CVE-2012-4522

Related Files

Red Hat Security Advisory 2013-0582-01

Posted Feb 28, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0582-01 - OpenShift Enterprise is a cloud computing Platform-as-a-Service solution from Red Hat, and is designed for on-premise or private cloud deployments. Installing the updated packages and restarting the OpenShift services are the only requirements for this update. However, if you are updating your system to Red Hat Enterprise Linux 6.4 while applying OpenShift Enterprise 1.1.1 updates, it is recommended that you restart your system.

tags | advisory

systems | linux, redhat

advisories | CVE-2012-2660, CVE-2012-2661, CVE-2012-2694, CVE-2012-2695, CVE-2012-3424, CVE-2012-3463, CVE-2012-3464, CVE-2012-3465, CVE-2012-4464, CVE-2012-4466, CVE-2012-4522, CVE-2012-5371, CVE-2013-0155, CVE-2013-0162

SHA-256 | e0e1bc67708c3a5e17e015a956f1679d743300e35ddbcad23b6ada0623037f7a

Download | Favorite | View

Red Hat Security Advisory 2013-0129-01

Posted Jan 8, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0129-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was found that certain methods did not sanitize file names before passing them to lower layer routines in Ruby. If a Ruby application created files with names based on untrusted input, it could result in the creation of files with different names than expected. It was found that the RHSA-2011:0909 update did not correctly fix the CVE-2011-1005 issue, a flaw in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted code to modify arbitrary, trusted strings, which safe level 4 restrictions would otherwise prevent.

tags | advisory, remote, arbitrary, ruby

systems | linux, redhat

advisories | CVE-2012-4481, CVE-2012-4522

SHA-256 | 4a55277a92d2dade3b633c2eeffa01ad800949b4e81e0fea84bee0fbc3123f94

Download | Favorite | View

Ubuntu Security Notice USN-1614-1

Posted Oct 23, 2012

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1614-1 - Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. USN-1602-1 fixed these vulnerabilities in other Ubuntu releases. This update provides the corresponding updates for Ubuntu 12.10. Peter Bex discovered that Ruby incorrectly handled file path strings when opening files. An attacker could use this flaw to open or create unexpected files. Various other issues were also addressed.

tags | advisory, vulnerability, ruby

systems | linux, ubuntu

advisories | CVE-2012-4522, CVE-2012-4464, CVE-2012-4466, CVE-2012-4522

SHA-256 | 1b5e74f2ed8b901db297280f3947aec4380fd1ce36dce847e819c5fdf738002f

Download | Favorite | View