[RHSA-2011:0910] ruby security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to do system management tasks.
A flaw was found in the way large amounts of memory were allocated on
64-bit systems when using the BigDecimal class. A context-dependent
attacker could use this flaw to cause memory corruption, causing a Ruby
application that uses the BigDecimal class to crash or, possibly, execute
arbitrary code. This issue did not affect 32-bit systems. (CVE-2011-0188)
A race condition flaw was found in the remove system entries method in the
FileUtils module. If a local user ran a Ruby script that uses this method,
a local attacker could use this flaw to delete arbitrary files and
directories accessible to that user via a symbolic link attack.
(CVE-2011-1004)
A flaw was found in the method for translating an exception message into a
string in the Exception class. A remote attacker could use this flaw to
bypass safe level 4 restrictions, allowing untrusted (tainted) code to
modify arbitrary, trusted (untainted) strings, which safe level 4
restrictions would otherwise prevent. (CVE-2011-1005)
Red Hat would like to thank Drew Yao of Apple Product Security for
reporting the CVE-2011-0188 issue.
All Ruby users should upgrade to these updated packages, which contain
backported patches to resolve these issues.
- ID
- RHSA-2011:0910
- Severity
- moderate
- URL
- https://access.redhat.com/errata/RHSA-2011:0910
- Published
-
2011-06-28T00:00:00
(13 years ago) - Modified
-
2011-06-28T00:00:00
(13 years ago) - Rights
- Copyright 2011 Red Hat, Inc.
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 678913 | https://bugzilla.redhat.com/678913 | |
Bugzilla | 678920 | https://bugzilla.redhat.com/678920 | |
Bugzilla | 682332 | https://bugzilla.redhat.com/682332 | |
RHSA | RHSA-2011:0910 | https://access.redhat.com/errata/RHSA-2011:0910 | |
CVE | CVE-2011-0188 | https://access.redhat.com/security/cve/CVE-2011-0188 | |
CVE | CVE-2011-1004 | https://access.redhat.com/security/cve/CVE-2011-1004 | |
CVE | CVE-2011-1005 | https://access.redhat.com/security/cve/CVE-2011-1005 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/redhat/ruby?arch=x86_64&distro=redhat-6.1 | redhat | ruby | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | x86_64 | |
Affected | pkg:rpm/redhat/ruby?arch=s390x&distro=redhat-6.1 | redhat | ruby | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | s390x | |
Affected | pkg:rpm/redhat/ruby?arch=ppc64&distro=redhat-6.1 | redhat | ruby | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | ppc64 | |
Affected | pkg:rpm/redhat/ruby?arch=i686&distro=redhat-6.1 | redhat | ruby | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | i686 | |
Affected | pkg:rpm/redhat/ruby-tcltk?arch=x86_64&distro=redhat-6.1 | redhat | ruby-tcltk | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | x86_64 | |
Affected | pkg:rpm/redhat/ruby-tcltk?arch=s390x&distro=redhat-6.1 | redhat | ruby-tcltk | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | s390x | |
Affected | pkg:rpm/redhat/ruby-tcltk?arch=ppc64&distro=redhat-6.1 | redhat | ruby-tcltk | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | ppc64 | |
Affected | pkg:rpm/redhat/ruby-tcltk?arch=i686&distro=redhat-6.1 | redhat | ruby-tcltk | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | i686 | |
Affected | pkg:rpm/redhat/ruby-static?arch=x86_64&distro=redhat-6.1 | redhat | ruby-static | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | x86_64 | |
Affected | pkg:rpm/redhat/ruby-static?arch=s390x&distro=redhat-6.1 | redhat | ruby-static | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | s390x | |
Affected | pkg:rpm/redhat/ruby-static?arch=ppc64&distro=redhat-6.1 | redhat | ruby-static | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | ppc64 | |
Affected | pkg:rpm/redhat/ruby-static?arch=i686&distro=redhat-6.1 | redhat | ruby-static | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | i686 | |
Affected | pkg:rpm/redhat/ruby-ri?arch=x86_64&distro=redhat-6.1 | redhat | ruby-ri | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | x86_64 | |
Affected | pkg:rpm/redhat/ruby-ri?arch=s390x&distro=redhat-6.1 | redhat | ruby-ri | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | s390x | |
Affected | pkg:rpm/redhat/ruby-ri?arch=ppc64&distro=redhat-6.1 | redhat | ruby-ri | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | ppc64 | |
Affected | pkg:rpm/redhat/ruby-ri?arch=i686&distro=redhat-6.1 | redhat | ruby-ri | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | i686 | |
Affected | pkg:rpm/redhat/ruby-rdoc?arch=x86_64&distro=redhat-6.1 | redhat | ruby-rdoc | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | x86_64 | |
Affected | pkg:rpm/redhat/ruby-rdoc?arch=s390x&distro=redhat-6.1 | redhat | ruby-rdoc | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | s390x | |
Affected | pkg:rpm/redhat/ruby-rdoc?arch=ppc64&distro=redhat-6.1 | redhat | ruby-rdoc | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | ppc64 | |
Affected | pkg:rpm/redhat/ruby-rdoc?arch=i686&distro=redhat-6.1 | redhat | ruby-rdoc | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | i686 | |
Affected | pkg:rpm/redhat/ruby-libs?arch=x86_64&distro=redhat-6.1 | redhat | ruby-libs | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | x86_64 | |
Affected | pkg:rpm/redhat/ruby-libs?arch=s390x&distro=redhat-6.1 | redhat | ruby-libs | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | s390x | |
Affected | pkg:rpm/redhat/ruby-libs?arch=s390&distro=redhat-6.1 | redhat | ruby-libs | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | s390 | |
Affected | pkg:rpm/redhat/ruby-libs?arch=ppc64&distro=redhat-6.1 | redhat | ruby-libs | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | ppc64 | |
Affected | pkg:rpm/redhat/ruby-libs?arch=ppc&distro=redhat-6.1 | redhat | ruby-libs | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | ppc | |
Affected | pkg:rpm/redhat/ruby-libs?arch=i686&distro=redhat-6.1 | redhat | ruby-libs | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | i686 | |
Affected | pkg:rpm/redhat/ruby-irb?arch=x86_64&distro=redhat-6.1 | redhat | ruby-irb | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | x86_64 | |
Affected | pkg:rpm/redhat/ruby-irb?arch=s390x&distro=redhat-6.1 | redhat | ruby-irb | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | s390x | |
Affected | pkg:rpm/redhat/ruby-irb?arch=ppc64&distro=redhat-6.1 | redhat | ruby-irb | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | ppc64 | |
Affected | pkg:rpm/redhat/ruby-irb?arch=i686&distro=redhat-6.1 | redhat | ruby-irb | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | i686 | |
Affected | pkg:rpm/redhat/ruby-docs?arch=x86_64&distro=redhat-6.1 | redhat | ruby-docs | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | x86_64 | |
Affected | pkg:rpm/redhat/ruby-docs?arch=s390x&distro=redhat-6.1 | redhat | ruby-docs | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | s390x | |
Affected | pkg:rpm/redhat/ruby-docs?arch=ppc64&distro=redhat-6.1 | redhat | ruby-docs | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | ppc64 | |
Affected | pkg:rpm/redhat/ruby-docs?arch=i686&distro=redhat-6.1 | redhat | ruby-docs | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | i686 | |
Affected | pkg:rpm/redhat/ruby-devel?arch=x86_64&distro=redhat-6.1 | redhat | ruby-devel | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | x86_64 | |
Affected | pkg:rpm/redhat/ruby-devel?arch=s390x&distro=redhat-6.1 | redhat | ruby-devel | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | s390x | |
Affected | pkg:rpm/redhat/ruby-devel?arch=s390&distro=redhat-6.1 | redhat | ruby-devel | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | s390 | |
Affected | pkg:rpm/redhat/ruby-devel?arch=ppc64&distro=redhat-6.1 | redhat | ruby-devel | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | ppc64 | |
Affected | pkg:rpm/redhat/ruby-devel?arch=ppc&distro=redhat-6.1 | redhat | ruby-devel | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | ppc | |
Affected | pkg:rpm/redhat/ruby-devel?arch=i686&distro=redhat-6.1 | redhat | ruby-devel | < 1.8.7.299-7.el6_1.1 | redhat-6.1 | i686 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |