4 matches found
CVE-2009-5147
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names...
Fedora 19 : ruby-2.0.0.353-16.fc19 (2013-22423)
Update to Ruby 2.0.0-p353. This includes fix to an overflow in floating point number parsing found in Ruby currently being shipped on Fedora 20. This vulnerability has been assigned the CVE identifier CVE-2013-4164. This new rpm should fix this issue. Note that Tenable Network Security has...
Fedora 19 : ruby-2.0.0.247-14.fc19 (2013-12663)
Update to Ruby 2.0.0-p247 rhbz979605. - Fix RubyGems search paths when building gems with native extension. - Make symlinks for psych gem to ruby stdlib dirs. - Add support for ABRT autoloading. - Better support for build without configuration rhbz977941. - Use system-wide cert.pem. - Fixes...
CVE-2012-4522
The rbgetpathcheck function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path...