Notes:
Problem Description:
RubyGems does not check installation paths for gems before writing files.
Impact:
Since RubyGems packages are typically installed using root permissions,
arbitrary files may be overwritten on-disk. This may lead to denial of service,
privilege escalation or remote compromise.
Note:
Remote installations via Rubyforge will be disabled in the near future for
versions of RubyGems earlier than 0.9.1, even for patched versions of
RubyGems. Local installations will continue to work, however.
Thanks to Gavin Sinclair for finding and reporting this problem.
(Click on the title above to go to the download page.)
http://rubyforge.org/frs/download.php/16544/installer.rb.extract_files.REL_0_8_11.patch
MD5 (installer.rb.extract_files.REL_0_8_11.patch) = 31e3bacd1821de0272864c153b7c0dca
http://rubyforge.org/frs/download.php/16543/installer.rb.extract_files.REL_0_9_0.patch
MD5 (installer.rb.extract_files.REL_0_9_0.patch) = bed4fcdd438a7d8b81cf72e1ffe48a7d
Changes:
|
