Wind River Support Network

HomeDefectsLIN6-4924

Fixed

LIN6-4924 : Security Advisory - ruby - CVE-2013-2065

Created: Nov 15, 2013 Updated: Dec 3, 2018

Resolved Date: Dec 9, 2013

Previous ID: LIN3-11091

Found In Version: 6.0

Fix Version: 6.0.0.1

Severity: Standard

Applicable for: Wind River Linux 6

Component/s: Userspace

Description

(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2065

Workaround

Unknown

Steps to Reproduce

Unknown

Other Downloads

Wind River Linux 6.0.0.29
Wind River Linux 6.0.0.30
Wind River Linux 6.0.0.31
Wind River Linux 6.0.0.32
Wind River Linux 6.0.0.33
Wind River Linux 6.0.0.34
Wind River Linux 6.0.0.35
Wind River Linux 6.0.0.36
Wind River Linux 6.0.0.37
Wind River Linux 6.0.0.38