Red Hat Bugzilla – Bug 199545
CVE-2006-3694 ruby safe-level bypass
Last modified: 2007-11-30 17:07:26 EST
+++ This bug was initially created as a clone of Bug #199543 +++
Description of problem:
A Vulneerability has been reported in Ruby, which can be exploited by malicious
people to bypass certain security-level restrictions.
Version-Release number of selected component (if applicable):
all versions of Ruby, such as 1.6.x and 1.8.x without any exceptions.
Steps to Reproduce:
$ ruby alias_jvn83768862.patch
alias_jvn83768862.patch:9:in `p': calling insecure method: inspect (SecurityError)
thia affects to RHEL2.1, 3 and 4 as well.
-- Additional comment from firstname.lastname@example.org on 2006-07-20 05:47 EST --
Created an attachment (id=132736)
Fixed packages has been built.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.