1. Home
  2. Security Advisories
  3. Fedora
  4. FEDORA-2011-1913

[FEDORA-2011-1913] Fedora 13: ruby

Severity Medium
Affected Packages 1
CVEs 3
Info Packages References Vulnerabilities

Two patches backported from 1.8.7 branch, for

  • Symlink race condition in FileUtils.remove_entry_secure

  • bypass of $SAFE mechanism in Exception#to_s

Package Affected Version
pkg:rpm/fedora/ruby?distro=fedora-13 < 1.8.6.420.2.fc13
ID
FEDORA-2011-1913
Severity
medium
Severity from
CVE-2011-1004
URL
https://bodhi.fedoraproject.org/updates/FEDORA-2011-1913
Published
2011-03-02T01:46:19
(13 years ago)
Modified
2011-03-02T01:46:19
(13 years ago)
Rights
Copyright 2011 Red Hat, Inc.
Other Advisories
Source # ID Name URL
Bugzilla 678920 Bug #678920 - CVE-2011-1005 Ruby: Untrusted codes able to modify arbitrary strings https://bugzilla.redhat.com/show_bug.cgi?id=678920
Bugzilla 678913 Bug #678913 - CVE-2011-1004 Ruby: Symlink race condition by removing directory trees in fileutils module https://bugzilla.redhat.com/show_bug.cgi?id=678913
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/fedora/ruby?distro=fedora-13 fedora ruby < 1.8.6.420.2.fc13 fedora-13
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date