LWN.net Logo

ruby: object taint bypassing

Package(s):ruby CVE #(s):CVE-2013-2065
Created:May 17, 2013 Updated:May 30, 2013
Description:

From the Ruby advisory:

There is a vulnerability in DL and Fiddle in Ruby where tainted strings can be used by system calls regardless of the $SAFE level set in Ruby.

Alerts:
Slackware SSA:2013-136-02 2013-05-16
Mageia MGASA-2013-0155 2013-05-25
Fedora FEDORA-2013-8375 2013-05-30
Fedora FEDORA-2013-8411 2013-05-30

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds