CVE-2015-7551 (retired)

Priority
Description
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before
2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple
OS X before 10.11.4 and other products, mishandles tainting, which allows
context-dependent attackers to execute arbitrary code or cause a denial of
service (application crash) via a crafted string, related to the DL module
and the libffi library. NOTE: this vulnerability exists because of a
CVE-2009-5147 regression.
Notes
 mdeslaur> This is the same issue as CVE-2009-5147, except for other
 mdeslaur> releases than 1.9.1
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (2.0.0.484-1ubuntu2.4)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Upstream:https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a (fiddle)
Package
Upstream:released (2.2.4-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (2.3.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.3.1-2~16.04)
More Information

Updated: 2019-03-26 12:16:47 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)