[RHSA-2011:0910] ruby security update
Severity
Moderate
Affected Packages
40
CVEs
3
Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to do system management tasks.
A flaw was found in the way large amounts of memory were allocated on
64-bit systems when using the BigDecimal class. A context-dependent
attacker could use this flaw to cause memory corruption, causing a Ruby
application that uses the BigDecimal class to crash or, possibly, execute
arbitrary code. This issue did not affect 32-bit systems. (CVE-2011-0188)
A race condition flaw was found in the remove system entries method in the
FileUtils module. If a local user ran a Ruby script that uses this method,
a local attacker could use this flaw to delete arbitrary files and
directories accessible to that user via a symbolic link attack.
(CVE-2011-1004)
A flaw was found in the method for translating an exception message into a
string in the Exception class. A remote attacker could use this flaw to
bypass safe level 4 restrictions, allowing untrusted (tainted) code to
modify arbitrary, trusted (untainted) strings, which safe level 4
restrictions would otherwise prevent. (CVE-2011-1005)
Red Hat would like to thank Drew Yao of Apple Product Security for
reporting the CVE-2011-0188 issue.
All Ruby users should upgrade to these updated packages, which contain
backported patches to resolve these issues.
- ID
- RHSA-2011:0910
- Severity
- moderate
- URL
- https://access.redhat.com/errata/RHSA-2011:0910
- Published
-
2011-06-28T00:00:00
(13 years ago) - Modified
-
2011-06-28T00:00:00
(13 years ago) - Rights
- Copyright 2011 Red Hat, Inc.
- Other Advisories
ALAS-2013-173
ELSA-2011-0909
FEDORA-2011-1913
GLSA-201412-27
USN-1377-1| Source | # ID | Name | URL |
|---|---|---|---|
| Bugzilla | 678913 |
|
|
| Bugzilla | 678920 |
|
|
| Bugzilla | 682332 |
|
|
| RHSA | RHSA-2011:0910 |
|
|
| CVE | CVE-2011-0188 |
|
|
| CVE | CVE-2011-1004 |
|
|
| CVE | CVE-2011-1005 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/redhat/ruby?arch=x86_64&distro=redhat-6.1 | redhat |
 ruby
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | x86_64 | |
| Affected | pkg:rpm/redhat/ruby?arch=s390x&distro=redhat-6.1 | redhat |
ruby
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | s390x | |
| Affected | pkg:rpm/redhat/ruby?arch=ppc64&distro=redhat-6.1 | redhat |
ruby
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | ppc64 | |
| Affected | pkg:rpm/redhat/ruby?arch=i686&distro=redhat-6.1 | redhat |
ruby
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | i686 | |
| Affected | pkg:rpm/redhat/ruby-tcltk?arch=x86_64&distro=redhat-6.1 | redhat |
ruby-tcltk
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | x86_64 | |
| Affected | pkg:rpm/redhat/ruby-tcltk?arch=s390x&distro=redhat-6.1 | redhat |
ruby-tcltk
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | s390x | |
| Affected | pkg:rpm/redhat/ruby-tcltk?arch=ppc64&distro=redhat-6.1 | redhat |
ruby-tcltk
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | ppc64 | |
| Affected | pkg:rpm/redhat/ruby-tcltk?arch=i686&distro=redhat-6.1 | redhat |
ruby-tcltk
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | i686 | |
| Affected | pkg:rpm/redhat/ruby-static?arch=x86_64&distro=redhat-6.1 | redhat |
ruby-static
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | x86_64 | |
| Affected | pkg:rpm/redhat/ruby-static?arch=s390x&distro=redhat-6.1 | redhat |
ruby-static
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | s390x | |
| Affected | pkg:rpm/redhat/ruby-static?arch=ppc64&distro=redhat-6.1 | redhat |
ruby-static
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | ppc64 | |
| Affected | pkg:rpm/redhat/ruby-static?arch=i686&distro=redhat-6.1 | redhat |
ruby-static
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | i686 | |
| Affected | pkg:rpm/redhat/ruby-ri?arch=x86_64&distro=redhat-6.1 | redhat |
ruby-ri
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | x86_64 | |
| Affected | pkg:rpm/redhat/ruby-ri?arch=s390x&distro=redhat-6.1 | redhat |
ruby-ri
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | s390x | |
| Affected | pkg:rpm/redhat/ruby-ri?arch=ppc64&distro=redhat-6.1 | redhat |
ruby-ri
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | ppc64 | |
| Affected | pkg:rpm/redhat/ruby-ri?arch=i686&distro=redhat-6.1 | redhat |
ruby-ri
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | i686 | |
| Affected | pkg:rpm/redhat/ruby-rdoc?arch=x86_64&distro=redhat-6.1 | redhat |
ruby-rdoc
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | x86_64 | |
| Affected | pkg:rpm/redhat/ruby-rdoc?arch=s390x&distro=redhat-6.1 | redhat |
ruby-rdoc
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | s390x | |
| Affected | pkg:rpm/redhat/ruby-rdoc?arch=ppc64&distro=redhat-6.1 | redhat |
ruby-rdoc
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | ppc64 | |
| Affected | pkg:rpm/redhat/ruby-rdoc?arch=i686&distro=redhat-6.1 | redhat |
ruby-rdoc
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | i686 | |
| Affected | pkg:rpm/redhat/ruby-libs?arch=x86_64&distro=redhat-6.1 | redhat |
ruby-libs
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | x86_64 | |
| Affected | pkg:rpm/redhat/ruby-libs?arch=s390x&distro=redhat-6.1 | redhat |
ruby-libs
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | s390x | |
| Affected | pkg:rpm/redhat/ruby-libs?arch=s390&distro=redhat-6.1 | redhat |
ruby-libs
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | s390 | |
| Affected | pkg:rpm/redhat/ruby-libs?arch=ppc64&distro=redhat-6.1 | redhat |
ruby-libs
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | ppc64 | |
| Affected | pkg:rpm/redhat/ruby-libs?arch=ppc&distro=redhat-6.1 | redhat |
ruby-libs
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | ppc | |
| Affected | pkg:rpm/redhat/ruby-libs?arch=i686&distro=redhat-6.1 | redhat |
ruby-libs
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | i686 | |
| Affected | pkg:rpm/redhat/ruby-irb?arch=x86_64&distro=redhat-6.1 | redhat |
ruby-irb
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | x86_64 | |
| Affected | pkg:rpm/redhat/ruby-irb?arch=s390x&distro=redhat-6.1 | redhat |
ruby-irb
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | s390x | |
| Affected | pkg:rpm/redhat/ruby-irb?arch=ppc64&distro=redhat-6.1 | redhat |
ruby-irb
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | ppc64 | |
| Affected | pkg:rpm/redhat/ruby-irb?arch=i686&distro=redhat-6.1 | redhat |
ruby-irb
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | i686 | |
| Affected | pkg:rpm/redhat/ruby-docs?arch=x86_64&distro=redhat-6.1 | redhat |
ruby-docs
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | x86_64 | |
| Affected | pkg:rpm/redhat/ruby-docs?arch=s390x&distro=redhat-6.1 | redhat |
ruby-docs
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | s390x | |
| Affected | pkg:rpm/redhat/ruby-docs?arch=ppc64&distro=redhat-6.1 | redhat |
ruby-docs
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | ppc64 | |
| Affected | pkg:rpm/redhat/ruby-docs?arch=i686&distro=redhat-6.1 | redhat |
ruby-docs
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | i686 | |
| Affected | pkg:rpm/redhat/ruby-devel?arch=x86_64&distro=redhat-6.1 | redhat |
ruby-devel
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | x86_64 | |
| Affected | pkg:rpm/redhat/ruby-devel?arch=s390x&distro=redhat-6.1 | redhat |
ruby-devel
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | s390x | |
| Affected | pkg:rpm/redhat/ruby-devel?arch=s390&distro=redhat-6.1 | redhat |
ruby-devel
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | s390 | |
| Affected | pkg:rpm/redhat/ruby-devel?arch=ppc64&distro=redhat-6.1 | redhat |
ruby-devel
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | ppc64 | |
| Affected | pkg:rpm/redhat/ruby-devel?arch=ppc&distro=redhat-6.1 | redhat |
ruby-devel
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | ppc | |
| Affected | pkg:rpm/redhat/ruby-devel?arch=i686&distro=redhat-6.1 | redhat |
ruby-devel
|
< 1.8.7.299-7.el6_1.1 | redhat-6.1 | i686 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |