SuSE 10 Security Update : ruby (ZYPP Patch Number 8524)

medium Nessus Plugin ID 65799


The remote SuSE 10 host is missing a security-related patch.


The ruby interpreter received a fix for two security issues :

- Ruby's $SAFE mechanism enables untrusted user codes to run in $SAFE >= 4 mode. This is a kind of sandboxing so some operations are restricted in that mode to protect other data outside the sandbox. (CVE-2012-4466)

The problem found was around this mechanism.
Exception#to_s, NameError#to_s, and name_err_mesg_to_s() interpreter-internal API was not correctly handling the $SAFE bits so a String object which is not tainted can destructively be marked as tainted using them. By using this an untrusted code in a sandbox can modify a formerly-untainted string destructively. 4-cve-2012-4466/

- Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process.

- Fix entity expansion DoS vulnerability in REXML. When reading text nodes from an XML document, the REXML parser could be coerced into allocating extremely large string objects which could consume all available memory on the system. (CVE-2013-1821)


Apply ZYPP patch number 8524.

See Also

Plugin Details

Severity: Medium

ID: 65799

File Name: suse_ruby-8524.nasl

Version: 1.6

Type: local

Agent: unix

Published: 4/4/2013

Updated: 1/19/2021

Supported Sensors: Nessus Agent

Risk Information


Risk Factor: Low

Score: 3.7


Risk Factor: Medium

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 3/26/2013

Vulnerability Publication Date: 8/5/2011

Reference Information

CVE: CVE-2011-2686, CVE-2012-4464, CVE-2012-4466, CVE-2012-4522, CVE-2013-1821