1
PublicDateAtUSN: 2014-07-17
2
Candidate: CVE-2014-4975
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4975
6
http://www.openwall.com/lists/oss-security/2014/07/17
7
https://usn.ubuntu.com/usn/usn-2397-1
9
Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and
10
earlier, and 2.x through 2.1.2, when using certain format string
11
specifiers, allows context-dependent attackers to cause a denial of service
12
(segmentation fault) via vectors that trigger a stack-based buffer
16
mdeslaur> not likely to be exposed, and stack protector limits to DoS
18
https://bugs.ruby-lang.org/issues/10019
20
Discovered-by: Will Wood
24
upstream_ruby1.8: needs-triage
25
lucid_ruby1.8: ignored (reached end-of-life)
26
precise_ruby1.8: not-affected (1.8.7.352-2ubuntu1.4)
30
vivid/stable-phone-overlay_ruby1.8: DNE
31
vivid/ubuntu-core_ruby1.8: DNE
36
upstream_ruby1.9: needs-triage
37
lucid_ruby1.9: ignored (reached end-of-life)
42
vivid/stable-phone-overlay_ruby1.9: DNE
43
vivid/ubuntu-core_ruby1.9: DNE
47
Tags_ruby1.9.1: stack-protector
49
upstream_ruby1.9.1: needs-triage
50
lucid_ruby1.9.1: ignored (reached end-of-life)
51
precise_ruby1.9.1: released (1.9.3.0-1ubuntu2.9)
52
trusty_ruby1.9.1: released (1.9.3.484-2ubuntu1.1)
53
utopic_ruby1.9.1: ignored (reached end-of-life)
54
vivid_ruby1.9.1: ignored (reached end-of-life)
55
vivid/stable-phone-overlay_ruby1.9.1: DNE
56
vivid/ubuntu-core_ruby1.9.1: DNE
60
Tags_ruby2.0: stack-protector
62
upstream_ruby2.0: needs-triage
65
trusty_ruby2.0: released (2.0.0.484-1ubuntu2.1)
66
utopic_ruby2.0: released (2.0.0.484+really457-3ubuntu1.1)
68
vivid/stable-phone-overlay_ruby2.0: DNE
69
vivid/ubuntu-core_ruby2.0: DNE
73
Tags_ruby2.1: stack-protector
75
upstream: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=46778
76
upstream_ruby2.1: needs-triage
80
utopic_ruby2.1: released (2.1.2-2ubuntu1.1)
81
vivid_ruby2.1: released (2.1.2-2ubuntu2)
82
vivid/stable-phone-overlay_ruby2.1: DNE
83
vivid/ubuntu-core_ruby2.1: DNE
84
wily_ruby2.1: released (2.1.2-2ubuntu2)
85
devel_ruby2.1: released (2.1.2-2ubuntu2)