Test ID:	1.3.6.1.4.1.25623.1.0.69075
Category:	Fedora Local Security Checks
Title:	Fedora Core 13 FEDORA-2011-1913 (ruby)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to ruby announced via advisory FEDORA-2011-1913. Update Information: Two patches backported from 1.8.7 branch, for * Symlink race condition in FileUtils.remove_entry_secure * bypass of $SAFE mechanism in Exception#to_s References: [ 1 ] Bug #678913 - CVE-2011-1004 Ruby: Symlink race condition by removing directory trees in fileutils module https://bugzilla.redhat.com/show_bug.cgi?id=678913 [ 2 ] Bug #678920 - CVE-2011-1005 Ruby: Untrusted codes able to modify arbitrary strings https://bugzilla.redhat.com/show_bug.cgi?id=678920 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update ruby' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2011-1913 Risk factor : High CVSS Score: 6.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0541 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html BugTraq ID: 40871 http://www.securityfocus.com/bid/40871 BugTraq ID: 40895 http://www.securityfocus.com/bid/40895 http://www.mandriva.com/security/advisories?name=MDVSA-2011:097 http://www.mandriva.com/security/advisories?name=MDVSA-2011:098 http://www.redhat.com/support/errata/RHSA-2011-0908.html http://www.redhat.com/support/errata/RHSA-2011-0909.html http://secunia.com/advisories/40220 http://www.vupen.com/english/advisories/2010/1481 Common Vulnerability Exposure (CVE) ID: CVE-2011-1004 43434 http://secunia.com/advisories/43434 43573 http://secunia.com/advisories/43573 46460 http://www.securityfocus.com/bid/46460 70958 http://osvdb.org/70958 ADV-2011-0539 http://www.vupen.com/english/advisories/2011/0539 APPLE-SA-2012-05-09-1 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html FEDORA-2011-1876 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054422.html FEDORA-2011-1913 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054436.html MDVSA-2011:097 RHSA-2011:0909 RHSA-2011:0910 http://www.redhat.com/support/errata/RHSA-2011-0910.html [oss-security] 20110221 CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE http://www.openwall.com/lists/oss-security/2011/02/21/2 [oss-security] 20110221 Re: CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE http://www.openwall.com/lists/oss-security/2011/02/21/5 http://support.apple.com/kb/HT5281 http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/ https://bugzilla.redhat.com/show_bug.cgi?id=678913 Common Vulnerability Exposure (CVE) ID: CVE-2011-1005 43420 http://secunia.com/advisories/43420 46458 http://www.securityfocus.com/bid/46458 70957 http://osvdb.org/70957 MDVSA-2011:098 RHSA-2011:0908 http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/ https://bugzilla.redhat.com/show_bug.cgi?id=678920
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.