LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

ruby: multiple vulnerabilities

Package(s):ruby CVE #(s):CVE-2011-1004 CVE-2011-1005
Created:February 28, 2011 Updated:March 8, 2013
Description: From the Pardus advisory:

A symlink race condition vulnerability was found in FileUtils.remove_entry_secure. The vulnerability allows local users to delete arbitrary files and directories. (CVE-2011-1004)

Exception#to_s method can be used to trick $SAFE check, which makes a untrusted codes to modify arbitrary strings. (CVE-2011-1005)

Alerts:
CentOS CESA-2011:0908 2011-08-14
CentOS CESA-2011:0909 2011-06-30
Scientific Linux SL-ruby-20110628 2011-06-28
Scientific Linux SL-ruby-20110628 2011-06-28
Red Hat RHSA-2011:0910-01 2011-06-28
Red Hat RHSA-2011:0909-01 2011-06-28
Scientific Linux SL-ruby-20110628 2011-06-28
Red Hat RHSA-2011:0908-01 2011-06-28
openSUSE openSUSE-SU-2011:0561-1 2011-05-31
Fedora FEDORA-2011-1913 2011-02-21
Pardus 2011-49 2011-02-28
Mandriva MDVSA-2011:098 2011-05-23
Mandriva MDVSA-2011:097 2011-05-23
Ubuntu USN-1377-1 2012-02-27
Ubuntu USN-1583-1 2012-09-25
Fedora FEDORA-2012-15507 2012-10-14
Scientific Linux SL-ruby-20130307 2013-03-07
CentOS CESA-2013:0612 2013-03-09
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds