Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Jul 2015 14:39:59 +0200
From: Jan Rusnacko <jrusnack@...hat.com>
To: oss-security@...ts.openwall.com,
        Assign a CVE Identifier <cve-assign@...re.org>, security@...y-lang.org
Subject: Re: CVE request: Two ruby 'dl' vulnerabilities fixed
 in ruby-1.9.1-p129

On 07/28/2015 11:44 AM, Reed Loden wrote:
> * DL::Function#call could pass tainted arguments to a C function even if
> $SAFE > 0.
> https://github.com/ruby/ruby/commit/7269e3de3cee3bbb6ab77fc708f3a10cab00b65e
Could this be related to CVE-2013-2065 ?

https://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/
-- 
Jan Rusnacko, Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ