SuSE 10 Security Update : ruby (ZYPP Patch Number 8524)
Medium Nessus Plugin ID 65799
SynopsisThe remote SuSE 10 host is missing a security-related patch.
DescriptionThe ruby interpreter received a fix for two security issues :
- Ruby's $SAFE mechanism enables untrusted user codes to run in $SAFE >= 4 mode. This is a kind of sandboxing so some operations are restricted in that mode to protect other data outside the sandbox. (CVE-2012-4466)
The problem found was around this mechanism.
Exception#to_s, NameError#to_s, and name_err_mesg_to_s() interpreter-internal API was not correctly handling the $SAFE bits so a String object which is not tainted can destructively be marked as tainted using them. By using this an untrusted code in a sandbox can modify a formerly-untainted string destructively.
- Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process.
- Fix entity expansion DoS vulnerability in REXML. When reading text nodes from an XML document, the REXML parser could be coerced into allocating extremely large string objects which could consume all available memory on the system. (CVE-2013-1821)
SolutionApply ZYPP patch number 8524.