oss-sec mailing list archives

CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE

From: Thomas Biege <thomas () suse de>
Date: Mon, 21 Feb 2011 12:33:19 +0100


AFAIK this two need a CVE-ID:
1) http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/
2) http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/

-- 
 Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing
 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
  Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
                            -- Marie von Ebner-Eschenbach

Current thread:

CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE Thomas Biege (Feb 21)
- Re: CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE Josh Bressers (Feb 21)