A vulnerability was found on WEBrick, a part of Ruby's standard library. WEBrick lets attackers to inject malicious escape sequences to its logs, making it possible for dangerous control characters to be executed on a victim's terminal emulator.
Terminal escape sequences are used to allow various forms of interaction between a terminal and a inside process. The problem is that those sequences are not intended to be issued by untrusted sources; such as network inputs. So if a remote attacker could inject escape sequences into WEBrick logs, and a victim happen to consult them through his/her terminal, the attacker could take advantages of various weaknesses in terminal emulators.
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
ppc and ppc64 done
Stable for HPPA.
Removed vulnerable ebuilds, GLSA draft filed.
WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through
patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev
writes data to a log file without sanitizing non-printable
characters, which might allow remote attackers to modify a window's
title, or possibly execute arbitrary commands or overwrite files, via
an HTTP request containing an escape sequence for a terminal emulator.
GLSA 201001-09 for Ruby 1.8.x.
Ruby 1.9.1 is hardmasked and suffering from a regression that needs to be addressed. Keeping the bug open until it is fixed.
1.9.1-p376 is in the tree.
1.9.x is masked and was never stable. Closing.