Описание
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | ruby | Not affected | ||
| Red Hat Enterprise Linux 6 | ruby | Not affected | ||
| RHEL 6 Version of OpenShift Enterprise | graphviz | Fixed | RHSA-2013:0582 | 28.02.2013 |
| RHEL 6 Version of OpenShift Enterprise | openshift-console | Fixed | RHSA-2013:0582 | 28.02.2013 |
| RHEL 6 Version of OpenShift Enterprise | openshift-origin-broker | Fixed | RHSA-2013:0582 | 28.02.2013 |
| RHEL 6 Version of OpenShift Enterprise | openshift-origin-broker-util | Fixed | RHSA-2013:0582 | 28.02.2013 |
| RHEL 6 Version of OpenShift Enterprise | openshift-origin-cartridge-cron-1.4 | Fixed | RHSA-2013:0582 | 28.02.2013 |
| RHEL 6 Version of OpenShift Enterprise | openshift-origin-cartridge-diy-0.1 | Fixed | RHSA-2013:0582 | 28.02.2013 |
| RHEL 6 Version of OpenShift Enterprise | openshift-origin-cartridge-haproxy-1.4 | Fixed | RHSA-2013:0582 | 28.02.2013 |
| RHEL 6 Version of OpenShift Enterprise | openshift-origin-cartridge-jbosseap-6.0 | Fixed | RHSA-2013:0582 | 28.02.2013 |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS2
Связанные уязвимости
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 ...
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.
4.3 Medium
CVSS2