FreeBSD : ruby -- Object taint bypassing in DL and Fiddle in Ruby (79789daa-8af8-4e21-a47f-e8a645752bdb)
Medium Nessus Plugin ID 66632
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionRuby Developers report :
There is a vulnerability in DL and Fiddle in Ruby where tainted strings can be used by system calls regardless of the $SAFE level set in Ruby.
Native functions exposed to Ruby with DL or Fiddle do not check the taint values set on the objects passed in. This can result in tainted objects being accepted as input when a SecurityError exception should be raised.
SolutionUpdate the affected package.