Bug 169577

Summary: CAN-2005-2337 ruby safe-level mode bypass
Product: [Fedora] Fedora Reporter: Josh Bressers <bressers>
Component: rubyAssignee: Akira TAGOH <tagoh>
Status: CLOSED ERRATA QA Contact: Bill Huang <bhuang>
Severity: medium Docs Contact:
Priority: medium    
Version: 4Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/16904/
Whiteboard: impact=moderate,source=secunia,public=20050923
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-09-29 19:56:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Bressers 2005-09-29 19:55:03 UTC 
+++ This bug was initially created as a clone of Bug #169575 +++

Secunia has reported this issue:

A vulnerability has been reported in Ruby, which can be exploited by malicious
people to bypass certain security restrictions.

The vulnerability is due in an error in "eval.c" in enforcing safe-level
protections. This can be exploited to execute certain insecure methods.

-- Additional comment from bressers on 2005-09-29 15:49 EST --
Created an attachment (id=119436)
Patch from upstream
Comment 1 Josh Bressers 2005-09-29 19:56:53 UTC 
Sorry, it seems we're already running 1.8.3 in FC3 and FC4.