January 19, 2010

Mandriva Linux Security Advisory 2010:017: ruby

A vulnerability has been found and corrected in ruby:

WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through
patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev
writes data to a log file without sanitizing non-printable characters,
which might allow remote attackers to modify a window's title,
or possibly execute arbitrary commands or overwrite files, via an
HTTP request containing an escape sequence for a terminal emulator
(CVE-2009-4492).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct this issue...

Read More