[Security Announce] [ MDKSA-2006:225 ] - Updated ruby packages fix DoS vulnerability
Posted on: 12/06/2006 08:20 PM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:225
http://www.mandriva.com/security/
_______________________________________________________________________

Package : ruby
Date : December 6, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

Another vulnerability has been discovered in the CGI library (cgi.rb)
that ships with Ruby which could be used by a malicious user to create
a denial of service attack (DoS).

Updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6303
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
cf4eb0abe6d54c41a9b7e94adbd894ab 2006.0/i586/ruby-1.8.2-7.5.20060mdk.i586.rpm
42a501b32ad7f9c1140d2665a8c35bdf 2006.0/i586/ruby-devel-1.8.2-7.5.20060mdk.i586.rpm
fadf1005a3cecb41da322d6472023562 2006.0/i586/ruby-doc-1.8.2-7.5.20060mdk.i586.rpm
6754c4c9f5047d032a15819820595fcb 2006.0/i586/ruby-tk-1.8.2-7.5.20060mdk.i586.rpm
fb133b0d4f1b5eb27e67f0eb39772564 2006.0/SRPMS/ruby-1.8.2-7.5.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
a68db589ace220742904a49587e65087 2006.0/x86_64/ruby-1.8.2-7.5.20060mdk.x86_64.rpm
7f14ec97214b7f501c7bcd8963ad2b0a 2006.0/x86_64/ruby-devel-1.8.2-7.5.20060mdk.x86_64.rpm
5b6604fd9628a2312ee2b7f3b4371f45 2006.0/x86_64/ruby-doc-1.8.2-7.5.20060mdk.x86_64.rpm
ba38430b90e8b454c7b2228073c4d3dd 2006.0/x86_64/ruby-tk-1.8.2-7.5.20060mdk.x86_64.rpm
fb133b0d4f1b5eb27e67f0eb39772564 2006.0/SRPMS/ruby-1.8.2-7.5.20060mdk.src.rpm

Mandriva Linux 2007.0:
b126d91632869a7a659f7044cbca180c 2007.0/i586/ruby-1.8.5-2.2mdv2007.0.i586.rpm
a1414e09dcb3d0c858e3fc5070608e47 2007.0/i586/ruby-devel-1.8.5-2.2mdv2007.0.i586.rpm
d6bf66762039af18a6c5f0a8b27d2bfa 2007.0/i586/ruby-doc-1.8.5-2.2mdv2007.0.i586.rpm
017468bee38279e7f42adad194866cff 2007.0/i586/ruby-tk-1.8.5-2.2mdv2007.0.i586.rpm
45e958263f67f96797318621052f1e3f 2007.0/SRPMS/ruby-1.8.5-2.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
2721a9103870075c0e64dd1a7c01b9a5 2007.0/x86_64/ruby-1.8.5-2.2mdv2007.0.x86_64.rpm
6b6bd12e97b4ddf070849603bea45623 2007.0/x86_64/ruby-devel-1.8.5-2.2mdv2007.0.x86_64.rpm
2e163941297e43e62d2f798a93efe960 2007.0/x86_64/ruby-doc-1.8.5-2.2mdv2007.0.x86_64.rpm
d953012dc537a4f6e8343138d8f32f31 2007.0/x86_64/ruby-tk-1.8.5-2.2mdv2007.0.x86_64.rpm
45e958263f67f96797318621052f1e3f 2007.0/SRPMS/ruby-1.8.5-2.2mdv2007.0.src.rpm

Corporate 3.0:
95abd86462f84450392cd41ab5946666 corporate/3.0/i586/ruby-1.8.1-1.8.C30mdk.i586.rpm
174fe6c12a1a6a7dbf03f755cf0a57cd corporate/3.0/i586/ruby-devel-1.8.1-1.8.C30mdk.i586.rpm
2d0e7d3f950e7040f6e6c19a921bdb78 corporate/3.0/i586/ruby-doc-1.8.1-1.8.C30mdk.i586.rpm
37fe39a689b25aa2caf193994a5dbf05 corporate/3.0/i586/ruby-tk-1.8.1-1.8.C30mdk.i586.rpm
71b024abd10b00f7e278e39492f98aa6 corporate/3.0/SRPMS/ruby-1.8.1-1.8.C30mdk.src.rpm

Corporate 3.0/X86_64:
366a4003551813d500eec00996981abf corporate/3.0/x86_64/ruby-1.8.1-1.8.C30mdk.x86_64.rpm
ef95e042be0f3a881ae6a66502c1c905 corporate/3.0/x86_64/ruby-devel-1.8.1-1.8.C30mdk.x86_64.rpm
d72e56164f0a0fcb99b190dbb2ce7c2c corporate/3.0/x86_64/ruby-doc-1.8.1-1.8.C30mdk.x86_64.rpm
81c6c9a396d26dea3bd683c2207eb96b corporate/3.0/x86_64/ruby-tk-1.8.1-1.8.C30mdk.x86_64.rpm
71b024abd10b00f7e278e39492f98aa6 corporate/3.0/SRPMS/ruby-1.8.1-1.8.C30mdk.src.rpm

Corporate 4.0:
9796f3458efc694c98ab821158a0599b corporate/4.0/i586/ruby-1.8.2-7.5.20060mlcs4.i586.rpm
3578dc2bd6735967f79f43b21b14f8b2 corporate/4.0/i586/ruby-devel-1.8.2-7.5.20060mlcs4.i586.rpm
4505b6152a025ecef599e48c4ef11763 corporate/4.0/i586/ruby-doc-1.8.2-7.5.20060mlcs4.i586.rpm
466b48eb68199179c044b8a0fe5f7a3f corporate/4.0/i586/ruby-tk-1.8.2-7.5.20060mlcs4.i586.rpm
b7f41e2f4f5f71e3c2f214c041957533 corporate/4.0/SRPMS/ruby-1.8.2-7.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
2771fffe29e377ea0bcf594bb94a0f7b corporate/4.0/x86_64/ruby-1.8.2-7.5.20060mlcs4.x86_64.rpm
2d0b06a00590a0dfae303be8079f852a corporate/4.0/x86_64/ruby-devel-1.8.2-7.5.20060mlcs4.x86_64.rpm
87d597d03cc146b1b9ac89e29b7a2879 corporate/4.0/x86_64/ruby-doc-1.8.2-7.5.20060mlcs4.x86_64.rpm
ec2d09506bfebab08d523fd258f8136b corporate/4.0/x86_64/ruby-tk-1.8.2-7.5.20060mlcs4.x86_64.rpm
b7f41e2f4f5f71e3c2f214c041957533 corporate/4.0/SRPMS/ruby-1.8.2-7.5.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFduZamqjQ0CJFipgRAv9iAKDPZ8d8ORe8hjsnV+kvVFm9ZHsZZwCcD/PC
3qAszwS/61EmGp8G9xExGA8=
=cEew
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2006225__updated_ruby_packages_fix_dos_vulnerability.html)