Bug 865940 (CVE-2012-4522)
Summary: | CVE-2012-4522 ruby: unintentional file creation caused by inserting an illegal NUL character | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bkabrda, isenfeld, jrusnack, mfisher, mmcgrath, mmorsi, mtasaka, tagoh, vanmeeuwen+fedora, vondruch |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | ruby 1.9.3p286 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-09-19 05:09:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 866567, 867750, 904022, 988686 | ||
Bug Blocks: | 816611, 865943 |
Description
Vincent Danen
2012-10-12 21:02:29 UTC
This was assigned the name CVE-2012-4522: http://seclists.org/oss-sec/2012/q4/72 Created ruby tracking bugs for this issue Affects: fedora-all [bug 866567] ruby-1.9.3.286-19.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. This issue did not affect the version of ruby as shipped with Fedora-16. This issue was fixed in Fedora-17, via the following security advisory: https://admin.fedoraproject.org/updates/FEDORA-2012-16086/ruby-1.9.3.286-18.fc17 ruby-1.9.3.286-18.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:0129 https://rhn.redhat.com/errata/RHSA-2013-0129.html Statement: This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 6. This issue has been addressed in following products: RHEL 6 Version of OpenShift Enterprise Via RHSA-2013:0582 https://rhn.redhat.com/errata/RHSA-2013-0582.html |