Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2005:191 - Updated ruby packages fix safe level and taint flag protections vulnerability
From: Mandriva Security Team <security () mandriva com>
Date: Fri, 21 Oct 2005 00:26:08 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           ruby
 Advisory ID:            MDKSA-2005:191
 Date:                   October 20th, 2005

 Affected versions:      10.1, 10.2, 2006.0, Corporate 3.0,
                         Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented 
 scripting language, that can cause illegal program code to bypass the safe 
 level and taint flag protections check and be executed.
 
 The updated packages have been patched to address this issue.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2337
 ______________________________________________________________________

 Updated Packages:
  
 Mandrivalinux 10.1:
 013e98f0b0a09acd8c48b5d438c4e151  10.1/RPMS/ruby-1.8.1-4.4.101mdk.i586.rpm
 479e965b6302bd0e74b8699f0a7b9f46  10.1/RPMS/ruby-devel-1.8.1-4.4.101mdk.i586.rpm
 b5654a6d4bab0b5a33e3e65fdb8bab52  10.1/RPMS/ruby-doc-1.8.1-4.4.101mdk.i586.rpm
 2294bfd6f57ebc2cc6eb353e4a62a4b5  10.1/RPMS/ruby-tk-1.8.1-4.4.101mdk.i586.rpm
 5407dfbbb45af31d3ffa53f120773f77  10.1/SRPMS/ruby-1.8.1-4.4.101mdk.src.rpm

 Mandrivalinux 10.1/X86_64:
 b8347f871a62a176f049cbe010e298ce  x86_64/10.1/RPMS/ruby-1.8.1-4.4.101mdk.x86_64.rpm
 b9ac7ecba0bc317869795146cf3cc5a4  x86_64/10.1/RPMS/ruby-devel-1.8.1-4.4.101mdk.x86_64.rpm
 7803195d658cdf63324f8bf54753018e  x86_64/10.1/RPMS/ruby-doc-1.8.1-4.4.101mdk.x86_64.rpm
 0f6cb61b12453673ef4a7fb99b6069af  x86_64/10.1/RPMS/ruby-tk-1.8.1-4.4.101mdk.x86_64.rpm
 5407dfbbb45af31d3ffa53f120773f77  x86_64/10.1/SRPMS/ruby-1.8.1-4.4.101mdk.src.rpm

 Mandrivalinux 10.2:
 8dacd4429ab40932585f32c446c485c4  10.2/RPMS/ruby-1.8.2-6.2.102mdk.i586.rpm
 9bd632d447a4181d23df23b201ed0449  10.2/RPMS/ruby-devel-1.8.2-6.2.102mdk.i586.rpm
 2791a34503afa5961322eaf5fc333bd4  10.2/RPMS/ruby-doc-1.8.2-6.2.102mdk.i586.rpm
 049930c32634b61b84d9dee864e61aa9  10.2/RPMS/ruby-tk-1.8.2-6.2.102mdk.i586.rpm
 dc977cb9732027526dbd44560782efaa  10.2/SRPMS/ruby-1.8.2-6.2.102mdk.src.rpm

 Mandrivalinux 10.2/X86_64:
 9f6f824fa7aded95ede337b87be9f755  x86_64/10.2/RPMS/ruby-1.8.2-6.2.102mdk.x86_64.rpm
 0ad81eece9fc0407edeaadc5022968ea  x86_64/10.2/RPMS/ruby-doc-1.8.2-6.2.102mdk.x86_64.rpm
 0cbd8c37bb4aea5c10cda8365f7ed24f  x86_64/10.2/RPMS/ruby-devel-1.8.2-6.2.102mdk.x86_64.rpm
 3f09e472b1cecb61a8678d020011950c  x86_64/10.2/RPMS/ruby-tk-1.8.2-6.2.102mdk.x86_64.rpm
 dc977cb9732027526dbd44560782efaa  x86_64/10.2/SRPMS/ruby-1.8.2-6.2.102mdk.src.rpm

 Mandrivalinux 2006.0:
 c06382cc5f1a7fc8cc2c40b9711faaf7  2006.0/RPMS/ruby-1.8.2-7.1.20060mdk.i586.rpm
 5e9055ac81c54dd7f3890545218e4c45  2006.0/RPMS/ruby-devel-1.8.2-7.1.20060mdk.i586.rpm
 cebf1739bb3556133869e7b7e9a00d0a  2006.0/RPMS/ruby-doc-1.8.2-7.1.20060mdk.i586.rpm
 98c29d442e747bf59eb7ea9e6827f71b  2006.0/RPMS/ruby-tk-1.8.2-7.1.20060mdk.i586.rpm
 097adecc2dd5717d2a680022e45ff0cb  2006.0/SRPMS/ruby-1.8.2-7.1.20060mdk.src.rpm

 Mandrivalinux 2006.0/X86_64:
 b3bfdeb9f7cfa57a7fa9c3c7f596d56e  x86_64/2006.0/RPMS/ruby-1.8.2-7.1.20060mdk.x86_64.rpm
 1cb9a200ad2c5164e8b7eff06753af39  x86_64/2006.0/RPMS/ruby-devel-1.8.2-7.1.20060mdk.x86_64.rpm
 cff404480732c672d36ca80b8ca1a4ec  x86_64/2006.0/RPMS/ruby-doc-1.8.2-7.1.20060mdk.x86_64.rpm
 01bb92434b21127244b0fcd452a06251  x86_64/2006.0/RPMS/ruby-tk-1.8.2-7.1.20060mdk.x86_64.rpm
 097adecc2dd5717d2a680022e45ff0cb  x86_64/2006.0/SRPMS/ruby-1.8.2-7.1.20060mdk.src.rpm

 Corporate Server 2.1:
 2aa9219b24bbcf8673df418eb373881b  corporate/2.1/RPMS/ruby-devel-1.6.7-5.3.C21mdk.i586.rpm
 e5b4282401bf2c0794d14b52d7c6c319  corporate/2.1/RPMS/ruby-1.6.7-5.3.C21mdk.i586.rpm
 e72d411868d4ca8d7a05ba2e0baee926  corporate/2.1/RPMS/ruby-doc-1.6.7-5.3.C21mdk.i586.rpm
 c795d629e28719f7fe1e8a1619805fdc  corporate/2.1/RPMS/ruby-tk-1.6.7-5.3.C21mdk.i586.rpm
 61457cb16d1b24e1c31a10c687af94ef  corporate/2.1/SRPMS/ruby-1.6.7-5.3.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 d477751b1302ec7c5f271fe9597216fa  x86_64/corporate/2.1/RPMS/ruby-1.6.7-5.3.C21mdk.x86_64.rpm
 b7ac888d722dc6fb8c5b9b9207e34ea3  x86_64/corporate/2.1/RPMS/ruby-devel-1.6.7-5.3.C21mdk.x86_64.rpm
 27a29077b76158382c514b965fdf614f  x86_64/corporate/2.1/RPMS/ruby-doc-1.6.7-5.3.C21mdk.x86_64.rpm
 0e4752d11d67acdabc4561c37c41511e  x86_64/corporate/2.1/RPMS/ruby-tk-1.6.7-5.3.C21mdk.x86_64.rpm
 61457cb16d1b24e1c31a10c687af94ef  x86_64/corporate/2.1/SRPMS/ruby-1.6.7-5.3.C21mdk.src.rpm

 Corporate 3.0:
 704c24801697727ef0085d6408cc9d11  corporate/3.0/RPMS/ruby-1.8.1-1.4.C30mdk.i586.rpm
 6a89e560b9f9ce68ed352cc3409ebf22  corporate/3.0/RPMS/ruby-devel-1.8.1-1.4.C30mdk.i586.rpm
 cfcc4c2bf95f4ae6b3a0fb7013b25618  corporate/3.0/RPMS/ruby-doc-1.8.1-1.4.C30mdk.i586.rpm
 482e8dcdbedcac577f91c9133647c3cc  corporate/3.0/RPMS/ruby-tk-1.8.1-1.4.C30mdk.i586.rpm
 a05a8da48327c79254cabaf42a7002d3  corporate/3.0/SRPMS/ruby-1.8.1-1.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 416a775e25eca23fe89314e4f0c1c762  x86_64/corporate/3.0/RPMS/ruby-1.8.1-1.4.C30mdk.x86_64.rpm
 9ee750fd72214d68a95e2a45967e4107  x86_64/corporate/3.0/RPMS/ruby-devel-1.8.1-1.4.C30mdk.x86_64.rpm
 c4e65ac8d2660883cd6f9bb87b33db61  x86_64/corporate/3.0/RPMS/ruby-doc-1.8.1-1.4.C30mdk.x86_64.rpm
 871cb8738de7856ab3d5d0602e3bfa10  x86_64/corporate/3.0/RPMS/ruby-tk-1.8.1-1.4.C30mdk.x86_64.rpm
 a05a8da48327c79254cabaf42a7002d3  x86_64/corporate/3.0/SRPMS/ruby-1.8.1-1.4.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDWIoAmqjQ0CJFipgRAmWAAKC2bXtS0hkrz2D8YGR1CPZK1Mb36QCeJ73+
HLz1sPgGs4IBkVKUEn36DsI=
=JLok
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • MDKSA-2005:191 - Updated ruby packages fix safe level and taint flag protections vulnerability Mandriva Security Team (Oct 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]