SUSE-SU-2013:0611-1: moderate: Security update for ruby
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Apr 3 12:09:44 MDT 2013
SUSE Security Update: Security update for ruby
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:0611-1
Rating: moderate
References: #704409 #783525 #808137
Cross-References: CVE-2011-2686 CVE-2012-4522 CVE-2013-1821
Affected Products:
SUSE Linux Enterprise Desktop 10 SP4
SLE SDK 10 SP4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
The ruby interpreter received a fix for two security issues:
*
CVE-2012-4466: Ruby's $SAFE mechanism enables
untrusted user codes to run in $SAFE >= 4 mode. This is a
kind of sandboxing so some operations are restricted in
that mode to protect other data outside the sandbox.
The problem found was around this mechanism.
Exception#to_s, NameError#to_s, and name_err_mesg_to_s()
interpreter-internal API was not correctly handling the
$SAFE bits so a String object which is not tainted can
destructively be marked as tainted using them. By using
this an untrusted code in a sandbox can modify a
formerly-untainted string destructively.
http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cv
e-2012-4466/
<http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-c
ve-2012-4466/>
*
CVE-2011-2686: Ruby before 1.8.7-p352 does not reset
the random seed upon forking, which makes it easier for
context-dependent attackers to predict the values of random
numbers by leveraging knowledge of the number sequence
obtained in a different child process.
*
CVE-2013-1821: Fix entity expansion DoS vulnerability
in REXML. When reading text nodes from an XML document, the
REXML parser could be coerced into allocating extremely
large string objects which could consume all available
memory on the system.
Security Issue references:
* CVE-2012-4522
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4522
>
* CVE-2013-1821
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1821
>
* CVE-2011-2686
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2686
>
Package List:
- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):
ruby-1.8.6.p369-0.14.1
- SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):
ruby-1.8.6.p369-0.14.1
ruby-devel-1.8.6.p369-0.14.1
ruby-doc-html-1.8.6.p369-0.14.1
ruby-doc-ri-1.8.6.p369-0.14.1
ruby-examples-1.8.6.p369-0.14.1
ruby-test-suite-1.8.6.p369-0.14.1
ruby-tk-1.8.6.p369-0.14.1
References:
http://support.novell.com/security/cve/CVE-2011-2686.html
http://support.novell.com/security/cve/CVE-2012-4522.html
http://support.novell.com/security/cve/CVE-2013-1821.html
https://bugzilla.novell.com/704409
https://bugzilla.novell.com/783525
https://bugzilla.novell.com/808137
http://download.novell.com/patch/finder/?keywords=4c9e95f258c3139c5c70de419c8f734b
More information about the sle-security-updates
mailing list