Bugzilla – Bug 887877
VUL-1: CVE-2014-4975: ruby20: off-by-one stack-based buffer overflow in the encodes() function
Last modified: 2017-04-28 16:12:05 UTC
CVE-2014-4975: A possible stack-based buffer overflow flaw was reported in the Ruby encodes() function from pack.c. From the bug report, this function may be used on data received from a server, and could be triggered remotely. As the affected stack buffer is a static size on the stack, FORTIFY_SOURCE may help mitigate this issue to only be a denial of service. The original report suggests older versions (such as 1.9.3) are not affected. References: https://bugs.ruby-lang.org/issues/10019 http://www.openwall.com/lists/oss-security/2014/07/09/13 https://bugzilla.redhat.com/show_bug.cgi?id=1118158 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4975 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4975
assigning to darix. I am on vacation next week and I think he is the appropiate person to fix it.
bugbot adjusting priority
JFYI this only seems to apply to 32bit.
can you submit fixes?
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=46778 current fix i see nothing 32bit specific in there.
JFYI: i cant reproduce the issue on sle11 32bit ruby.
1. rh bugzilla seems also to indicate 1.8 not affected 2. i have patches ready for everything but sle 12. there i would recommend to bump to 2.1.3 and take the GC improvements https://www.ruby-lang.org/en/news/2014/09/19/ruby-2-1-3-is-released/ thoughts?
+1 for 2.1.3
SLE12: this is covered by the update to 2.1.9
SUSE-SU-2017:1067-1: An update that solves 5 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1014863,1018808,887877,909695,926974,936032,959495,986630 CVE References: CVE-2014-4975,CVE-2015-1855,CVE-2015-3900,CVE-2015-7551,CVE-2016-2339 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP2 (src): ruby2.1-2.1.9-15.1 SUSE Linux Enterprise Software Development Kit 12-SP1 (src): ruby2.1-2.1.9-15.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): ruby2.1-2.1.9-15.1 SUSE Linux Enterprise Server 12-SP2 (src): ruby2.1-2.1.9-15.1 SUSE Linux Enterprise Server 12-SP1 (src): ruby2.1-2.1.9-15.1 SUSE Linux Enterprise Desktop 12-SP2 (src): ruby2.1-2.1.9-15.1 SUSE Linux Enterprise Desktop 12-SP1 (src): ruby2.1-2.1.9-15.1 OpenStack Cloud Magnum Orchestration 7 (src): ruby2.1-2.1.9-15.1
openSUSE-SU-2017:1128-1: An update that solves 5 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1014863,1018808,887877,909695,926974,936032,959495,986630 CVE References: CVE-2014-4975,CVE-2015-1855,CVE-2015-3900,CVE-2015-7551,CVE-2016-2339 Sources used: openSUSE Leap 42.2 (src): ruby2.1-2.1.9-8.3.2 openSUSE Leap 42.1 (src): ruby2.1-2.1.9-10.2