Описание
ELSA-2013-0129: ruby security and bug fix update (MODERATE)
[1.8.5-27]
- unintentional file creation caused by inserting an illegal NUL character
- ruby-1.8.6-CVE-2012-4522-io.c-pipe_open-command-name-should-not-contain-null-.patch
- Related: rhbz#867750
[1.8.5-26]
- escaping vulnerability about Exception#to_s / NameError#to_s
- ruby-1.8.7-p371-CVE-2012-4481.patch
- Resolves: rhbz#867750
- unintentional file creation caused by inserting an illegal NUL character
- ruby-1.8.6-CVE-2012-4522-io.c-rb_open_file-should-check-NUL-in-path.patch
- Resolves: rhbz#867750
[1.8.5-25]
- Resolve buffer overflow causing gem installation issues.
- ruby-1.8.7-syck-avoid-buffer-overflow.patch
- Resolves: rhbz#834381
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
ruby
1.8.5-27.el5
ruby-devel
1.8.5-27.el5
ruby-docs
1.8.5-27.el5
ruby-irb
1.8.5-27.el5
ruby-libs
1.8.5-27.el5
ruby-mode
1.8.5-27.el5
ruby-rdoc
1.8.5-27.el5
ruby-ri
1.8.5-27.el5
ruby-tcltk
1.8.5-27.el5
Oracle Linux x86_64
ruby
1.8.5-27.el5
ruby-devel
1.8.5-27.el5
ruby-docs
1.8.5-27.el5
ruby-irb
1.8.5-27.el5
ruby-libs
1.8.5-27.el5
ruby-mode
1.8.5-27.el5
ruby-rdoc
1.8.5-27.el5
ruby-ri
1.8.5-27.el5
ruby-tcltk
1.8.5-27.el5
Oracle Linux i386
ruby
1.8.5-27.el5
ruby-devel
1.8.5-27.el5
ruby-docs
1.8.5-27.el5
ruby-irb
1.8.5-27.el5
ruby-libs
1.8.5-27.el5
ruby-mode
1.8.5-27.el5
ruby-rdoc
1.8.5-27.el5
ruby-ri
1.8.5-27.el5
ruby-tcltk
1.8.5-27.el5
Связанные CVE
Связанные уязвимости
The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.
The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.
The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.
The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlev ...
The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.