RHSA-2007:0965-01 Moderate: ruby security update
Posted on: 11/13/2007 02:25 PM

A new update is available for Red Hat Enterprise Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: ruby security update
Advisory ID: RHSA-2007:0965-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0965.html
Issue date: 2007-11-13
Updated on: 2007-11-13
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-5162 CVE-2007-5770
- ---------------------------------------------------------------------

1. Summary:

Updated ruby packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

Ruby is an interpreted scripting language for object-oriented programming.

An SSL certificate validation flaw was discovered in several Ruby Net
modules. The libraries were not checking the requested host name against
the common name (CN) in the SSL server certificate, possibly allowing a man
in the middle attack. (CVE-2007-5162, CVE-2007-5770)

Users of Ruby should upgrade to these updated packages, which contain a
backported patch to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

313691 - CVE-2007-5162 ruby Net:HTTP insufficient verification of SSL certificate
362081 - CVE-2007-5770 ruby insufficient verification of SSL certificate in various net::* modules

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ruby-1.8.5-5.el5_1.1.src.rpm
bd2ba2ff48194091448b3c7c61fd218f ruby-1.8.5-5.el5_1.1.src.rpm

i386:
9a1214c0884a6e4cfa181a693dbf1905 ruby-1.8.5-5.el5_1.1.i386.rpm
affda32e3a7fbc2ff7b71820983fa10e ruby-debuginfo-1.8.5-5.el5_1.1.i386.rpm
3f99f3d8b23dbd04830d5b622d9acfbe ruby-docs-1.8.5-5.el5_1.1.i386.rpm
fdafed93c351491808f3d787d2e1b967 ruby-irb-1.8.5-5.el5_1.1.i386.rpm
0d59f6f236006e26d2bdb13835adfbe5 ruby-libs-1.8.5-5.el5_1.1.i386.rpm
6a61484d511a539a6f5e51ab2f1b524d ruby-rdoc-1.8.5-5.el5_1.1.i386.rpm
8283e9c796c013c6fec91ebaf0686717 ruby-ri-1.8.5-5.el5_1.1.i386.rpm
f57234b3f2b2e62c320cce79633517a2 ruby-tcltk-1.8.5-5.el5_1.1.i386.rpm

x86_64:
1727a1e7a24dffd9bcbaf14dd5885e09 ruby-1.8.5-5.el5_1.1.x86_64.rpm
affda32e3a7fbc2ff7b71820983fa10e ruby-debuginfo-1.8.5-5.el5_1.1.i386.rpm
5d03ae1d4a04606daa60c2f21452962d ruby-debuginfo-1.8.5-5.el5_1.1.x86_64.rpm
b20add781113d1a6c62da9eb4ae5322e ruby-docs-1.8.5-5.el5_1.1.x86_64.rpm
9860b5dcaff839ceac92ad3473474138 ruby-irb-1.8.5-5.el5_1.1.x86_64.rpm
0d59f6f236006e26d2bdb13835adfbe5 ruby-libs-1.8.5-5.el5_1.1.i386.rpm
7cdaed976249c0f131f545adc6d34a19 ruby-libs-1.8.5-5.el5_1.1.x86_64.rpm
b9daa1cda45b5c9eb7977162d32932f8 ruby-rdoc-1.8.5-5.el5_1.1.x86_64.rpm
7a97f1f171c16e36bd85abbbadab358b ruby-ri-1.8.5-5.el5_1.1.x86_64.rpm
9e1e70b9dd97366bd2d46a3bd87da52d ruby-tcltk-1.8.5-5.el5_1.1.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ruby-1.8.5-5.el5_1.1.src.rpm
bd2ba2ff48194091448b3c7c61fd218f ruby-1.8.5-5.el5_1.1.src.rpm

i386:
affda32e3a7fbc2ff7b71820983fa10e ruby-debuginfo-1.8.5-5.el5_1.1.i386.rpm
fc9636a5d413c56797e35c13e19445c1 ruby-devel-1.8.5-5.el5_1.1.i386.rpm
b71daf9336d1c3ddfd572dd6f42aac3a ruby-mode-1.8.5-5.el5_1.1.i386.rpm

x86_64:
affda32e3a7fbc2ff7b71820983fa10e ruby-debuginfo-1.8.5-5.el5_1.1.i386.rpm
5d03ae1d4a04606daa60c2f21452962d ruby-debuginfo-1.8.5-5.el5_1.1.x86_64.rpm
fc9636a5d413c56797e35c13e19445c1 ruby-devel-1.8.5-5.el5_1.1.i386.rpm
c9cfa969d4cff4ba305119184559d59f ruby-devel-1.8.5-5.el5_1.1.x86_64.rpm
42b2fdf9d6d85e4701938042d05da90e ruby-mode-1.8.5-5.el5_1.1.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ruby-1.8.5-5.el5_1.1.src.rpm
bd2ba2ff48194091448b3c7c61fd218f ruby-1.8.5-5.el5_1.1.src.rpm

i386:
9a1214c0884a6e4cfa181a693dbf1905 ruby-1.8.5-5.el5_1.1.i386.rpm
affda32e3a7fbc2ff7b71820983fa10e ruby-debuginfo-1.8.5-5.el5_1.1.i386.rpm
fc9636a5d413c56797e35c13e19445c1 ruby-devel-1.8.5-5.el5_1.1.i386.rpm
3f99f3d8b23dbd04830d5b622d9acfbe ruby-docs-1.8.5-5.el5_1.1.i386.rpm
fdafed93c351491808f3d787d2e1b967 ruby-irb-1.8.5-5.el5_1.1.i386.rpm
0d59f6f236006e26d2bdb13835adfbe5 ruby-libs-1.8.5-5.el5_1.1.i386.rpm
b71daf9336d1c3ddfd572dd6f42aac3a ruby-mode-1.8.5-5.el5_1.1.i386.rpm
6a61484d511a539a6f5e51ab2f1b524d ruby-rdoc-1.8.5-5.el5_1.1.i386.rpm
8283e9c796c013c6fec91ebaf0686717 ruby-ri-1.8.5-5.el5_1.1.i386.rpm
f57234b3f2b2e62c320cce79633517a2 ruby-tcltk-1.8.5-5.el5_1.1.i386.rpm

ia64:
833cb4e41f3ce360bffebe58dca7ffed ruby-1.8.5-5.el5_1.1.ia64.rpm
f9280d52b11296dede951e4dc546d0e0 ruby-debuginfo-1.8.5-5.el5_1.1.ia64.rpm
aa9fc9d56a73ddf69284e15178fd5335 ruby-devel-1.8.5-5.el5_1.1.ia64.rpm
5796d0d2c9bd06e7f15311ff7eb76f95 ruby-docs-1.8.5-5.el5_1.1.ia64.rpm
1cb804cb60fe8cd550d171d522566740 ruby-irb-1.8.5-5.el5_1.1.ia64.rpm
012d3122c4de5507f39eb43b339e8db3 ruby-libs-1.8.5-5.el5_1.1.ia64.rpm
b54dd1219ac04bc945265c65f4a2e8a9 ruby-mode-1.8.5-5.el5_1.1.ia64.rpm
b3e415994eb42d61e8d9783e40f586dd ruby-rdoc-1.8.5-5.el5_1.1.ia64.rpm
0668bbb175d3fc815ee7c709f1d67e8e ruby-ri-1.8.5-5.el5_1.1.ia64.rpm
03b3bbd6a20b5a570de2571259beb103 ruby-tcltk-1.8.5-5.el5_1.1.ia64.rpm

ppc:
8c799e6408b3c0af19cf7bebea3b0ec4 ruby-1.8.5-5.el5_1.1.ppc.rpm
a8e8a533efaabacbd9806998beb7bed9 ruby-debuginfo-1.8.5-5.el5_1.1.ppc.rpm
4e5a03c88823942fb923e13ee5e9f652 ruby-debuginfo-1.8.5-5.el5_1.1.ppc64.rpm
c65c8ac0c44f5574b2d9e0c946bb1cc0 ruby-devel-1.8.5-5.el5_1.1.ppc.rpm
216d5f434ca5b590361445655cf35546 ruby-devel-1.8.5-5.el5_1.1.ppc64.rpm
e7cf922d26f18c948840f2250491b432 ruby-docs-1.8.5-5.el5_1.1.ppc.rpm
6b8ddefd1936ee7eb6f529ffd45f0f56 ruby-irb-1.8.5-5.el5_1.1.ppc.rpm
9bd06a79a8d2144ca0425f64ee5bc052 ruby-libs-1.8.5-5.el5_1.1.ppc.rpm
f68509b3bec796e6e35890101422979c ruby-libs-1.8.5-5.el5_1.1.ppc64.rpm
cc042ce28dbd9cfca6686b05488cccd2 ruby-mode-1.8.5-5.el5_1.1.ppc.rpm
9f52495edcf1c7241d971a772ec9864b ruby-rdoc-1.8.5-5.el5_1.1.ppc.rpm
d4ef2eb938ad8e500c312f5a0112bc17 ruby-ri-1.8.5-5.el5_1.1.ppc.rpm
9b94203c995d9825ea9522d47d2c93b9 ruby-tcltk-1.8.5-5.el5_1.1.ppc.rpm

s390x:
466dbec52fbb1b426a05562d4223f1b5 ruby-1.8.5-5.el5_1.1.s390x.rpm
9dab2dee3b0818ee8f512b2378792f8d ruby-debuginfo-1.8.5-5.el5_1.1.s390.rpm
ebbc60ecc686cf0b2cf581e7b9bcbeb3 ruby-debuginfo-1.8.5-5.el5_1.1.s390x.rpm
112e2222450789fda4d4aa3ee866f1c0 ruby-devel-1.8.5-5.el5_1.1.s390.rpm
5cf92a394b87428a0fa8dd3b4e4cb1b1 ruby-devel-1.8.5-5.el5_1.1.s390x.rpm
f8cb187ff5e57e17a7ad9a956b04dbf3 ruby-docs-1.8.5-5.el5_1.1.s390x.rpm
aee78c767a2c33a31927258d90e07cf9 ruby-irb-1.8.5-5.el5_1.1.s390x.rpm
9f539c988f1672d7b7534faf15c889d6 ruby-libs-1.8.5-5.el5_1.1.s390.rpm
cfa7ff37d59ffa463d96c1865b6cd7b0 ruby-libs-1.8.5-5.el5_1.1.s390x.rpm
80f07b5abe18be100c69925551695c75 ruby-mode-1.8.5-5.el5_1.1.s390x.rpm
2b1f9972403c4793cd97ef783ba052b7 ruby-rdoc-1.8.5-5.el5_1.1.s390x.rpm
2d551ece5c839f9b241118a140dbbe02 ruby-ri-1.8.5-5.el5_1.1.s390x.rpm
558d87b587fc059bb648a620e91d9506 ruby-tcltk-1.8.5-5.el5_1.1.s390x.rpm

x86_64:
1727a1e7a24dffd9bcbaf14dd5885e09 ruby-1.8.5-5.el5_1.1.x86_64.rpm
affda32e3a7fbc2ff7b71820983fa10e ruby-debuginfo-1.8.5-5.el5_1.1.i386.rpm
5d03ae1d4a04606daa60c2f21452962d ruby-debuginfo-1.8.5-5.el5_1.1.x86_64.rpm
fc9636a5d413c56797e35c13e19445c1 ruby-devel-1.8.5-5.el5_1.1.i386.rpm
c9cfa969d4cff4ba305119184559d59f ruby-devel-1.8.5-5.el5_1.1.x86_64.rpm
b20add781113d1a6c62da9eb4ae5322e ruby-docs-1.8.5-5.el5_1.1.x86_64.rpm
9860b5dcaff839ceac92ad3473474138 ruby-irb-1.8.5-5.el5_1.1.x86_64.rpm
0d59f6f236006e26d2bdb13835adfbe5 ruby-libs-1.8.5-5.el5_1.1.i386.rpm
7cdaed976249c0f131f545adc6d34a19 ruby-libs-1.8.5-5.el5_1.1.x86_64.rpm
42b2fdf9d6d85e4701938042d05da90e ruby-mode-1.8.5-5.el5_1.1.x86_64.rpm
b9daa1cda45b5c9eb7977162d32932f8 ruby-rdoc-1.8.5-5.el5_1.1.x86_64.rpm
7a97f1f171c16e36bd85abbbadab358b ruby-ri-1.8.5-5.el5_1.1.x86_64.rpm
9e1e70b9dd97366bd2d46a3bd87da52d ruby-tcltk-1.8.5-5.el5_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5770
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHOXW1XlSAg2UNWIIRAjfGAJ4hK/7/KqFVYetVhIxsaFicYMO9DQCgtBaX
t8gAEpDflWZnbE3ZbSQHXcs=
=loqA
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_20070965_01_moderate_ruby_security_update.html)