Bug 962035 (CVE-2013-2065)
Summary: | CVE-2013-2065 Ruby: Object taint bypassing in DL and Fiddle | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||
Severity: | low | Docs Contact: | |||||||
Priority: | low | ||||||||
Version: | unspecified | CC: | bkabrda, bleanhar, ccoleman, dmcphers, drieden, jdetiber, jialiu, jkurik, jstribny, kseifried, lmeyer, mmaslano, mmcgrath, mmorsi, mtasaka, nobody+bgollahe, ohadlevy, security-response-team, tagoh, tdawson, vanmeeuwen+fedora, vondruch | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2014-06-25 07:50:03 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 962862, 963988, 963989, 963990 | ||||||||
Bug Blocks: | 948853 | ||||||||
Attachments: |
|
Description
Kurt Seifried
2013-05-11 05:03:41 UTC
Created attachment 746494 [details]
1-9-fiddle-tainting-CVE-2013-2065.patch
Created attachment 746495 [details]
2-0-fiddle-tainting-CVE-2013-2065.patch
External References: http://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/ Created ruby tracking bugs for this issue Affects: fedora-all [bug 962862] Vulnerable versions are: * All ruby 1.9 versions prior to ruby 1.9.3 patchlevel 426 * All ruby 2.0 versions prior to ruby 2.0.0 patchlevel 195 * prior to trunk revision 40728 Non vulnerable versions are: * ruby 1.8 versions are not affected. ruby-2.0.0.195-8.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. Acknowledgements: This issue was discovered by Vit Ondruch of Red Hat. Statement: (none) |