MDVSA-2011:097 -- Mandriva rubyID: oval:org.secpod.oval:def:301028 | Date: (C)2012-01-07 (M)2023-12-07 |
Class: PATCH | Family: unix |
Multiple vulnerabilities have been identified and fixed in ruby: Cross-site scripting vulnerability in the WEBrick HTTP server in Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page . The FileUtils.remove_entry_secure method in Ruby allows local users to delete arbitrary files via a symlink attack . The safe-level feature in Ruby allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname . The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an integer truncation issue. Packages for 2009.0 are provided as of the Extended Maintenance Program
Platform: |
Mandriva Linux 2010.1 |
Mandriva Linux 2009.0 |