SuSE 10 Security Update : ruby (ZYPP Patch Number 8524)

Medium Nessus Plugin ID 65799


The remote SuSE 10 host is missing a security-related patch.


The ruby interpreter received a fix for two security issues :

- Ruby's $SAFE mechanism enables untrusted user codes to run in $SAFE >= 4 mode. This is a kind of sandboxing so some operations are restricted in that mode to protect other data outside the sandbox. (CVE-2012-4466)

The problem found was around this mechanism.
Exception#to_s, NameError#to_s, and name_err_mesg_to_s() interpreter-internal API was not correctly handling the $SAFE bits so a String object which is not tainted can destructively be marked as tainted using them. By using this an untrusted code in a sandbox can modify a formerly-untainted string destructively. 4-cve-2012-4466/

- Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process.

- Fix entity expansion DoS vulnerability in REXML. When reading text nodes from an XML document, the REXML parser could be coerced into allocating extremely large string objects which could consume all available memory on the system. (CVE-2013-1821)


Apply ZYPP patch number 8524.

See Also

Plugin Details

Severity: Medium

ID: 65799

File Name: suse_ruby-8524.nasl

Version: $Revision: 1.3 $

Type: local

Agent: unix

Published: 2013/04/04

Modified: 2014/05/22

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2013/03/26

Reference Information

CVE: CVE-2011-2686, CVE-2012-4464, CVE-2012-4466, CVE-2013-1821