MGASA-2012-0294
Date: | October 14th, 2012 |
Affected releases: | 1, 2 |
Description:
Updated ruby packages fix security vulnerabilities:
Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed
untainted strings to be modified in protective safe levels. An attacker
could use this flaw to bypass intended access restrictions.
(CVE-2012-4466, CVE-2012-4481)
Updated Packages:
Mageia 1:
ruby-1.8.7.p357-1.1.mga1
ruby-doc-1.8.7.p357-1.1.mga1
ruby-devel-1.8.7.p357-1.1.mga1
ruby-tk-1.8.7.p357-1.1.mga1
Mageia 2:
ruby-1.8.7.p358-1.1.mga2
ruby-doc-1.8.7.p358-1.1.mga2
ruby-devel-1.8.7.p358-1.1.mga2
ruby-tk-1.8.7.p358-1.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4481
http://www.ubuntu.com/usn/usn-1603-1/
https://bugs.mageia.org/show_bug.cgi?id=7769