Oval Definition:oval:org.opensuse.security:def:20083657
Revision Date:2022-05-20Version:1
Title:CVE-2008-3657
Description:

The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2008-3657
Mitre CVE-2008-3657
SUSE CVE-2008-3657
SUSE-SA:2009:037
SUSE-SA:2009:037
Platform(s):Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
Open Enterprise Server
openSUSE 10.3
openSUSE 11.0
openSUSE 11.1
SUSE Linux Enterprise Desktop 11 GA
SUSE Linux Enterprise SDK 10 SP2
SUSE Linux Enterprise SDK 11 GA
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 11 GA
SUSE Linux Enterprise Server for SAP Applications 11
Product(s):
Definition Synopsis
  • sles10-sp2-sdk is installed
  • AND Package Information
  • ruby-devel less than 1.8.6.p369-0.4
  • OR ruby-doc-html less than 1.8.6.p369-0.4
  • OR ruby-doc-ri less than 1.8.6.p369-0.4
  • OR ruby-examples less than 1.8.6.p369-0.4
  • OR ruby-test-suite less than 1.8.6.p369-0.4
  • OR ruby-tk less than 1.8.6.p369-0.4
  • OR ruby less than 1.8.6.p369-0.4
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 is installed
  • AND Package Information
  • ruby-1.8.7.p72-5.22 is installed
  • OR ruby-doc-html-1.8.7.p72-5.22 is installed
  • OR ruby-tk-1.8.7.p72-5.22 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 11 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 11 is installed
  • AND Package Information
  • ruby-1.8.7.p72-5.22.1 is installed
  • OR ruby-doc-html-1.8.7.p72-5.22.1 is installed
  • OR ruby-tk-1.8.7.p72-5.22.1 is installed
    • BACK