Debian Security Advisory
DLA-209-1 jruby -- LTS security update
- Date Reported:
- 29 Apr 2015
- Affected Packages:
- jruby
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 686867.
In Mitre's CVE dictionary: CVE-2011-4838. - More information:
-
JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. Note: This update includes corrections to the original fix for later Debian releases to avoid the issues identified in CVE-2012-5370.
