Amazon Linux AMI : ruby19 (ALAS-2013-229)
medium Nessus Plugin ID 70233
Language:
Synopsis
The remote Amazon Linux AMI host is missing a security update.Description
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.Solution
Run 'yum update ruby19' to update your system.See Also
Plugin Details
Severity: Medium
ID: 70233
File Name: ala_ALAS-2013-229.nasl
Version: 1.6
Type: local
Agent: unix
Published: 10/1/2013
Updated: 4/18/2018
Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent
Risk Information
VPR
Risk Factor: Low
Score: 3.7
CVSS v2
Risk Factor: Medium
Base Score: 6.4
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Vulnerability Information
CPE: p-cpe:/a:amazon:linux:ruby19, p-cpe:/a:amazon:linux:ruby19-debuginfo, p-cpe:/a:amazon:linux:ruby19-devel, p-cpe:/a:amazon:linux:ruby19-doc, p-cpe:/a:amazon:linux:ruby19-irb, p-cpe:/a:amazon:linux:ruby19-libs, p-cpe:/a:amazon:linux:rubygem19-bigdecimal, p-cpe:/a:amazon:linux:rubygem19-io-console, p-cpe:/a:amazon:linux:rubygem19-json, p-cpe:/a:amazon:linux:rubygem19-minitest, p-cpe:/a:amazon:linux:rubygem19-rake, p-cpe:/a:amazon:linux:rubygem19-rdoc, p-cpe:/a:amazon:linux:rubygems19, p-cpe:/a:amazon:linux:rubygems19-devel, cpe:/o:amazon:linux
Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list
Patch Publication Date: 9/26/2013
Reference Information
CVE: CVE-2013-2065
ALAS: 2013-229