Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » SUSE-2013:7386

Overview

Id SUSE-2013:7386
Name Novell SUSE 2013:7386 ruby security update for SLE 11 SP2 x86_64
Vendor Name novell
Product None
Content Type Critical Critical
Language(s)
Operating System(s) Linux 
Released On 21 Feb 2013 12:00:00

SUSE-2013:7386

Novell SUSE 2013:7386 ruby security update for SLE 11 SP2 x86_64

Vendor Name

novell

Product

None

Released On

21 Feb 2013 12:00:00

Url

http://www.novell.com/support/search.do?usemicrosite=true&searchString=5ac69a022ffa717bb70bba9bdcbc60ca

Description

LSAC(v2)
The ruby interpreter received a fix for a security issue: * CVE-2012-4466: Ruby's $SAFE mechanism enables untrusted user codes to run in $SAFE >= 4 mode. This is a kind of sandboxing so some operations are restricted in that mode to protect other data outside the sandbox. The problem found was around this mechanism. Exception#to_s, NameError#to_s, and name_err_mesg_to_s() interpreter-internal API was not correctly handling the $SAFE bits so a String object which is not tainted can destructively be marked as tainted using them. By using this an untrusted code in a sandbox can modify a formerly-untainted string destructively. http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/ Security Issue references: * CVE-2012-4522

Related Resources

Related Vulnerabilities

None

Related Patches

Superseded Patches

None


Last Updated: 27 May 2016 11:16:50