Bug 10845

Summary: CVE-2012-4481: ruby - Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects
Product: Mageia Reporter: Oden Eriksson <oe>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: luigiwalser
Version: 2   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4481
Whiteboard:
Source RPM: ruby CVE:
Status comment:

Description Oden Eriksson 2013-07-26 10:53:34 CEST 
Name: CVE-2012-4481
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4481
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20120821
Category: 
Reference: MLIST:[oss-security] 20121005 Re: CVE Request -- ruby (1.8.x with
patched CVE-2011-1005):  Incomplete fix for CVE-2011-1005 for NameError#to_s
method when used on objects
Reference: URL:http://www.openwall.com/lists/oss-security/2012/10/05/4
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=863484
Reference: REDHAT:RHSA-2013:0612
Reference: URL:http://rhn.redhat.com/errata/RHSA-2013-0612.html
Reference: REDHAT:RHSA-2013:0129
Reference: URL:http://rhn.redhat.com/errata/RHSA-2013-0129.html

The safe-level feature in Ruby 1.8.7 allows context-dependent
attackers to modify strings via the NameError#to_s method when
operating on Ruby objects.  NOTE: this issue is due to an incomplete
fix for CVE-2011-1005.

Reproducible: 

Steps to Reproduce:
Comment 1 Oden Eriksson 2013-07-26 10:54:50 CEST 
NOTE: this is fixed in updates_testing/ruby-1.8.7.p358-1.3.mga2.src.rpm with:

ruby-1.8.7-p358-CVE-2012-4466-CVE-2012-4481.patch
Comment 2 Oden Eriksson 2013-07-26 10:58:47 CEST 
How I hate the mga rpm changelogs...

Status: NEW => RESOLVED
Resolution: (none) => INVALID

Comment 3 David Walser 2013-07-26 17:37:05 CEST 
Fixed in Bug 7769.

*** This bug has been marked as a duplicate of bug 7769 ***

CC: (none) => luigiwalser
Resolution: INVALID => DUPLICATE