{ "threat_severity" : "Low", "public_date" : "2009-05-11T00:00:00Z", "bugzilla" : { "description" : "ruby: DL:: dlopen could open a library with tainted library name", "id" : "1248935", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1248935" }, "cvss" : { "cvss_base_score" : "2.6", "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status" : "verified" }, "cwe" : "CWE-267", "details" : [ "DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names." ], "statement" : "Red Hat Product Security has rated this issue as having Low security\nimpact. This issue is not currently planned to be addressed in future updates. \nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/.", "affected_release" : [ { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date" : "2018-03-26T00:00:00Z", "advisory" : "RHSA-2018:0583", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el6", "package" : "rh-ruby22-ruby-0:2.2.9-19.el6" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date" : "2018-03-26T00:00:00Z", "advisory" : "RHSA-2018:0583", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el6", "package" : "rh-ruby22-ruby-0:2.2.9-19.el6" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date" : "2018-03-26T00:00:00Z", "advisory" : "RHSA-2018:0583", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-ruby22-ruby-0:2.2.9-19.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date" : "2018-03-26T00:00:00Z", "advisory" : "RHSA-2018:0583", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-ruby22-ruby-0:2.2.9-19.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date" : "2018-03-26T00:00:00Z", "advisory" : "RHSA-2018:0583", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-ruby22-ruby-0:2.2.9-19.el7" } ], "package_state" : [ { "product_name" : "CloudForms Management Engine 5", "fix_state" : "Will not fix", "package_name" : "ruby193-ruby", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5" }, { "product_name" : "Red Hat Enterprise Linux 4", "fix_state" : "Will not fix", "package_name" : "ruby", "cpe" : "cpe:/o:redhat:enterprise_linux:4" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Will not fix", "package_name" : "ruby", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Will not fix", "package_name" : "ruby", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Will not fix", "package_name" : "ruby", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Will not fix", "package_name" : "rh-ruby22-ruby", "cpe" : "cpe:/a:redhat:rhel_software_collections:2" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Will not fix", "package_name" : "ruby193-ruby", "cpe" : "cpe:/a:redhat:rhel_software_collections:2" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Will not fix", "package_name" : "ruby200-ruby", "cpe" : "cpe:/a:redhat:rhel_software_collections:2" }, { "product_name" : "Red Hat Subscription Asset Manager", "fix_state" : "Will not fix", "package_name" : "ruby193-ruby", "cpe" : "cpe:/a:rhel_sam:1" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2009-5147\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-5147" ], "name" : "CVE-2009-5147", "csaw" : false }