Bug 199543
| Summary: | ruby safe-level bypass | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Akira TAGOH <tagoh> | ||||
| Component: | ruby | Assignee: | Akira TAGOH <tagoh> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Bill Huang <bhuang> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | rawhide | CC: | security-response-team | ||||
| Target Milestone: | --- | Keywords: | Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2006-07-24 03:17:28 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 199545 | ||||||
| Attachments: |
|
||||||
Created attachment 132736 [details]
testcase
obviously .patch is a typo. it should be s/.patch/.rb/, but anyway ;) Fixed in: devel - 1.8.4-11.fc6 FC-5 - 1.8.4-8.fc5 FC-4 - 1.8.4-3.fc4 ruby-1.8.4-8.fc5 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report. |
Description of problem: A Vulneerability has been reported in Ruby, which can be exploited by malicious people to bypass certain security-level restrictions. Version-Release number of selected component (if applicable): all versions of Ruby, such as 1.6.x and 1.8.x without any exceptions. How reproducible: always Steps to Reproduce: 1.ruby alias_jvn83768862.patch 2. 3. Actual results: no exceptions. Expected results: $ ruby alias_jvn83768862.patch alias_jvn83768862.patch:9:in `p': calling insecure method: inspect (SecurityError) from alias_jvn83768862.patch:9 Additional info: thia affects to FC4 and FC5 as well.