lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1G6ZAi-0003QE-Ej@mercury.mandriva.com>
Date: Fri, 28 Jul 2006 14:43:00 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2006:134 ] - Updated ruby packages fix safe-level vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:134
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : ruby
 Date    : July 28, 2006
 Affected: 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 A number of flaws were discovered in the safe-level restrictions in
 the Ruby language.  Because of these flaws, it would be possible for
 an attacker to create a carefully crafted malicious script that could
 allow them to bypass certain safe-level restrictions.
 
 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3694
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 8eed80b6fcd6b41fc7c15d617732c97c  2006.0/RPMS/ruby-1.8.2-7.3.20060mdk.i586.rpm
 770370523d64d39b003943cd4363b55d  2006.0/RPMS/ruby-devel-1.8.2-7.3.20060mdk.i586.rpm
 737aad366fda8c8b75ca7b8739bc19bc  2006.0/RPMS/ruby-doc-1.8.2-7.3.20060mdk.i586.rpm
 949de9702c29ffa2519e3c9bd4866127  2006.0/RPMS/ruby-tk-1.8.2-7.3.20060mdk.i586.rpm
 37aaacc8b046ceb135833a201e229d95  2006.0/SRPMS/ruby-1.8.2-7.3.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 a84ffa78943e7e69c172a824a8804c65  x86_64/2006.0/RPMS/ruby-1.8.2-7.3.20060mdk.x86_64.rpm
 7e4e992fed64a245f8d4450b279f45e5  x86_64/2006.0/RPMS/ruby-devel-1.8.2-7.3.20060mdk.x86_64.rpm
 65a180f269c974a673beb9d35366de5e  x86_64/2006.0/RPMS/ruby-doc-1.8.2-7.3.20060mdk.x86_64.rpm
 db56c49363d539bb66d0ec9975b74c57  x86_64/2006.0/RPMS/ruby-tk-1.8.2-7.3.20060mdk.x86_64.rpm
 37aaacc8b046ceb135833a201e229d95  x86_64/2006.0/SRPMS/ruby-1.8.2-7.3.20060mdk.src.rpm

 Corporate 3.0:
 04ae53b4b5662872aba838c9fbd72466  corporate/3.0/RPMS/ruby-1.8.1-1.6.C30mdk.i586.rpm
 c1e94f6f01fca30ce36227b91e466f21  corporate/3.0/RPMS/ruby-devel-1.8.1-1.6.C30mdk.i586.rpm
 c5019548c2003c1da8a8aa95617c22f4  corporate/3.0/RPMS/ruby-doc-1.8.1-1.6.C30mdk.i586.rpm
 a7e171ffa0477f6da36bdf9707e163b4  corporate/3.0/RPMS/ruby-tk-1.8.1-1.6.C30mdk.i586.rpm
 fb9c099b9c479dbd284e2bcd8d07699f  corporate/3.0/SRPMS/ruby-1.8.1-1.6.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 20a7d42a40547b1bed6aac4900386537  x86_64/corporate/3.0/RPMS/ruby-1.8.1-1.6.C30mdk.x86_64.rpm
 ef6b2b513036f3f9b6f9e43bbdd83a50  x86_64/corporate/3.0/RPMS/ruby-devel-1.8.1-1.6.C30mdk.x86_64.rpm
 59a038e5c8928e6a81b57984f5260eca  x86_64/corporate/3.0/RPMS/ruby-doc-1.8.1-1.6.C30mdk.x86_64.rpm
 e613282d66e153526b1e6a23062c2e9e  x86_64/corporate/3.0/RPMS/ruby-tk-1.8.1-1.6.C30mdk.x86_64.rpm
 fb9c099b9c479dbd284e2bcd8d07699f  x86_64/corporate/3.0/SRPMS/ruby-1.8.1-1.6.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEykoomqjQ0CJFipgRAsaWAJ9mcBNpKEbsAJLL+2rf8taG4nRSOgCgxV/3
YO5uxqMIyBE6dno3W+gKNV0=
=xuDy
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ