Originally, Common Vulnerabilities and Exposures assigned an identifier of CVE-2011-1005 to the following vulnerability: The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname. with the following upstream patch: [1] http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?revision=30903&view=revision Based on later upstream patch for different (CVE-2012-4464 and CVE-2012-4466) issues: [2] http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068 it was found that original upstream 1.8.x ruby patch for CVE-2011-1005 issue was not complete, when the NameError#to_s() method was used on / with Ruby objects (the test logic in 'test_to_s_taintness_propagation' test from [1] was actually reversed, so the test returned success also on still vulnerable instances). Acknowledgements: This issue was discovered by Vit Ondruch of Red Hat.
This issue affects the versions of the ruby package, as shipped with Red Hat Enterprise Linux 5 and 6. -- This issue did NOT affect the versions of the ruby package, as shipped with Fedora release of 16 (got updated already) and Fedora release of 17 (upstream ruby 1.9.x version was not affected by this).
CVE Request: http://www.openwall.com/lists/oss-security/2012/10/05/2
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:0129 https://rhn.redhat.com/errata/RHSA-2013-0129.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0612 https://rhn.redhat.com/errata/RHSA-2013-0612.html
Statement: (none)