| Summary: | <dev-lang/ruby-{1.8.7_p371,1.9.3_p392}: safe level bypass (CVE-2012-{4464,4466}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Hans de Graaff <graaff> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689075 | ||
| Whiteboard: | A4 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 437366, 458776 | ||
| Bug Blocks: | |||
|
Description
Hans de Graaff
2012-10-05 08:21:57 UTC
CVE request and assignment: http://www.openwall.com/lists/oss-security/2012/10/03/9 dev-lang/ruby-1.9.3_p286 with a fix for this is now in the tree. (In reply to comment #2) > dev-lang/ruby-1.9.3_p286 with a fix for this is now in the tree. Thanks. For the 1.8 slot, this should be fixed in 1.8.7-p371. Could you please bump that slot too (preferably with a version that also satisfies bug 437366)? GLSA vote: yes. CVE-2012-4466 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4466): Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005. CVE-2012-4464 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4464): Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression. GLSA vote: no. GLSA vote: no Closing as noglsa |