[Secure-testing-team] Bug#689075: CVE-2011-1005: safe level bypass
Tyler Hicks
tyhicks at canonical.com
Fri Sep 28 22:03:05 UTC 2012
Package: ruby1.9.1
Version: 1.9.3.194-1
Severity: grave
Tags: patch security
Justification: user security hole
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu quantal ubuntu-patch
Dear Maintainer,
While running some regression tests I discovered that 1.9.3.194-1 is
vulnerable to CVE-2011-1005, despite the Ruby advisory stating
otherwise:
http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/
You can use the reproducer in the advisory for verification. Just do a
'puts $secret_path' rather than the 'open($secret_path)' block.
In Ubuntu, the attached patch was applied to achieve the following:
* SECURITY UPDATE: Safe level bypass
- debian/patches/20120927-cve_2011_1005.patch: Remove incorrect string
taint in exception handling methods. Based on upstream patch.
- CVE-2011-1005
Thanks for considering the patch.
-- System Information:
Debian Release: wheezy/sid
APT prefers quantal-updates
APT policy: (500, 'quantal-updates'), (500, 'quantal-security'), (500, 'quantal')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.5.0-15-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ruby1.9.1_1.9.3.194-1ubuntu1.debdiff
Type: text/x-diff
Size: 2703 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20120928/02721bf8/attachment.diff>
More information about the Secure-testing-team
mailing list