oss-sec mailing list archives

CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129

From: Reed Loden <reed () reedloden com>
Date: Tue, 28 Jul 2015 02:44:46 -0700

https://www.ruby-lang.org/en/news/2009/05/12/ruby-1-9-1-p129-released/
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/336353

From the above:


* DL::Function#call could pass tainted arguments to a C function even if
$SAFE > 0.
https://github.com/ruby/ruby/commit/7269e3de3cee3bbb6ab77fc708f3a10cab00b65e

* DL::dlopen could open a library with tainted library name even if
$SAFE > 0
https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b

Doesn't look like either one of these was ever assigned a CVE (please
correct me if I'm wrong).

These seem to be different issues than CVE-2008-3657.

~reed

Current thread:

CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129 Reed Loden (Jul 28)
- Re: CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129 cve-assign (Jul 28)
  - Re: CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129 Reed Loden (Jul 29)
- Re: CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129 Jan Rusnacko (Jul 28)
  - Re: CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129 Reed Loden (Jul 29)