Test ID:	1.3.6.1.4.1.25623.1.1.13.2013.136.02
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2013-136-02)
Summary:	The remote host is missing an update for the 'ruby' package(s) announced via the SSA:2013-136-02 advisory.
Description:	Summary: The remote host is missing an update for the 'ruby' package(s) announced via the SSA:2013-136-02 advisory. Vulnerability Insight: New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/ruby-1.9.3_p429-i486-1_slack14.0.txz: Upgraded. This update fixes a security issue in DL and Fiddle included in Ruby where tainted strings can be used by system calls regardless of the $SAFE level setting. For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'ruby' package(s) on Slackware 13.1, Slackware 13.37, Slackware 14.0, Slackware current. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2065 FEDORA-2013-8375 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107098.html FEDORA-2013-8411 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107064.html FEDORA-2013-8738 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107120.html USN-2035-1 http://www.ubuntu.com/usn/USN-2035-1 https://puppet.com/security/cve/cve-2013-2065 https://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/ openSUSE-SU-2013:1611 http://lists.opensuse.org/opensuse-updates/2013-10/msg00057.html
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.