CVE-2013-2065 Information

Description

(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426 and 2.0 before 2.0.0 patchlevel 195 do not perform taint checking for native functions which allows context-dependent attackers to bypass intended $SAFE level restrictions.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107064.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107098.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107120.html http://lists.opensuse.org/opensuse-updates/2013-10/msg00057.html http://www.ubuntu.com/usn/USN-2035-1 https://puppet.com/security/cve/cve-2013-2065 https://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/