View Issue Details

IDProjectCategoryView StatusLast Update
0002864Kali LinuxKali Package Bugpublic2020-12-01 10:48
Reporterjustinsteven Assigned Torhertzog  
Status resolvedResolutionfixed 
Product Version2.0 
Fixed in Version2016.1 
Summary0002864: missing ruby-eventmachine patch, reportedly security-sensitive (select-related stack smashing)

Debian Jessie and Wheezy's ruby-eventmachine packages (1.0.3-6+b2 and 0.12.10-3 respectively) are missing patches for what is said by their upstream to be a remotely exploitable
security issue - see

The bug was fixed in which introduced a memory leak which was fixed in

We are seeing stack smashing occur in Kali's beef when configured to use IPv6. See

Kali Sana's ruby-eventmachine seems to be the same as that of Debian Jessie. Does it track Jessie, and will it automatically get an update from Debian? Alternatively, Debian Stretch's package seems to be patched, though I'm not sure if tracking it and attempting the version jump would break all the things.

An issue on the Debian BTS that is suspected to be related has been bumped - see

<[email protected]> has been pinged.




2015-11-24 07:48

reporter   ~0004270

Sorry, it got lost in my copy-paste-juggle-words that I believe the BeEF crashes are likely related to this eventmachine bug



2015-11-24 08:53

administrator   ~0004271

Note that the next version of Kali (based on kali-rolling) is based on testing/stretch so should have a correct version of ruby-eventmachine.

And for sana, it basically tracks jessie for security updates, so if the package gets updated in then it will reach as well.

Basically, I don't think we have to do anything right now. Just wait until the fix is merged into Debian.



2016-01-22 08:54

administrator   ~0004553

Kali Rolling 2016.1 has been released and has a newer ruby-eventmachine.

Issue History

Date Modified Username Field Change
2015-11-24 07:42 justinsteven New Issue
2015-11-24 07:48 justinsteven Note Added: 0004270
2015-11-24 08:53 rhertzog Note Added: 0004271
2015-12-04 22:29 alexhj451 Issue cloned: 0002900
2016-01-22 08:54 rhertzog Note Added: 0004553
2016-01-22 08:54 rhertzog Status new => resolved
2016-01-22 08:54 rhertzog Fixed in Version => 2016.1
2016-01-22 08:54 rhertzog Resolution open => fixed
2016-01-22 08:54 rhertzog Assigned To => rhertzog
2020-12-01 10:48 g0tmi1k Priority high => normal