From Mageia wiki
Jump to: navigation, search

MGASA-2012-0294

Date: October 14th, 2012
Affected releases: 1, 2


Description:
Updated ruby packages fix security vulnerabilities:

Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed
untainted strings to be modified in protective safe levels. An attacker
could use this flaw to bypass intended access restrictions.
(CVE-2012-4466, CVE-2012-4481)


Updated Packages:
Mageia 1:
ruby-1.8.7.p357-1.1.mga1
ruby-doc-1.8.7.p357-1.1.mga1
ruby-devel-1.8.7.p357-1.1.mga1
ruby-tk-1.8.7.p357-1.1.mga1

Mageia 2:
ruby-1.8.7.p358-1.1.mga2
ruby-doc-1.8.7.p358-1.1.mga2
ruby-devel-1.8.7.p358-1.1.mga2
ruby-tk-1.8.7.p358-1.1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4481
http://www.ubuntu.com/usn/usn-1603-1/
https://bugs.mageia.org/show_bug.cgi?id=7769