ruby is vulnerable to authorization bypass. A flaw was found in the method for translating an exception message into a string in the Ruby Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent.
lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html
lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html
svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068
www.openwall.com/lists/oss-security/2012/10/02/4
www.openwall.com/lists/oss-security/2012/10/03/9
www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/
access.redhat.com/knowledge/docs/
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=862598
bugzilla.redhat.com/show_bug.cgi?id=887353
bugzilla.redhat.com/show_bug.cgi?id=889426
bugzilla.redhat.com/show_bug.cgi?id=895347
bugzilla.redhat.com/show_bug.cgi?id=895355
bugzilla.redhat.com/show_bug.cgi?id=902412
bugzilla.redhat.com/show_bug.cgi?id=902630
bugzilla.redhat.com/show_bug.cgi?id=903526
bugzilla.redhat.com/show_bug.cgi?id=903546
bugzilla.redhat.com/show_bug.cgi?id=905021
bugzilla.redhat.com/show_bug.cgi?id=905656
bugzilla.redhat.com/show_bug.cgi?id=906227
bugzilla.redhat.com/show_bug.cgi?id=906845
rhn.redhat.com/errata/RHSA-2013-0582.html