950930 – (CVE-2013-1945) CVE-2013-1945 ruby193: insecure LD_LIBRARY_PATH setting

Bug 950930 (CVE-2013-1945) - CVE-2013-1945 ruby193: insecure LD_LIBRARY_PATH setting

Summary: CVE-2013-1945 ruby193: insecure LD_LIBRARY_PATH setting

Keywords:
Status:	CLOSED DEFERRED
Alias:	CVE-2013-1945
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	949031
Blocks:	950932
TreeView+	depends on / blocked

Reported:	2013-04-11 08:31 UTC by Kurt Seifried
Modified:	2021-02-17 07:50 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-09-18 00:07:09 UTC
Embargoed:

Attachments	(Terms of Use)

Description Kurt Seifried 2013-04-11 08:31:05 UTC

Tomas Hoger (thoger) reports:

Description of problem:

$ grep LD_LIBRARY_PATH /opt/rh/ruby193/enable 
export LD_LIBRARY_PATH=/opt/rh/ruby193/root/usr/lib64:$LD_LIBRARY_PATH

$ touch libc.so.6

$ scl enable ruby193 bash
bash: error while loading shared libraries: libc.so.6: file too short

$ rpm -q ruby193-runtime 
ruby193-runtime-1-6.el6.x86_64

Comment 2 Kurt Seifried 2014-09-18 00:05:48 UTC

Statement:

This issue affects the versions of Ruby 193 as shipped with Red Hat OpenShift Enterprise 1. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Note You need to log in before you can comment on or make changes to this bug.