oss-security - CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <CALPTtNVtm+tLFxZcg268GSp0LtX+zCz0RwRowxSf7S0Tv6kutA@mail.gmail.com>
Date: Tue, 28 Jul 2015 02:44:46 -0700
From: Reed Loden <reed@...dloden.com>
To: oss-security@...ts.openwall.com, 
	Assign a CVE Identifier <cve-assign@...re.org>, security@...y-lang.org
Subject: CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129

https://www.ruby-lang.org/en/news/2009/05/12/ruby-1-9-1-p129-released/
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/336353

>From the above:

* DL::Function#call could pass tainted arguments to a C function even if
$SAFE > 0.
https://github.com/ruby/ruby/commit/7269e3de3cee3bbb6ab77fc708f3a10cab00b65e

* DL::dlopen could open a library with tainted library name even if
$SAFE > 0
https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b

Doesn't look like either one of these was ever assigned a CVE (please
correct me if I'm wrong).

These seem to be different issues than CVE-2008-3657.

~reed

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.