RHSA-2005:543-01: Moderate: ruby security update
Posted on: 08/05/2005 09:51 AM

A ruby security update has been released for Red Hat Enterprise Linux 4

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: ruby security update
Advisory ID: RHSA-2005:543-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-543.html
Issue date: 2005-08-05
Updated on: 2005-08-05
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-1992
----------------------------------------------------------------------

1. Summary:

Updated ruby packages that fix an arbitrary command execution issue are now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Ruby is an interpreted scripting language for object-oriented programming.

A bug was found in the way Ruby launched an XMLRPC server. If an XMLRPC server is launched in a certain way, it becomes possible for a remote attacker to execute arbitrary commands within the XMLRPC server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1992 to this issue.

Users of Ruby should update to these erratum packages, which contain a backported patch and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

161095 - CAN-2005-1992 ruby arbitrary command execution on XMLRPC server


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ruby-1.8.1-7.EL4.1.src.rpm
31372062f0d881ce2c91e2d187b029d5 ruby-1.8.1-7.EL4.1.src.rpm

i386:
b9ab29ce32e70dd5471de91560bdd4f6 irb-1.8.1-7.EL4.1.i386.rpm
eba2cc72188020b2b9bbc5bbde939bb8 ruby-1.8.1-7.EL4.1.i386.rpm
4257ac1ab4709dfa464f81054bd12c39 ruby-devel-1.8.1-7.EL4.1.i386.rpm
dedecf5621f2859495d52f0b02282841 ruby-docs-1.8.1-7.EL4.1.i386.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7 ruby-libs-1.8.1-7.EL4.1.i386.rpm
c380cbac78da65fbb897c646cb3b5459 ruby-mode-1.8.1-7.EL4.1.i386.rpm
e9e56dd4415929b52a4c90d6839659b9 ruby-tcltk-1.8.1-7.EL4.1.i386.rpm

ia64:
ed8843b0bfe19091e0c533d8db33196c irb-1.8.1-7.EL4.1.ia64.rpm
4c5ce3e8cbb7c57cee6f66849fc763cc ruby-1.8.1-7.EL4.1.ia64.rpm
34e76823bfaeda823383bde64d0df4e0 ruby-devel-1.8.1-7.EL4.1.ia64.rpm
21647391f11e72744b0be03dc8028602 ruby-docs-1.8.1-7.EL4.1.ia64.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7 ruby-libs-1.8.1-7.EL4.1.i386.rpm
b4073db97e76467866f7d85a45765595 ruby-libs-1.8.1-7.EL4.1.ia64.rpm
fa21b028a1b2a5799def731cb846b344 ruby-mode-1.8.1-7.EL4.1.ia64.rpm
193f81cc54cf1227b139a6e5ac119ea6 ruby-tcltk-1.8.1-7.EL4.1.ia64.rpm

ppc:
beb4d0fdf8d2f5f38651eba62dd6ba9e irb-1.8.1-7.EL4.1.ppc.rpm
d8ed91625d984f15bd6c9b352e54aaec ruby-1.8.1-7.EL4.1.ppc.rpm
cc105ec506abbd823bf8dc80fb7cec08 ruby-devel-1.8.1-7.EL4.1.ppc.rpm
51920db16a6ee64764898987d2026448 ruby-docs-1.8.1-7.EL4.1.ppc.rpm
b0c61ce2d92fc642e9b6d52c66e8040e ruby-libs-1.8.1-7.EL4.1.ppc.rpm
a46badf51f3138a6620391f246729b0f ruby-libs-1.8.1-7.EL4.1.ppc64.rpm
25c298da4b472459db1fc2b40c8db701 ruby-mode-1.8.1-7.EL4.1.ppc.rpm
60271fc79cbdff10cf5cb1ef722a39bd ruby-tcltk-1.8.1-7.EL4.1.ppc.rpm

s390:
04aa2db064a7a762e5389b235b5daa91 irb-1.8.1-7.EL4.1.s390.rpm
f72f12eed8b173cb92bb511b1dbf3302 ruby-1.8.1-7.EL4.1.s390.rpm
6f86c9e7b69193900f580ede127b60b2 ruby-devel-1.8.1-7.EL4.1.s390.rpm
0b7143547b88db11492d4864cb701880 ruby-docs-1.8.1-7.EL4.1.s390.rpm
243c6aaea67f84a658fab8b8c31244db ruby-libs-1.8.1-7.EL4.1.s390.rpm
40cdfa4be97de9aad1a6a9da689c059a ruby-mode-1.8.1-7.EL4.1.s390.rpm
f2e934e2ebfdf5a6191106aec522a892 ruby-tcltk-1.8.1-7.EL4.1.s390.rpm

s390x:
11a8a4d354b51334138a0ea477bb4fd7 irb-1.8.1-7.EL4.1.s390x.rpm
f02bb4e23c656ab468d1537c1190a61c ruby-1.8.1-7.EL4.1.s390x.rpm
63139e897479ddaf3e054e59fcd08526 ruby-devel-1.8.1-7.EL4.1.s390x.rpm
3e6448faa84b800efa597db361263727 ruby-docs-1.8.1-7.EL4.1.s390x.rpm
243c6aaea67f84a658fab8b8c31244db ruby-libs-1.8.1-7.EL4.1.s390.rpm
cc7f3c4f5c0435cc6120a12781b2d5d4 ruby-libs-1.8.1-7.EL4.1.s390x.rpm
c9ea680fbc08965381d30fe5bb471da0 ruby-mode-1.8.1-7.EL4.1.s390x.rpm
295e384de3ce95eb0f0bcdaeda286d8d ruby-tcltk-1.8.1-7.EL4.1.s390x.rpm

x86_64:
bc12397f3bb00edddf14f64f74ab67ba irb-1.8.1-7.EL4.1.x86_64.rpm
b26063e6a2aa63710e6944d5bb79b453 ruby-1.8.1-7.EL4.1.x86_64.rpm
427f4782a84142f57a1af1b7c61cdf9d ruby-devel-1.8.1-7.EL4.1.x86_64.rpm
f0c0d0ea9a30b3d3f66dfd8373e9b499 ruby-docs-1.8.1-7.EL4.1.x86_64.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7 ruby-libs-1.8.1-7.EL4.1.i386.rpm
1725ca62b635102dfcbb093227acb20c ruby-libs-1.8.1-7.EL4.1.x86_64.rpm
8cc745ce2f953090fb82ba0b85a0b63c ruby-mode-1.8.1-7.EL4.1.x86_64.rpm
4bb79c1c55987a45937382465bc4522f ruby-tcltk-1.8.1-7.EL4.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ruby-1.8.1-7.EL4.1.src.rpm
31372062f0d881ce2c91e2d187b029d5 ruby-1.8.1-7.EL4.1.src.rpm

i386:
b9ab29ce32e70dd5471de91560bdd4f6 irb-1.8.1-7.EL4.1.i386.rpm
eba2cc72188020b2b9bbc5bbde939bb8 ruby-1.8.1-7.EL4.1.i386.rpm
4257ac1ab4709dfa464f81054bd12c39 ruby-devel-1.8.1-7.EL4.1.i386.rpm
dedecf5621f2859495d52f0b02282841 ruby-docs-1.8.1-7.EL4.1.i386.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7 ruby-libs-1.8.1-7.EL4.1.i386.rpm
c380cbac78da65fbb897c646cb3b5459 ruby-mode-1.8.1-7.EL4.1.i386.rpm
e9e56dd4415929b52a4c90d6839659b9 ruby-tcltk-1.8.1-7.EL4.1.i386.rpm

x86_64:
bc12397f3bb00edddf14f64f74ab67ba irb-1.8.1-7.EL4.1.x86_64.rpm
b26063e6a2aa63710e6944d5bb79b453 ruby-1.8.1-7.EL4.1.x86_64.rpm
427f4782a84142f57a1af1b7c61cdf9d ruby-devel-1.8.1-7.EL4.1.x86_64.rpm
f0c0d0ea9a30b3d3f66dfd8373e9b499 ruby-docs-1.8.1-7.EL4.1.x86_64.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7 ruby-libs-1.8.1-7.EL4.1.i386.rpm
1725ca62b635102dfcbb093227acb20c ruby-libs-1.8.1-7.EL4.1.x86_64.rpm
8cc745ce2f953090fb82ba0b85a0b63c ruby-mode-1.8.1-7.EL4.1.x86_64.rpm
4bb79c1c55987a45937382465bc4522f ruby-tcltk-1.8.1-7.EL4.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ruby-1.8.1-7.EL4.1.src.rpm
31372062f0d881ce2c91e2d187b029d5 ruby-1.8.1-7.EL4.1.src.rpm

i386:
b9ab29ce32e70dd5471de91560bdd4f6 irb-1.8.1-7.EL4.1.i386.rpm
eba2cc72188020b2b9bbc5bbde939bb8 ruby-1.8.1-7.EL4.1.i386.rpm
4257ac1ab4709dfa464f81054bd12c39 ruby-devel-1.8.1-7.EL4.1.i386.rpm
dedecf5621f2859495d52f0b02282841 ruby-docs-1.8.1-7.EL4.1.i386.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7 ruby-libs-1.8.1-7.EL4.1.i386.rpm
c380cbac78da65fbb897c646cb3b5459 ruby-mode-1.8.1-7.EL4.1.i386.rpm
e9e56dd4415929b52a4c90d6839659b9 ruby-tcltk-1.8.1-7.EL4.1.i386.rpm

ia64:
ed8843b0bfe19091e0c533d8db33196c irb-1.8.1-7.EL4.1.ia64.rpm
4c5ce3e8cbb7c57cee6f66849fc763cc ruby-1.8.1-7.EL4.1.ia64.rpm
34e76823bfaeda823383bde64d0df4e0 ruby-devel-1.8.1-7.EL4.1.ia64.rpm
21647391f11e72744b0be03dc8028602 ruby-docs-1.8.1-7.EL4.1.ia64.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7 ruby-libs-1.8.1-7.EL4.1.i386.rpm
b4073db97e76467866f7d85a45765595 ruby-libs-1.8.1-7.EL4.1.ia64.rpm
fa21b028a1b2a5799def731cb846b344 ruby-mode-1.8.1-7.EL4.1.ia64.rpm
193f81cc54cf1227b139a6e5ac119ea6 ruby-tcltk-1.8.1-7.EL4.1.ia64.rpm

x86_64:
bc12397f3bb00edddf14f64f74ab67ba irb-1.8.1-7.EL4.1.x86_64.rpm
b26063e6a2aa63710e6944d5bb79b453 ruby-1.8.1-7.EL4.1.x86_64.rpm
427f4782a84142f57a1af1b7c61cdf9d ruby-devel-1.8.1-7.EL4.1.x86_64.rpm
f0c0d0ea9a30b3d3f66dfd8373e9b499 ruby-docs-1.8.1-7.EL4.1.x86_64.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7 ruby-libs-1.8.1-7.EL4.1.i386.rpm
1725ca62b635102dfcbb093227acb20c ruby-libs-1.8.1-7.EL4.1.x86_64.rpm
8cc745ce2f953090fb82ba0b85a0b63c ruby-mode-1.8.1-7.EL4.1.x86_64.rpm
4bb79c1c55987a45937382465bc4522f ruby-tcltk-1.8.1-7.EL4.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ruby-1.8.1-7.EL4.1.src.rpm
31372062f0d881ce2c91e2d187b029d5 ruby-1.8.1-7.EL4.1.src.rpm

i386:
b9ab29ce32e70dd5471de91560bdd4f6 irb-1.8.1-7.EL4.1.i386.rpm
eba2cc72188020b2b9bbc5bbde939bb8 ruby-1.8.1-7.EL4.1.i386.rpm
4257ac1ab4709dfa464f81054bd12c39 ruby-devel-1.8.1-7.EL4.1.i386.rpm
dedecf5621f2859495d52f0b02282841 ruby-docs-1.8.1-7.EL4.1.i386.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7 ruby-libs-1.8.1-7.EL4.1.i386.rpm
c380cbac78da65fbb897c646cb3b5459 ruby-mode-1.8.1-7.EL4.1.i386.rpm
e9e56dd4415929b52a4c90d6839659b9 ruby-tcltk-1.8.1-7.EL4.1.i386.rpm

ia64:
ed8843b0bfe19091e0c533d8db33196c irb-1.8.1-7.EL4.1.ia64.rpm
4c5ce3e8cbb7c57cee6f66849fc763cc ruby-1.8.1-7.EL4.1.ia64.rpm
34e76823bfaeda823383bde64d0df4e0 ruby-devel-1.8.1-7.EL4.1.ia64.rpm
21647391f11e72744b0be03dc8028602 ruby-docs-1.8.1-7.EL4.1.ia64.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7 ruby-libs-1.8.1-7.EL4.1.i386.rpm
b4073db97e76467866f7d85a45765595 ruby-libs-1.8.1-7.EL4.1.ia64.rpm
fa21b028a1b2a5799def731cb846b344 ruby-mode-1.8.1-7.EL4.1.ia64.rpm
193f81cc54cf1227b139a6e5ac119ea6 ruby-tcltk-1.8.1-7.EL4.1.ia64.rpm

x86_64:
bc12397f3bb00edddf14f64f74ab67ba irb-1.8.1-7.EL4.1.x86_64.rpm
b26063e6a2aa63710e6944d5bb79b453 ruby-1.8.1-7.EL4.1.x86_64.rpm
427f4782a84142f57a1af1b7c61cdf9d ruby-devel-1.8.1-7.EL4.1.x86_64.rpm
f0c0d0ea9a30b3d3f66dfd8373e9b499 ruby-docs-1.8.1-7.EL4.1.x86_64.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7 ruby-libs-1.8.1-7.EL4.1.i386.rpm
1725ca62b635102dfcbb093227acb20c ruby-libs-1.8.1-7.EL4.1.x86_64.rpm
8cc745ce2f953090fb82ba0b85a0b63c ruby-mode-1.8.1-7.EL4.1.x86_64.rpm
4bb79c1c55987a45937382465bc4522f ruby-tcltk-1.8.1-7.EL4.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1992

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_2005543_01_moderate_ruby_security_update.html)