Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2014-3916

Published: 16 November 2014

The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.

Notes

AuthorNote
jdstrand
per Debian, only exploitable on Windows
mdeslaur
we aren't going to release an update for this

Priority

Negligible

Status

Package Release Status
ruby1.8
Launchpad, Ubuntu, Debian
lucid Ignored
(end of life)
precise Ignored

saucy Ignored
(end of life)
trusty Does not exist

upstream Needs triage

ruby1.9.1
Launchpad, Ubuntu, Debian
lucid Ignored

precise Ignored

saucy Ignored
(end of life)
trusty Does not exist
(trusty was ignored)
upstream Needs triage

ruby2.0
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

saucy Ignored
(end of life)
trusty Does not exist
(trusty was ignored)
upstream Needs triage

ruby2.1
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

saucy Does not exist

trusty Does not exist

upstream Needs triage