Linux.com

Home

Mandriva Linux Security Advisory 2010:017: ruby

A vulnerability has been found and corrected in ruby:

WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through
patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev
writes data to a log file without sanitizing non-printable characters,
which might allow remote attackers to modify a window's title,
or possibly execute arbitrary commands or overwrite files, via an
HTTP request containing an escape sequence for a terminal emulator
(CVE-2009-4492).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct this issue...

Read More

 

Comments

Subscribe to Comments Feed

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board