SuSE 10 Security Update : ruby (ZYPP Patch Number 8524)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.

Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

The ruby interpreter received a fix for two security issues :

- Ruby's $SAFE mechanism enables untrusted user codes to
run in $SAFE >= 4 mode. This is a kind of sandboxing so
some operations are restricted in that mode to protect
other data outside the sandbox. (CVE-2012-4466)

The problem found was around this mechanism.
Exception#to_s, NameError#to_s, and name_err_mesg_to_s()
interpreter-internal API was not correctly handling the
$SAFE bits so a String object which is not tainted can
destructively be marked as tainted using them. By using
this an untrusted code in a sandbox can modify a
formerly-untainted string destructively.

- Ruby before 1.8.7-p352 does not reset the random seed
upon forking, which makes it easier for
context-dependent attackers to predict the values of
random numbers by leveraging knowledge of the number
sequence obtained in a different child process.

- Fix entity expansion DoS vulnerability in REXML. When
reading text nodes from an XML document, the REXML
parser could be coerced into allocating extremely large
string objects which could consume all available memory
on the system. (CVE-2013-1821)

See also :

Solution :

Apply ZYPP patch number 8524.

Risk factor :

Medium / CVSS Base Score : 5.0

Family: SuSE Local Security Checks

Nessus Plugin ID: 65799 ()

Bugtraq ID:

CVE ID: CVE-2011-2686

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now