Christian Hofstaedtler

**Name of the Vulnerable Software and Affected Versions** Ruby versions prior to 2.0.0-p648 Ruby versions prior to 2.1.8 Ruby versions prior to 2.2.4 **Description** The issue arises from insufficient input validation in the Fiddle::Handle implementation, allowing a local attacker to execute arbitrary code or cause a denial of service via a specially crafted string related to the DL module and the libffi library. This vulnerability is a result of a regression of a previously fixed issue. **Recommendations** For Ruby versions prior to 2.0.0-p648, update to version 2.0.0-p648 or later. For Ruby versions prior to 2.1.8, update to version 2.1.8 or later. For Ruby versions prior to 2.2.4, update to version 2.2.4 or later.

**Name of the Vulnerable Software and Affected Versions** PowerDNS (aka pdns) Authoritative Server versions 3.4.4 through 3.4.6 **Description** The issue allows remote attackers to cause a denial of service, resulting in an assertion failure and server crash, via crafted query packets. **Recommendations** For PowerDNS (aka pdns) Authoritative Server versions 3.4.4 through 3.4.6, update to version 3.4.7 or later to resolve the issue.