Canonical Plugs Ruby 1.8 Exploits in Ubuntu 12.10

On October 22, in a security notice Canonical published details about Ruby 1.8 vulnerabilities for its Ubuntu 12.10 (Quantal Quetzal) operating system.

According to Canonical, Ruby 1.8 could have allowed excessive access in untrusted programs. Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels.

An attacker could have used this flaw to bypass intended access restrictions.

These are the two Ruby 1.8 vulnerabilities found in packages for Ubuntu 12.10: CVE-2012-4466 and CVE-2012-4481.

As usual, you can click on each one to see how it affects your system, or go here for in-depth descriptions, as it affects other Linux operating systems as well.

The security flaws can be fixed if you upgrade your system(s) to the latest Ruby 1.8 package. To apply the update, run the Update Manager application.

In general, a standard system update will make all the necessary changes. A system restart won’t be necessary to implement the changes.


Source: Softpedia


3 comments on “Canonical Plugs Ruby 1.8 Exploits in Ubuntu 12.10

  1. Just wish to say your article is as astonishing. The clarity in your post is just great and i can assume you are an expert on this subject. Fine with your permission let me to grab your RSS feed to keep up to date with forthcoming post. Thanks a million and please carry on the rewarding work.

  2. Pingback: Homepage

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s