Ruby vulnerabilities

2012-10-2300:00:00

ubuntu.com

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.3%

JSON

Releases

Ubuntu 12.10

Packages

ruby1.8 - Interpreter of object-oriented scripting language Ruby 1.8

Details

USN-1603-1 fixed vulnerabilities in Ruby. This update provides the
corresponding updates for Ubuntu 12.10.

Original advisory details:

Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted
strings to be modified in protective safe levels. An attacker could use this
flaw to bypass intended access restrictions. (CVE-2012-4466, CVE-2012-4481)

OSVersionArchitecturePackageVersionFilename
Ubuntu12.10noarchlibruby1.8< 1.8.7.358-4ubuntu0.1UNKNOWN
Ubuntu12.10noarchlibruby1.8-dbg< 1.8.7.358-4ubuntu0.1UNKNOWN
Ubuntu12.10noarchlibtcltk-ruby1.8< 1.8.7.358-4ubuntu0.1UNKNOWN
Ubuntu12.10noarchruby1.8< 1.8.7.358-4ubuntu0.1UNKNOWN
Ubuntu12.10noarchruby1.8-dev< 1.8.7.358-4ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	12.10	noarch	libruby1.8	< 1.8.7.358-4ubuntu0.1	UNKNOWN
Ubuntu	12.10	noarch	libruby1.8-dbg	< 1.8.7.358-4ubuntu0.1	UNKNOWN
Ubuntu	12.10	noarch	libtcltk-ruby1.8	< 1.8.7.358-4ubuntu0.1	UNKNOWN
Ubuntu	12.10	noarch	ruby1.8	< 1.8.7.358-4ubuntu0.1	UNKNOWN
Ubuntu	12.10	noarch	ruby1.8-dev	< 1.8.7.358-4ubuntu0.1	UNKNOWN