Summary: | <dev-ruby/ruby_parser-3.1.2: incorrect temporary file usage (CVE-2013-0162) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ruby |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2013/02/22/5 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-02-22 14:00:51 UTC
CVE-2013-0162 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0162): The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. dev-ruby/ruby_parser-2.3.1-r1 is now masked for removal. No other affected versions are left. Vulnerable versions have been removed. Security, please vote. GLSA Vote: No GLSA vote: no. Closed as [noglsa]. |