LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

ruby: two access restriction bypass flaws

Package(s):ruby1.9.1 CVE #(s):CVE-2012-4464 CVE-2012-4466
Created:October 11, 2012 Updated:November 5, 2012
Description:

From the Ubuntu advisory:

Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. (CVE-2012-4464, CVE-2012-4466)

Alerts:
Ubuntu USN-1602-1 2012-10-10
Ubuntu USN-1603-1 2012-10-10
Fedora FEDORA-2012-15395 2012-10-14
Fedora FEDORA-2012-15507 2012-10-14
Mageia MGASA-2012-0294 2012-10-14
Ubuntu USN-1614-1 2012-10-22
Ubuntu USN-1603-2 2012-10-22
openSUSE openSUSE-SU-2012:1443-1 2012-11-05
Red Hat RHSA-2013:0582-01 2013-02-28
openSUSE openSUSE-SU-2013:0376-1 2013-03-01
Mandriva MDVSA-2013:124 2013-04-10
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds