Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 2 Oct 2012 15:32:15 -0700
From: Tyler Hicks <>
Subject: CVE Request: Ruby safe level bypasses

Hello - Upstream Ruby has fixed[1] exception methods that incorrectly
allowed safe level bypasses. These bypasses allowed untainted strings to
be modified by untrusted code in safe level 4.

Note that the changes to exc_to_s() and name_err_to_s(), in error.c, are
similar to the fix for CVE-2011-1005, but the Ruby advisory[2] made it
clear that Ruby 1.9.x was not affected by CVE-2011-1005. It turns out
that the vulnerability was later reintroduced to Ruby's trunk in
revision 29456. Ruby 1.9.3-p0 and later is affected.

While Shugo Maeda was fixing the issue above, he noticed that
name_err_mesg_to_str() had a similar flaw. Ruby 1.8.x, along with
1.9.3-p0 and later is affected.

I believe that these issues need two separate CVEs. Both issues are
fixed in the same upstream patch[1]. Could you please allocate ids?



Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ