Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2004:128 - Updated ruby packages fix remote DoS vulnerability
From: Mandrake Linux Security Team <security () linux-mandrake com>
Date: 8 Nov 2004 20:53:07 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           ruby
 Advisory ID:            MDKSA-2004:128
 Date:                   November 8th, 2004

 Affected versions:      10.0, 10.1, 9.2, Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 Andres Salomon noticed a problem with the CGI session management in
 Ruby.  The CGI:Session's FileStore implementations store session
 information in an insecure manner by just creating files and ignoring
 permission issues (CAN-2004-0755).
 
 The ruby developers have corrected a problem in the ruby CGI module
 that can be triggered remotely and cause an inifinite loop on the
 server (CAN-2004-0983).
 
 The updated packages are patched to prevent these problems.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0755
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0983
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 78ad14ec966b0555089e94ad19604b44  10.0/RPMS/ruby-1.8.1-1.2.100mdk.i586.rpm
 33d12ff3583ced4c88be97fb473b0813  10.0/RPMS/ruby-devel-1.8.1-1.2.100mdk.i586.rpm
 776bfc4df4f2c093efceebe470391707  10.0/RPMS/ruby-doc-1.8.1-1.2.100mdk.i586.rpm
 890a20e02c7f46b47adf6a8f78223659  10.0/RPMS/ruby-tk-1.8.1-1.2.100mdk.i586.rpm
 35abe65664a41317a279ef320d56ac46  10.0/SRPMS/ruby-1.8.1-1.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 a264a378c30202cea578c9a4594b3eeb  amd64/10.0/RPMS/ruby-1.8.1-1.2.100mdk.amd64.rpm
 37bfe093ef80363bedba7b2dadf51bd6  amd64/10.0/RPMS/ruby-devel-1.8.1-1.2.100mdk.amd64.rpm
 f87a35ff158820c1e237306a76ad45c2  amd64/10.0/RPMS/ruby-doc-1.8.1-1.2.100mdk.amd64.rpm
 c2bed939a9ca7da197f949b71a3a1687  amd64/10.0/RPMS/ruby-tk-1.8.1-1.2.100mdk.amd64.rpm
 35abe65664a41317a279ef320d56ac46  amd64/10.0/SRPMS/ruby-1.8.1-1.2.100mdk.src.rpm

 Mandrakelinux 10.1:
 101f9a5772044b5267a1be98b36dcac5  10.1/RPMS/ruby-1.8.1-4.2.101mdk.i586.rpm
 72c1c8413c801e599dfc174041754384  10.1/RPMS/ruby-devel-1.8.1-4.2.101mdk.i586.rpm
 b9c6fce1facc4bdbf829435b6075d266  10.1/RPMS/ruby-doc-1.8.1-4.2.101mdk.i586.rpm
 b2f516a033fb089f5a5819dcb9f2a38c  10.1/RPMS/ruby-tk-1.8.1-4.2.101mdk.i586.rpm
 d356531e89645a5aa9e2f5ad7dac55dd  10.1/SRPMS/ruby-1.8.1-4.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 dc340846e8c30a4ef9115eb7e20520c3  x86_64/10.1/RPMS/ruby-1.8.1-4.2.101mdk.x86_64.rpm
 234644faf341899ae3f251cbfb09f0da  x86_64/10.1/RPMS/ruby-devel-1.8.1-4.2.101mdk.x86_64.rpm
 b4b7876cc7762e09469e2d60ccb7f4f2  x86_64/10.1/RPMS/ruby-doc-1.8.1-4.2.101mdk.x86_64.rpm
 4177169d6970c4dd3210ca8a15cffead  x86_64/10.1/RPMS/ruby-tk-1.8.1-4.2.101mdk.x86_64.rpm
 d356531e89645a5aa9e2f5ad7dac55dd  x86_64/10.1/SRPMS/ruby-1.8.1-4.2.101mdk.src.rpm

 Corporate Server 2.1:
 8467a2a206b02e729e39601e1762af1c  corporate/2.1/RPMS/ruby-1.6.7-5.2.C21mdk.i586.rpm
 236abcc01b4cabc4f70bbf76d73a604b  corporate/2.1/RPMS/ruby-devel-1.6.7-5.2.C21mdk.i586.rpm
 47155447664218a143dca3f9c03c1316  corporate/2.1/RPMS/ruby-doc-1.6.7-5.2.C21mdk.i586.rpm
 97ca9727e9f927e30723eeda3a935568  corporate/2.1/RPMS/ruby-tk-1.6.7-5.2.C21mdk.i586.rpm
 451b383b9a34d35fb11bab1e917437de  corporate/2.1/SRPMS/ruby-1.6.7-5.2.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 175f8a45c99de3487df134df6fb22ef4  x86_64/corporate/2.1/RPMS/ruby-1.6.7-5.2.C21mdk.x86_64.rpm
 1d303628932bff75f684be71a6e453f1  x86_64/corporate/2.1/RPMS/ruby-devel-1.6.7-5.2.C21mdk.x86_64.rpm
 a937b87c10e5f3ecb41610e64b09c9ba  x86_64/corporate/2.1/RPMS/ruby-doc-1.6.7-5.2.C21mdk.x86_64.rpm
 40a44ec634f8929394835d5c561ad212  x86_64/corporate/2.1/RPMS/ruby-tk-1.6.7-5.2.C21mdk.x86_64.rpm
 451b383b9a34d35fb11bab1e917437de  x86_64/corporate/2.1/SRPMS/ruby-1.6.7-5.2.C21mdk.src.rpm

 Mandrakelinux 9.2:
 6f8ee2c9308debe5b391b322f93e9524  9.2/RPMS/ruby-1.8.0-4.2.92mdk.i586.rpm
 58cabdd982a8c760e7af0fb5e81d9dc7  9.2/RPMS/ruby-devel-1.8.0-4.2.92mdk.i586.rpm
 c7b7d678f4cb76b79996380f2f04a747  9.2/RPMS/ruby-doc-1.8.0-4.2.92mdk.i586.rpm
 c613fe92253fdfe9f581eb0af17f75d1  9.2/RPMS/ruby-tk-1.8.0-4.2.92mdk.i586.rpm
 95e4882f99900e40a8e9680ecf5d08e1  9.2/SRPMS/ruby-1.8.0-4.2.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 c4d3b440f5c11465b8d496bf4f531df4  amd64/9.2/RPMS/ruby-1.8.0-4.2.92mdk.amd64.rpm
 ca6c4b4aac7aa3d091ef62f0cefa3820  amd64/9.2/RPMS/ruby-devel-1.8.0-4.2.92mdk.amd64.rpm
 ce56f743c39e354939ff4ca43f288d14  amd64/9.2/RPMS/ruby-doc-1.8.0-4.2.92mdk.amd64.rpm
 096e63f35549468726f50ffe2bfa28e7  amd64/9.2/RPMS/ruby-tk-1.8.0-4.2.92mdk.amd64.rpm
 95e4882f99900e40a8e9680ecf5d08e1  amd64/9.2/SRPMS/ruby-1.8.0-4.2.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBj9yymqjQ0CJFipgRApMsAKCTPn9wTytfhR6er9Xz+gPAlBGTRQCgo6ur
JC6CkTKLC4uRqAYHbhFZpyU=
=I8fV
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • MDKSA-2004:128 - Updated ruby packages fix remote DoS vulnerability Mandrake Linux Security Team (Nov 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]