| |||||||||||||||||||
Mageia alert MGASA-2013-0155 (ruby)
MGASA-2013-0155 Date: May 25th, 2013 Affected releases: 3 Media: Core Description: Updated ruby packages fix security vulnerability: Vulnerability in DL and Fiddle in Ruby before 1.9.3p429 where tainted strings can be used by system calls regardless of the $SAFE level set in Ruby. Native functions exposed to Ruby with DL or Fiddle do not check the taint values set on the objects passed in. This can result in tainted objects being accepted as input when a SecurityError exception should be raised (CVE-2013-2065). Updated Packages: i586: libruby1.9-1.9.3.p429-1.mga3.i586.rpm ruby-1.9.3.p429-1.mga3.i586.rpm ruby-devel-1.9.3.p429-1.mga3.i586.rpm ruby-doc-1.9.3.p429-1.mga3.noarch.rpm ruby-irb-1.9.3.p429-1.mga3.noarch.rpm ruby-tk-1.9.3.p429-1.mga3.i586.rpm ruby-debuginfo-1.9.3.p429-1.mga3.i586.rpm x86_64: lib64ruby1.9-1.9.3.p429-1.mga3.x86_64.rpm ruby-1.9.3.p429-1.mga3.x86_64.rpm ruby-devel-1.9.3.p429-1.mga3.x86_64.rpm ruby-doc-1.9.3.p429-1.mga3.noarch.rpm ruby-irb-1.9.3.p429-1.mga3.noarch.rpm ruby-tk-1.9.3.p429-1.mga3.x86_64.rpm ruby-debuginfo-1.9.3.p429-1.mga3.x86_64.rpm SRPMS: ruby-1.9.3.p429-1.mga3.src.rpm References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2065 http://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-... https://bugs.mageia.org/show_bug.cgi?id=10135 (Log in to post comments)
|
|||||||||||||||||||