169577 – CAN-2005-2337 ruby safe-level mode bypass

Bug 169577 - CAN-2005-2337 ruby safe-level mode bypass

Summary: CAN-2005-2337 ruby safe-level mode bypass

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	ruby
Sub Component:
Version:	4
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Akira TAGOH
QA Contact:	Bill Huang
Docs Contact:
URL:	http://secunia.com/advisories/16904/
Whiteboard:	impact=moderate,source=secunia,public...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-09-29 19:55 UTC by Josh Bressers
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-09-29 19:56:53 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Josh Bressers 2005-09-29 19:55:03 UTC

+++ This bug was initially created as a clone of Bug #169575 +++

Secunia has reported this issue:

A vulnerability has been reported in Ruby, which can be exploited by malicious
people to bypass certain security restrictions.

The vulnerability is due in an error in "eval.c" in enforcing safe-level
protections. This can be exploited to execute certain insecure methods.

-- Additional comment from bressers on 2005-09-29 15:49 EST --
Created an attachment (id=119436)
Patch from upstream

Comment 1 Josh Bressers 2005-09-29 19:56:53 UTC

Sorry, it seems we're already running 1.8.3 in FC3 and FC4.

Note You need to log in before you can comment on or make changes to this bug.