CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL

Asked Dec 21 '15 at 03:32

Active Dec 21 '15 at 03:32

Viewed 66 times

I saw this security announcement: https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/

But I could not figure out what is this "Fiddle" and whether my applications are affected. There is a gem called fiddle, but that's not very popular and seems abandoned.

What is "Fiddle" and how should I know if I need to upgrade?

asked Dec 21 '15 at 03:32

user3145800

http://ruby-doc.org/stdlib-2.2.4/libdoc/fiddle/rdoc/Fiddle.html – Michael Hampton Dec 21 '15 at 03:49
Thanks. So if I don't use Fiddle myself, then my applications are safe? Is Rails using fiddle? Or gems with native parts like nokogiri? – user3145800 Dec 21 '15 at 03:55
Now that you know what it is, you can easily reason about what gems are likely to be using it. But you ought to just be safe and update. – Michael Hampton Dec 21 '15 at 04:01

CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL

0 Answers0