Red Hat Bugzilla – Bug 199543
ruby safe-level bypass
Last modified: 2007-11-30 17:11:38 EST
Description of problem:
A Vulneerability has been reported in Ruby, which can be exploited by malicious
people to bypass certain security-level restrictions.
Version-Release number of selected component (if applicable):
all versions of Ruby, such as 1.6.x and 1.8.x without any exceptions.
Steps to Reproduce:
$ ruby alias_jvn83768862.patch
alias_jvn83768862.patch:9:in `p': calling insecure method: inspect (SecurityError)
thia affects to FC4 and FC5 as well.
Created attachment 132736 [details]
obviously .patch is a typo. it should be s/.patch/.rb/, but anyway ;)
devel - 1.8.4-11.fc6
FC-5 - 1.8.4-8.fc5
FC-4 - 1.8.4-3.fc4
ruby-1.8.4-8.fc5 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.