[DRE-maint] Bug#678512: ruby-eventmachine: crashes when using IPv6 socket
Justin Steven
justin at justinsteven.com
Tue Nov 24 07:15:04 UTC 2015
tags 678512 + security
thanks
I'm not certain, but I have an inkling this is caused by the bug fixed
in https://github.com/eventmachine/eventmachine/pull/502 which
introduced a memory leak which was fixed in
https://github.com/eventmachine/eventmachine/pull/586
We are seeing identical overflows in beef when configured to use IPv6
on Kali. See https://github.com/beefproject/beef/issues/1187
Regardless, it looks to me as though Jessie and Wheezy's
ruby-eventmachine packages (1.0.3-6+b2 and 0.12.10-3 respectively) are
missing patches for what is said upsteam to be a remotely exploitable
security issue - see
https://github.com/eventmachine/eventmachine/issues/501#issuecomment-37307556
--
Justin
More information about the Pkg-ruby-extras-maintainers
mailing list