i686.rpm\nruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm\nruby-devel-1.8.7.352-13.el6.i686.rpm\nruby-devel-1.8.7.352-13.el6.x86_64.rpm\nruby-irb-1.8.7.352-13.el6.x86_64.rpm\nruby-libs-1.8.7.352-13.el6.i686.rpm\nruby-libs-1.8.7.352-13.el6.x86_64.rpm\nruby-rdoc-1.8.7.352-13.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm\n\ni386:\nruby-debuginfo-1.8.7.352-13.el6.i686.rpm\nruby-docs-1.8.7.352-13.el6.i686.rpm\nruby-ri-1.8.7.352-13.el6.i686.rpm\nruby-static-1.8.7.352-13.el6.i686.rpm\nruby-tcltk-1.8.7.352-13.el6.i686.rpm\n\nx86_64:\nruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm\nruby-docs-1.8.7.352-13.el6.x86_64.rpm\nruby-ri-1.8.7.352-13.el6.x86_64.rpm\nruby-static-1.8.7.352-13.el6.x86_64.rpm\nruby-tcltk-1.8.7.352-13.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2013-4164.html\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2013 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFSk6BNXlSAg2UNWIIRAlZiAKDAAPRSZ1H9cccz0veRzTeGoeJjcACcCB69\nP78u5S2/0ZOC5eh3GKqWcx0=\n=VMn2\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-10-16-3 OS X Server v4.0\n\nOS X Server v4.0 is now available and addresses the following:\n\nBIND\nAvailable for: OS X Yosemite v10.10 or later\nImpact: Multiple vulnerabilities in BIND, the most serious of which\nmay lead to a denial of service\nDescription: Multiple vulnerabilities existed in BIND. These issues\nwere addressed by updating BIND to version 9.9.2-P2\nCVE-ID\nCVE-2013-3919\nCVE-2013-4854\nCVE-2014-0591\n\nCoreCollaboration\nAvailable for: OS X Yosemite v10.10 or later\nImpact: A remote attacker may be able to execute arbitrary SQL\nqueries\nDescription: A SQL injection issue existed in Wiki Server. This\nissue was addressed through additional validation of SQL queries. \nCVE-ID\nCVE-2014-4424 : Sajjad Pourali (sajjad@securation.com) of CERT of\nFerdowsi University of Mashhad\n\nCoreCollaboration\nAvailable for: OS X Yosemite v10.10 or later\nImpact: Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription: A cross-site scripting issue existed in Xcode Server. \nThis issue was addressed through improved encoding of HTML output. \nCVE-ID\nCVE-2014-4406 : David Hoyt of Hoyt LLC\n\nCoreCollaboration\nAvailable for: OS X Yosemite v10.10 or later\nImpact: Multiple vulnerabilities in PostgreSQL, the most serious of\nwhich may lead to arbitrary code execution\nDescription: Multiple vulnerabilities existed in PostgreSQL. These\nissues were addressed by updating PostgreSQL to version 9.2.7. \nCVE-ID\nCVE-2014-0060\nCVE-2014-0061\nCVE-2014-0062\nCVE-2014-0063\nCVE-2014-0064\nCVE-2014-0065\nCVE-2014-0066\n\nMail Service\nAvailable for: OS X Yosemite v10.10 or later\nImpact: Group SACL changes for Mail may not be respected until after\na restart of the Mail service\nDescription: SACL settings for Mail were cached and changes to the\nSACLs were not respected until after a restart of the Mail service. \nThis issue was addressed by resetting the cache upon changes to the\nSACLs. \nCVE-ID\nCVE-2014-4446 : Craig Courtney\n\nProfile Manager\nAvailable for: OS X Yosemite v10.10 or later\nImpact: Multiple vulnerabilities in LibYAML, the most serious of\nwhich may lead to arbitrary code execution\nDescription: Multiple vulnerabilities existed in LibYAML. These\nissues were addressed by switching from YAML to JSON as Profile\nManager\u0027s internal serialization format. \nCVE-ID\nCVE-2013-4164\nCVE-2013-6393\n\nProfile Manager\nAvailable for: OS X Yosemite v10.10 or later\nImpact: A local user may obtain passwords after setting up or\nediting profiles in Profile Manager\nDescription: In certain circumstances, setting up or editing\nprofiles in Profile Manager may have logged passwords to a file. This\nissue was addressed through improved handling of credentials. \nCVE-ID\nCVE-2014-4447 : Mayo Jordanov\n\nServer\nAvailable for: OS X Yosemite v10.10 or later\nImpact: An attacker may be able to decrypt data protected by SSL\nDescription: There are known attacks on the confidentiality of SSL\n3.0 when a cipher suite uses a block cipher in CBC mode. An attacker\ncould force the use of SSL 3.0, even when the server would support a\nbetter TLS version, by blocking TLS 1.0 and higher connection\nattempts. This issue was addressed by disabling SSL 3.0 support in\nWeb Server, Calendar \u0026 Contacts Server, and Remote Administration. \nCVE-ID\nCVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of\nGoogle Security Team\n\nServerRuby\nAvailable for: OS X Yosemite v10.10 or later\nImpact: Running a Ruby script that handles untrusted YAML tags may\nlead to an unexpected application termination or arbitrary code\nexecution\nDescription: An integer overflow issue existed in LibYAML\u0027s handling\nof YAML tags. This issue was addressed through additional validation\nof YAML tags. This issue does not affect systems prior to OS X\nMavericks. \nCVE-ID\nCVE-2013-6393\n\n\nOS X Server v4.0 may be obtained from the Mac App Store. Relevant releases/architectures:\n\nManagement Engine - noarch, x86_64\n\n3. Description:\n\nRed Hat CloudForms Management Engine delivers the insight, control, and\nautomation enterprises need to address the challenges of managing virtual\nenvironments, which are far more complex than physical ones. This\ntechnology enables enterprises with existing virtual infrastructures\nto improve visibility and control, and those just starting virtualization\ndeployments to build and operate a well-managed virtual infrastructure. (CVE-2013-4164)\n\nIt was found that Red Hat CloudForms Management Engine did not properly\nsanitize user-supplied values in the ServiceController. \n(CVE-2014-0057)\n\nIt was found that several number conversion helpers in Action View did not\nproperly escape all their parameters. An attacker could use these flaws to\nperform a cross-site scripting (XSS) attack on an application that uses\ndata submitted by a user as parameters to the affected helpers. \n(CVE-2014-0081)\n\nA memory consumption issue was discovered in the text rendering component\nof Action View. A remote attacker could use this flaw to perform a denial\nof service attack by sending specially crafted queries that would result in\nthe creation of Ruby symbols that were never garbage collected. \n(CVE-2014-0082)\n\nRed Hat would like to thank the Ruby on Rails Project for reporting\nCVE-2014-0081 and CVE-2014-0082. Upstream acknowledges Kevin Reintjes as\nthe original reporter of CVE-2014-0081, and Toby Hsieh of SlideShare as the\noriginal reporter of CVE-2014-0082. \n\nThis update fixes several bugs and adds multiple enhancements. \nDocumentation for these changes will be available shortly from the Red Hat\nCloudForms 3.0 Management Engine 5.2 Technical Notes linked to in the\nReferences section",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4164"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005257"
},
{
"db": "BID",
"id": "63873"
},
{
"db": "PACKETSTORM",
"id": "124290"
},
{
"db": "PACKETSTORM",
"id": "124207"
},
{
"db": "PACKETSTORM",
"id": "129551"
},
{
"db": "PACKETSTORM",
"id": "124487"
},
{
"db": "PACKETSTORM",
"id": "124176"
},
{
"db": "PACKETSTORM",
"id": "128731"
},
{
"db": "PACKETSTORM",
"id": "125651"
}
],
"trust": 2.52
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2013-4164",
"trust": 3.4
},
{
"db": "OSVDB",
"id": "100113",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "55787",
"trust": 1.6
},
{
"db": "BID",
"id": "63873",
"trust": 1.3
},
{
"db": "SECUNIA",
"id": "57376",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU95860341",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97537282",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005257",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201311-353",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "124290",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124207",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129551",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124487",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124176",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128731",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125651",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "63873"
},
{
"db": "PACKETSTORM",
"id": "124290"
},
{
"db": "PACKETSTORM",
"id": "124207"
},
{
"db": "PACKETSTORM",
"id": "129551"
},
{
"db": "PACKETSTORM",
"id": "124487"
},
{
"db": "PACKETSTORM",
"id": "124176"
},
{
"db": "PACKETSTORM",
"id": "128731"
},
{
"db": "PACKETSTORM",
"id": "125651"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005257"
},
{
"db": "NVD",
"id": "CVE-2013-4164"
}
]
},
"id": "VAR-201311-0106",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.24090908
},
"last_update_date": "2026-03-09T20:00:01.464000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HT6207",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6207"
},
{
"title": "HT6248",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6248"
},
{
"title": "HT6536",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6536"
},
{
"title": "HT6207",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6207?viewlocale=ja_JP"
},
{
"title": "HT6248",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6248?viewlocale=ja_JP"
},
{
"title": "HT6536",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6536?viewlocale=ja_JP"
},
{
"title": "DSA-2810",
"trust": 0.8,
"url": "http://www.debian.org/security/2013/dsa-2810"
},
{
"title": "openSUSE-SU-2013:1834",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00027.html"
},
{
"title": "openSUSE-SU-2013:1835",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00028.html"
},
{
"title": "Multiple vulnerabilities in Ruby",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ruby1"
},
{
"title": "Bug 1033460",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033460"
},
{
"title": "RHSA-2014:0215",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2014-0215.html"
},
{
"title": "RHSA-2013:1763",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2013-1763.html"
},
{
"title": "RHSA-2013:1764",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2013-1764.html"
},
{
"title": "RHSA-2013:1767",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2013-1767.html"
},
{
"title": "RHSA-2014:0011",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2014-0011.html"
},
{
"title": "Ruby 2.0.0-p353 is released",
"trust": 0.8,
"url": "https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released"
},
{
"title": "Ruby 1.9.3-p484 is released",
"trust": 0.8,
"url": "https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released"
},
{
"title": "Heap Overflow in Floating Point Parsing (CVE-2013-4164)",
"trust": 0.8,
"url": "https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164"
},
{
"title": "CVE-2013-4164 Buffer Errors vulnerability in Ruby",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2013_4164_buffer_errors"
},
{
"title": "ruby-2.0.0-p353",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49037"
},
{
"title": "ruby-2.1.0-preview2",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49041"
},
{
"title": "ruby-1.9.3-p484",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49036"
},
{
"title": "ruby-2.1.0-preview2",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49040"
},
{
"title": "ruby-1.9.3-p484",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49034"
},
{
"title": "ruby-2.0.0-p353",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49039"
},
{
"title": "ruby-1.9.3-p484",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49032"
},
{
"title": "ruby-2.0.0-p353",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49038"
},
{
"title": "ruby-2.1.0-preview2",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49042"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005257"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005257"
},
{
"db": "NVD",
"id": "CVE-2013-4164"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.8,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
},
{
"trust": 1.8,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
},
{
"trust": 1.6,
"url": "https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released"
},
{
"trust": 1.6,
"url": "https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released"
},
{
"trust": 1.6,
"url": "https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/55787"
},
{
"trust": 1.6,
"url": "http://osvdb.org/100113"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0215.html"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1764.html"
},
{
"trust": 1.3,
"url": "https://support.apple.com/kb/ht6536"
},
{
"trust": 1.3,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1767.html"
},
{
"trust": 1.3,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0011.html"
},
{
"trust": 1.3,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1763.html"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-2035-1"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/57376"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00009.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00028.html"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2013/dsa-2809"
},
{
"trust": 1.0,
"url": "https://puppet.com/security/cve/cve-2013-4164"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2013/dsa-2810"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/63873"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00027.html"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4164"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95860341/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97537282/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4164"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4164"
},
{
"trust": 0.4,
"url": "https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2014/apr/133"
},
{
"trust": 0.3,
"url": "http://puppetlabs.com/security/cve/cve-2013-4164"
},
{
"trust": 0.3,
"url": "http://www.ruby-lang.org"
},
{
"trust": 0.3,
"url": "http://www.slackware.com/lists/archive/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.484609"
},
{
"trust": 0.3,
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2013_4164_buffer_errors"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21665279"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/site/articles/11258"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4164.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-1ubuntu1.6"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.352-2ubuntu1.4"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2065"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.358-7ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.0-1ubuntu2.8"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.358-4ubuntu0.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-8.1ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-8.1ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.358-7ubuntu2.1"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4815"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0188"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1005"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5371"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0269"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1821"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8080"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8080"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0188"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0269"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5371"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1004"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8090"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1004"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4164"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4481"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4815"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201412-27.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8090"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1821"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4481"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0064"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0063"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0061"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4406"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4854"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0066"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0062"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0060"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3919"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0065"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4446"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4447"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/documentation/en-us/cloudforms/3.0/html/management_engine_5.2_technical_notes/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0082"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0081.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0057"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0081"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0057.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0082.html"
}
],
"sources": [
{
"db": "BID",
"id": "63873"
},
{
"db": "PACKETSTORM",
"id": "124290"
},
{
"db": "PACKETSTORM",
"id": "124207"
},
{
"db": "PACKETSTORM",
"id": "129551"
},
{
"db": "PACKETSTORM",
"id": "124487"
},
{
"db": "PACKETSTORM",
"id": "124176"
},
{
"db": "PACKETSTORM",
"id": "128731"
},
{
"db": "PACKETSTORM",
"id": "125651"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005257"
},
{
"db": "NVD",
"id": "CVE-2013-4164"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "BID",
"id": "63873",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "124290",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "124207",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "129551",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "124487",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "124176",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "128731",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "125651",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201311-353",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005257",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2013-4164",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2013-11-22T00:00:00",
"db": "BID",
"id": "63873",
"ident": null
},
{
"date": "2013-12-05T04:52:45",
"db": "PACKETSTORM",
"id": "124290",
"ident": null
},
{
"date": "2013-11-27T23:33:00",
"db": "PACKETSTORM",
"id": "124207",
"ident": null
},
{
"date": "2014-12-15T19:58:46",
"db": "PACKETSTORM",
"id": "129551",
"ident": null
},
{
"date": "2013-12-18T01:02:13",
"db": "PACKETSTORM",
"id": "124487",
"ident": null
},
{
"date": "2013-11-26T01:47:59",
"db": "PACKETSTORM",
"id": "124176",
"ident": null
},
{
"date": "2014-10-17T15:07:38",
"db": "PACKETSTORM",
"id": "128731",
"ident": null
},
{
"date": "2014-03-11T21:31:51",
"db": "PACKETSTORM",
"id": "125651",
"ident": null
},
{
"date": "2013-11-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-353",
"ident": null
},
{
"date": "2013-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005257",
"ident": null
},
{
"date": "2013-11-23T19:55:03.517000",
"db": "NVD",
"id": "CVE-2013-4164",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2015-04-13T21:19:00",
"db": "BID",
"id": "63873",
"ident": null
},
{
"date": "2013-11-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-353",
"ident": null
},
{
"date": "2015-08-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005257",
"ident": null
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-4164",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Ruby Heap-based buffer overflow vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005257"
}
],
"trust": 1.4
},
"type": {
"_id": null,
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.