Home page logo
/

bugtraq logo Bugtraq mailing list archives

MDKSA-2005:118 - Updated ruby packages fix vulnerabilities
From: Mandriva Security Team <security () mandriva com>
Date: Tue, 12 Jul 2005 18:21:38 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           ruby
 Advisory ID:            MDKSA-2005:118
 Date:                   July 12th, 2005

 Affected versions:      10.1, 10.2, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 A vulnerability was discovered in ruby version 1.8 that could allow for
 the execution of arbitrary commands on a server running the ruby xmlrpc
 server.
 
 The updated packages have been patched to address this issue.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1992
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 043863c657386a3854a0360efe400485  10.1/RPMS/ruby-1.8.1-4.3.101mdk.i586.rpm
 2a8de5aaf553cae5ba5fc4ce64989c2a  10.1/RPMS/ruby-devel-1.8.1-4.3.101mdk.i586.rpm
 b05c05c460299fb987781b1a7bcb76a3  10.1/RPMS/ruby-doc-1.8.1-4.3.101mdk.i586.rpm
 a639754ad5ddec161d3e6310d2c8f597  10.1/RPMS/ruby-tk-1.8.1-4.3.101mdk.i586.rpm
 6b8c255d78584b374868f68c0fba1f9a  10.1/SRPMS/ruby-1.8.1-4.3.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 422ce1ef49205b71ec46cba5b324596e  x86_64/10.1/RPMS/ruby-1.8.1-4.3.101mdk.x86_64.rpm
 9cd8d758760b3a6f8e2d294b49974795  x86_64/10.1/RPMS/ruby-devel-1.8.1-4.3.101mdk.x86_64.rpm
 d1f77bd35fec7be67c174d421004cc99  x86_64/10.1/RPMS/ruby-doc-1.8.1-4.3.101mdk.x86_64.rpm
 ff201be467588f67119dac4c77d2451d  x86_64/10.1/RPMS/ruby-tk-1.8.1-4.3.101mdk.x86_64.rpm
 6b8c255d78584b374868f68c0fba1f9a  x86_64/10.1/SRPMS/ruby-1.8.1-4.3.101mdk.src.rpm

 Mandrakelinux 10.2:
 1abe15ec37c10254da6f869a91f462d6  10.2/RPMS/ruby-1.8.2-6.1.102mdk.i586.rpm
 69902e1e9f69fa0417de527b86b08129  10.2/RPMS/ruby-devel-1.8.2-6.1.102mdk.i586.rpm
 79d13e6dc12446bf0d4ceba8f3891746  10.2/RPMS/ruby-doc-1.8.2-6.1.102mdk.i586.rpm
 4d1bae45003f12c8f640354654d08c66  10.2/RPMS/ruby-tk-1.8.2-6.1.102mdk.i586.rpm
 72470b9bdecc8085247dd3ea9bfd026e  10.2/SRPMS/ruby-1.8.2-6.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 6defbc537392fd90ca86512ec16f84ba  x86_64/10.2/RPMS/ruby-1.8.2-6.1.102mdk.x86_64.rpm
 42f826518c7e2d7184409006156e85a1  x86_64/10.2/RPMS/ruby-devel-1.8.2-6.1.102mdk.x86_64.rpm
 be826ba64425c2b6257ae2106311c4ba  x86_64/10.2/RPMS/ruby-doc-1.8.2-6.1.102mdk.x86_64.rpm
 a229474a25b363f856dc73999e620409  x86_64/10.2/RPMS/ruby-tk-1.8.2-6.1.102mdk.x86_64.rpm
 72470b9bdecc8085247dd3ea9bfd026e  x86_64/10.2/SRPMS/ruby-1.8.2-6.1.102mdk.src.rpm

 Corporate 3.0:
 ee7b55f434cddfabbb51ff7de4b4300a  corporate/3.0/RPMS/ruby-1.8.1-1.3.C30mdk.i586.rpm
 8f30c891611ec8a94f2547ea9d6fc4f5  corporate/3.0/RPMS/ruby-devel-1.8.1-1.3.C30mdk.i586.rpm
 82012434d3fe44cfd6d3f22643382134  corporate/3.0/RPMS/ruby-doc-1.8.1-1.3.C30mdk.i586.rpm
 fac1f5244b97d58523ddf13afa550889  corporate/3.0/RPMS/ruby-tk-1.8.1-1.3.C30mdk.i586.rpm
 7781778b81a36b85cfb60424337ab463  corporate/3.0/SRPMS/ruby-1.8.1-1.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 8dccd5b797263c2784a6159bdf1b4614  x86_64/corporate/3.0/RPMS/ruby-1.8.1-1.3.C30mdk.x86_64.rpm
 89b25dcefd9e99b9b67255f1ed862946  x86_64/corporate/3.0/RPMS/ruby-devel-1.8.1-1.3.C30mdk.x86_64.rpm
 24559489e7e1aebe6f7f788caa31d0c3  x86_64/corporate/3.0/RPMS/ruby-doc-1.8.1-1.3.C30mdk.x86_64.rpm
 2737e9bdaafe436bcec1a367d4c80c82  x86_64/corporate/3.0/RPMS/ruby-tk-1.8.1-1.3.C30mdk.x86_64.rpm
 7781778b81a36b85cfb60424337ab463  x86_64/corporate/3.0/SRPMS/ruby-1.8.1-1.3.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC1F6SmqjQ0CJFipgRApk6AKDYfxK9rSRXzCjoUrweytJnimPijQCeJa46
/RtageXCJm+dnkONlvjpd2Q=
=X4d+
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • MDKSA-2005:118 - Updated ruby packages fix vulnerabilities Mandriva Security Team (Jul 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]