ruby is vulnerable to authorization bypass. A remote attacker can bypass safe-level restrictions and use Exception#to_s
to destructively modify an untainted string so that it is tainted, the string can then be arbitrarily modified.
lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html
lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html
svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068
www.mandriva.com/security/advisories?name=MDVSA-2013:124
www.openwall.com/lists/oss-security/2012/10/02/4
www.openwall.com/lists/oss-security/2012/10/03/9
www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/
access.redhat.com/knowledge/docs/
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=862614
bugzilla.redhat.com/show_bug.cgi?id=887353
bugzilla.redhat.com/show_bug.cgi?id=889426
bugzilla.redhat.com/show_bug.cgi?id=895347
bugzilla.redhat.com/show_bug.cgi?id=895355
bugzilla.redhat.com/show_bug.cgi?id=902412
bugzilla.redhat.com/show_bug.cgi?id=902630
bugzilla.redhat.com/show_bug.cgi?id=903526
bugzilla.redhat.com/show_bug.cgi?id=903546
bugzilla.redhat.com/show_bug.cgi?id=905021
bugzilla.redhat.com/show_bug.cgi?id=905656
bugzilla.redhat.com/show_bug.cgi?id=906227
bugzilla.redhat.com/show_bug.cgi?id=906845
rhn.redhat.com/errata/RHSA-2013-0582.html
wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294