CVE-2013-2065
Published: 2 November 2013
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.
Notes
Author | Note |
---|---|
mdeslaur | only affects 1.9+ |
Priority
Status
Package | Release | Status |
---|---|---|
ruby1.8 Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
|
|
saucy |
Not vulnerable
|
|
upstream |
Not vulnerable
|
|
ruby1.9.1 Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(1.9.3.0-1ubuntu2.8)
|
|
quantal |
Released
(1.9.3.194-1ubuntu1.6)
|
|
raring |
Released
(1.9.3.194-8.1ubuntu1.2)
|
|
saucy |
Released
(1.9.3.194-8.1ubuntu2.1)
|
|
upstream |
Released
(1.9.3.426)
|
|
Patches: upstream: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=40732 (1.9.x) upstream: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=40728 (trunk + test) |
||
ruby2.0 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Not vulnerable
(2.0.0.299-2)
|
|
upstream |
Released
(2.0.0.195)
|