Red Hat Bugzilla – Bug 453589
CVE-2008-2376 ruby: integer overflows in rb_ary_fill() / Array#fill
Last modified: 2016-03-04 07:17:58 EST
It was discovered that implementation of Ruby Array's fill method is affected by
a multiple integer overflows. Problem occurred in rb_ary_fill() function in
array.c and could result in insufficient memory allocations resulting in a heap
First patch to address integer overflow condition was added upstream (in 1.8.6
branch) in following commit:
That change was insufficient and need to be replaced with following patch:
This was applied in 1.8.6-p257:
Issue was already addressed in Fedora packages in ruby-22.214.171.124-4.
Public now via:
ruby-126.96.36.199-4.fc8 has been submitted as an update for Fedora 8
ruby-188.8.131.52-4.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
ruby-184.108.40.206-4.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in:
Red Hat Enterprise Linux: