Wind River Support Network

HomeDefectsLIN5-15598
Fixed

LIN5-15598 : Security Advisory - ruby - CVE-2013-2065

Created: Nov 15, 2013    Updated: Dec 19, 2017
Resolved Date: Dec 17, 2013
Previous ID: LIN3-11093
Found In Version: 5.0
Fix Version: 5.0.1.11
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2065

Workaround

Unknown

Steps to Reproduce

Unknown

Other Downloads


Live chat
Online