Oracle Solaris Third-Party Patch Update : ruby (cve_2011_4815_denial_of)
High Nessus Plugin ID 80754
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. (CVE-2011-4815)
SolutionUpgrade to Solaris 11/11 SRU 6.6.