CVE-2015-7551 (retired)

Priority
Description
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before
2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple
OS X before 10.11.4 and other products, mishandles tainting, which allows
context-dependent attackers to execute arbitrary code or cause a denial of
service (application crash) via a crafted string, related to the DL module
and the libffi library. NOTE: this vulnerability exists because of a
CVE-2009-5147 regression.
Notes
mdeslaurThis is the same issue as CVE-2009-5147, except for other
releases than 1.9.1
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Upstream:https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a (fiddle)
Package
Upstream:released (2.2.4-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (2.3.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.3.1-2~16.04)
More Information

Updated: 2019-10-09 07:53:53 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)