Updated ruby packages fix security vulnerability
Publication date: 12 Jan 2016Modification date: 12 Jan 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-7551
Description
There is an unsafe tainted string vulnerability in Fiddle and DL. This
issue was originally reported and fixed with CVE-2009-5147 in DL, but
reappeared after DL was reimplemented using Fiddle and libffi
(CVE-2015-7551).
References
- https://bugs.mageia.org/show_bug.cgi?id=17351
- https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/
- https://www.ruby-lang.org/en/news/2015/12/16/ruby-2-0-0-p648-released/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7551
SRPMS
5/core
- ruby-2.0.0.p648-1.mga5