Bug#532689: DoS vulnerability in BigDecimal Ruby Library

Johannes Barre Wed, 10 Jun 2009 12:19:56 -0700

Package: ruby1.8
Version: 1.8.7.72-3
Severity: serious
Tags: BigDecimal ruby


This is a copy of the bug report at
https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/385436

A denial of service (DoS) vulnerability was found on the BigDecimal
standard library of Ruby. Conversion from BigDecimal objects into
Float numbers had a problem which enables attackers to effectively
cause segmentation faults.

Refer to the following URLs for complete information:

http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/
http://weblog.rubyonrails.org/2009/6/10/dos-vulnerability-in-ruby

Affected 1.8 series
    * 1.8.6-p368 and all prior versions
    * 1.8.7-p160 and all prior versions

All 1.9.1 versions are not affected by this issue.



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#532689: DoS vulnerability in BigDecimal Ruby Library

Reply via email to