CVEs affecting projects tracked on Release Alert, from NVD & OSV.
CVE-2015-7551 — MEDIUM severity vulnerability | Release Alert
CVE-2015-7551
4.6
MEDIUMCVSS v2
Published
March 24, 2016
Affected
4 projects
Assigned by
Red Hat
Severity scale
010
Description
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.
ChocolateyRuby is a dynamic, open source programming language focusing on simplicity and productivity. It has an elegant syntax that is natural to read and easy to write.
This package provides a self-contained [Windows-based installer](https://rubyinstaller.org) that includes the Ruby language, an execution environment, important documentation, and more.
## Package Parameters
- `/InstallDir` - Ruby installation directory, by default `c:\tools\RubyXY` where XY are major and minor version parts.
- `/NoPath` - Do not add ruby bin folder to machine PATH.
Example: `choco install ruby --package-parameters="'/NoPath ""/InstallDir:C:\your\install\path""'"`
## Notes
- To install ruby development kit ruby installer provides `ridk` command. It provides an easy way to install msys2 via `ridk install 1`, however, the installation is interactive. To accomplish unattended install, use [msys2](https://chocolatey.org/packages/msys2) package.