| |||||||||||||||||||
Pardus alert 2011-49 (ruby ruby-mode)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-49 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-02-28 Severity: 3 Type: Local ------------------------------------------------------------------------ Summary ======= Multiple vulnerabilities have been fixed in ruby. Description =========== CVE-2011-1004: A symlink race condition vulnerability was found in FileUtils.remove_entry_secure. The vulnerability allows local users to delete arbitrary files and directories. CVE-2011-1005: Exception#to_s method can be used to trick $SAFE check, which makes a untrusted codes to modify arbitrary strings. Affected packages: Pardus 2009: ruby, all before 1.8.7_p334-24-7 ruby-mode, all before 1.8.7_p334-24-3 Resolution ========== There are update(s) for ruby, ruby-mode. You can update them via Package Manager or with a single command from console: pisi up ruby ruby-mode References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=17053 * http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-... symlink-race-attacks/ * http://www.ruby-lang.org/en/news/2011/02/18/exception-met... safe/ ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||