Novell Home

CVE-2013-4164

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-4164 at MITRE

Description

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.

NVD CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 851803

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Studio Onsite 1.3
  • ruby19 >= 1.9.3.p392-0.17.1
  • ruby19-devel >= 1.9.3.p392-0.17.1
  • ruby19-devel-extra >= 1.9.3.p392-0.17.1
Builds
SAT Patch Nr: 8620
SUSE Linux Enterprise Software Development Kit 11 SP2
  • ruby-devel >= 1.8.7.p357-0.9.13.1
  • ruby-doc-html >= 1.8.7.p357-0.9.13.1
  • ruby-doc-ri >= 1.8.7.p357-0.9.13.1
  • ruby-examples >= 1.8.7.p357-0.9.13.1
  • ruby-test-suite >= 1.8.7.p357-0.9.13.1
  • ruby-tk >= 1.8.7.p357-0.9.13.1
Builds
SAT Patch Nr: 8578
SUSE Lifecycle Management Server 1.3
SUSE Studio Onsite 1.3
WebYaST 1.3
  • ruby-devel >= 1.8.7.p357-0.9.13.1
Builds
SAT Patch Nr: 8578
SUSE Linux Enterprise Desktop 11 SP2
  • ruby >= 1.8.7.p357-0.9.13.1
Builds
SAT Patch Nr: 8578
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • ruby >= 1.8.7.p357-0.9.13.1
  • ruby-doc-html >= 1.8.7.p357-0.9.13.1
  • ruby-tk >= 1.8.7.p357-0.9.13.1
Builds
SAT Patch Nr: 8578
SUSE Linux Enterprise Software Development Kit 11 SP3
  • ruby-devel >= 1.8.7.p357-0.9.13.1
  • ruby-doc-html >= 1.8.7.p357-0.9.13.1
  • ruby-doc-ri >= 1.8.7.p357-0.9.13.1
  • ruby-examples >= 1.8.7.p357-0.9.13.1
  • ruby-test-suite >= 1.8.7.p357-0.9.13.1
  • ruby-tk >= 1.8.7.p357-0.9.13.1
Builds
SAT Patch Nr: 8579
SUSE Linux Enterprise Desktop 11 SP3
  • ruby >= 1.8.7.p357-0.9.13.1
Builds
SAT Patch Nr: 8579
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • ruby >= 1.8.7.p357-0.9.13.1
  • ruby-doc-html >= 1.8.7.p357-0.9.13.1
  • ruby-tk >= 1.8.7.p357-0.9.13.1
Builds
SAT Patch Nr: 8579
SUSE Linux Enterprise Server 11 SP1 LTSS
  • ruby >= 1.8.7.p357-0.9.15.6
  • ruby-doc-html >= 1.8.7.p357-0.9.15.6
  • ruby-tk >= 1.8.7.p357-0.9.15.6
Builds
SAT Patch Nr: 9312
SUSE Linux Enterprise Server 11 SP2 LTSS
  • ruby >= 1.8.7.p357-0.9.15.6
  • ruby-doc-html >= 1.8.7.p357-0.9.15.6
  • ruby-tk >= 1.8.7.p357-0.9.15.6
Builds
SAT Patch Nr: 9313

List of products where fixes are in QA

© 2014 Novell