View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0002864||Kali Linux||Kali Package Bug||public||2015-11-24 07:42||2020-12-01 10:48|
|Fixed in Version||2016.1|
|Summary||0002864: missing ruby-eventmachine patch, reportedly security-sensitive (select-related stack smashing)|
Debian Jessie and Wheezy's ruby-eventmachine packages (1.0.3-6+b2 and 0.12.10-3 respectively) are missing patches for what is said by their upstream to be a remotely exploitable
The bug was fixed in https://github.com/eventmachine/eventmachine/pull/502 which introduced a memory leak which was fixed in
We are seeing stack smashing occur in Kali's beef when configured to use IPv6. See https://github.com/beefproject/beef/issues/1187
Kali Sana's ruby-eventmachine seems to be the same as that of Debian Jessie. Does it track Jessie, and will it automatically get an update from Debian? Alternatively, Debian Stretch's package seems to be patched, though I'm not sure if tracking it and attempting the version jump would break all the things.
An issue on the Debian BTS that is suspected to be related has been bumped - see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678512#26
<[email protected]> has been pinged.
Sorry, it got lost in my copy-paste-juggle-words that I believe the BeEF crashes are likely related to this eventmachine bug
Note that the next version of Kali (based on kali-rolling) is based on testing/stretch so should have a correct version of ruby-eventmachine.
And for sana, it basically tracks jessie for security updates, so if the package gets updated in security.debian.org then it will reach security.kali.org as well.
Basically, I don't think we have to do anything right now. Just wait until the fix is merged into Debian.
Kali Rolling 2016.1 has been released and has a newer ruby-eventmachine.
|2015-11-24 07:42||justinsteven||New Issue|
|2015-11-24 07:48||justinsteven||Note Added: 0004270|
|2015-11-24 08:53||rhertzog||Note Added: 0004271|
||Issue cloned: 0002900|
|2016-01-22 08:54||rhertzog||Note Added: 0004553|
|2016-01-22 08:54||rhertzog||Status||new => resolved|
|2016-01-22 08:54||rhertzog||Fixed in Version||=> 2016.1|
|2016-01-22 08:54||rhertzog||Resolution||open => fixed|
|2016-01-22 08:54||rhertzog||Assigned To||=> rhertzog|
|2020-12-01 10:48||g0tmi1k||Priority||high => normal|