SUSE-SU-2013:0611-1: moderate: Security update for ruby

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Apr 3 12:09:44 MDT 2013


   SUSE Security Update: Security update for ruby
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:0611-1
Rating:             moderate
References:         #704409 #783525 #808137 
Cross-References:   CVE-2011-2686 CVE-2012-4522 CVE-2013-1821
                   
Affected Products:
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:


   The ruby interpreter received a fix for two security issues:

   *

   CVE-2012-4466: Ruby's $SAFE mechanism enables
   untrusted user codes to run in $SAFE >= 4 mode. This is a
   kind of sandboxing so some operations are restricted in
   that mode to protect other data outside the sandbox.

   The problem found was around this mechanism.
   Exception#to_s, NameError#to_s, and name_err_mesg_to_s()
   interpreter-internal API was not correctly handling the
   $SAFE bits so a String object which is not tainted can
   destructively be marked as tainted using them. By using
   this an untrusted code in a sandbox can modify a
   formerly-untainted string destructively.

   http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cv
   e-2012-4466/
   <http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-c
   ve-2012-4466/>

   *

   CVE-2011-2686: Ruby before 1.8.7-p352 does not reset
   the random seed upon forking, which makes it easier for
   context-dependent attackers to predict the values of random
   numbers by leveraging knowledge of the number sequence
   obtained in a different child process.

   *

   CVE-2013-1821: Fix entity expansion DoS vulnerability
   in REXML. When reading text nodes from an XML document, the
   REXML parser could be coerced into allocating extremely
   large string objects which could consume all available
   memory on the system.

   Security Issue references:

   * CVE-2012-4522
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4522
   >
   * CVE-2013-1821
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1821
   >
   * CVE-2011-2686
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2686
   >



Package List:

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      ruby-1.8.6.p369-0.14.1

   - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):

      ruby-1.8.6.p369-0.14.1
      ruby-devel-1.8.6.p369-0.14.1
      ruby-doc-html-1.8.6.p369-0.14.1
      ruby-doc-ri-1.8.6.p369-0.14.1
      ruby-examples-1.8.6.p369-0.14.1
      ruby-test-suite-1.8.6.p369-0.14.1
      ruby-tk-1.8.6.p369-0.14.1


References:

   http://support.novell.com/security/cve/CVE-2011-2686.html
   http://support.novell.com/security/cve/CVE-2012-4522.html
   http://support.novell.com/security/cve/CVE-2013-1821.html
   https://bugzilla.novell.com/704409
   https://bugzilla.novell.com/783525
   https://bugzilla.novell.com/808137
   http://download.novell.com/patch/finder/?keywords=4c9e95f258c3139c5c70de419c8f734b



More information about the sle-security-updates mailing list