This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
It was found that certain methods did not sanitize file names before
passing them to lower layer routines in Ruby. If a Ruby application
created files with names based on untrusted input, it could result in
the creation of files with different names than expected.
It was found that the SLSA-2011:0909 update did not correctly fix the
CVE-2011-1005 issue, a flaw in the method for translating an exception
message into a string in the Exception class. A remote attacker could
use this flaw to bypass safe level 4 restrictions, allowing untrusted
(tainted) code to modify arbitrary, trusted (untainted) strings, which
safe level 4 restrictions would otherwise prevent. (CVE-2012-4481)
This update also fixes the following bug :
- Prior to this update, the 'rb_syck_mktime' option could,
under certain circumstances, terminate with a
segmentation fault when installing libraries with
certain gems. This update modifies the underlying code
so that Ruby gems can be installed as expected.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0