Bug 7769 - ruby new security issues CVE-2012-4466 and CVE-2012-4481
: ruby new security issues CVE-2012-4466 and CVE-2012-4481
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: i586 Linux
: Normal Severity: major
: ---
Assigned To: QA Team
:
: http://lwn.net/Vulnerabilities/519492/
: MGA1TOO has_procedure mga2-64-OK mga2...
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2012-10-11 15:24 CEST by David Walser
Modified: 2013-07-26 17:37 CEST (History)
4 users (show)

See Also:
Source RPM: ruby-1.8.7.p358-1.mga2.src.rpm
CVE:


Attachments

Description David Walser 2012-10-11 15:24:44 CEST
Ubuntu has issued an advisory on October 10:
http://www.ubuntu.com/usn/usn-1603-1/

Patched packages uploaded for Mageia 1 and Mageia 2.

Advisory:
========================

Updated ruby packages fix security vulnerabilities:

Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed
untainted strings to be modified in protective safe levels. An attacker
could use this flaw to bypass intended access restrictions (CVE-2012-4466,
CVE-2012-4481).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4481
http://www.ubuntu.com/usn/usn-1603-1/
========================

Updated packages in core/updates_testing:
========================
ruby-1.8.7.p357-1.1.mga1
ruby-doc-1.8.7.p357-1.1.mga1
ruby-devel-1.8.7.p357-1.1.mga1
ruby-tk-1.8.7.p357-1.1.mga1
ruby-1.8.7.p358-1.1.mga2
ruby-doc-1.8.7.p358-1.1.mga2
ruby-devel-1.8.7.p358-1.1.mga2
ruby-tk-1.8.7.p358-1.1.mga2

from SRPMS:
ruby-1.8.7.p357-1.1.mga1.src.rpm
ruby-1.8.7.p358-1.1.mga2.src.rpm
Comment 1 claire robinson 2012-10-11 16:13:08 CEST
No PoC's that I can find so just checking with some simple scripts which test ruby-tk and ruby

http://chmeee.dyndns.org/learntk/HelloWorld

require 'tk'
root = TkRoot.new() { title "Hello, world!" }
Tk.mainloop()

The Hello World script in irb

$ irb
irb(main):001:0> require 'tk'
=> true
irb(main):002:0> root = TkRoot.new() { title "Hello, world!" }
=> #<Tk::Root:0x7f564f0ce188 @path=".">
irb(main):003:0> Tk.mainloop()
=> true

This opens a little window.

Also a simple script..

#!/usr/bin/ruby
class Total
	def initialize(initial_amount)
		@total=initial_amount
	end

	def increaseBy(increase)
		@total += increase
	end

	def multiplyBy(increase)
		@total *= increase
	end

	def setTo(amount)
		@total = amount
	end

	def getTotal() return @total; end
	def hasTotal() return @total!=nil; end
end

total = Total.new(0)
for ss in 1..4
	total.increaseBy(ss)	
	puts total.getTotal if total.hasTotal
end
print "Final total: ", total.getTotal, "\n" if total.hasTotal

Which outputs..

$ ruby rubytest.rb
1
3
6
10
Final total: 10


Testing complete Mageia 2 x86_64
Comment 2 Eduard Beliaev 2012-10-11 18:25:33 CEST
Testing complete on Mageia 2 i586 with the procedure that Claire used.
Comment 3 claire robinson 2012-10-13 16:33:44 CEST
Testing complete mga1 32
Comment 4 claire robinson 2012-10-13 19:10:27 CEST
Testing complete mga1 64

Validating

Advisory and srpms in comment 0

Could sysadmin please push from core/updates_testing to core/updates

Thanks!
Comment 5 Thomas Backlund 2012-10-14 21:21:40 CEST
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294
Comment 6 David Walser 2013-07-26 17:37:05 CEST
*** Bug 10845 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.