[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MVYsP-0000xC-Er@titan.mandriva.com>
Date: Tue, 28 Jul 2009 00:41:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:160 ] ruby
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:160
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ruby
Date : July 27, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before
p173 allows context-dependent attackers to cause a denial of service
(application crash) via a string argument that represents a large
number, as demonstrated by an attempted conversion to the Float
data type.
This update corrects the problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1904
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
023e157e46bd5bd7459e965fa09c3648 2008.1/i586/ruby-1.8.6-9p114.3mdv2008.1.i586.rpm
a21992cd7008cd9aef8387181b94d67d 2008.1/i586/ruby-devel-1.8.6-9p114.3mdv2008.1.i586.rpm
0a85f97c48fb3be6aab45e03318b7ab3 2008.1/i586/ruby-doc-1.8.6-9p114.3mdv2008.1.i586.rpm
b3af576494298b07e2c7b9c216c06d9f 2008.1/i586/ruby-tk-1.8.6-9p114.3mdv2008.1.i586.rpm
fb5a1433a4d764a8e74782bf000f3b5d 2008.1/SRPMS/ruby-1.8.6-9p114.3mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
b7a23f5b04ce3f274e414ab97578fc6a 2008.1/x86_64/ruby-1.8.6-9p114.3mdv2008.1.x86_64.rpm
8a76ef7557b8e30393edbc5e7d85a826 2008.1/x86_64/ruby-devel-1.8.6-9p114.3mdv2008.1.x86_64.rpm
a578aa2ec9a865778ea40c3162f87d18 2008.1/x86_64/ruby-doc-1.8.6-9p114.3mdv2008.1.x86_64.rpm
37cc5a1f43a81db852642d74a0722dc1 2008.1/x86_64/ruby-tk-1.8.6-9p114.3mdv2008.1.x86_64.rpm
fb5a1433a4d764a8e74782bf000f3b5d 2008.1/SRPMS/ruby-1.8.6-9p114.3mdv2008.1.src.rpm
Mandriva Linux 2009.0:
70686e958527580cdd6170e4c69c1b79 2009.0/i586/ruby-1.8.7-7p72.1mdv2009.0.i586.rpm
f4163392e6383729b356b00a401f1065 2009.0/i586/ruby-devel-1.8.7-7p72.1mdv2009.0.i586.rpm
fb737159f3c8ec9604c75e9ca1b30b2f 2009.0/i586/ruby-doc-1.8.7-7p72.1mdv2009.0.i586.rpm
0677b6803841bb4a6a3058c92a77b97d 2009.0/i586/ruby-tk-1.8.7-7p72.1mdv2009.0.i586.rpm
992cfbd92c67db3f76e18f4aef57b495 2009.0/SRPMS/ruby-1.8.7-7p72.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
f301015f7363b5956378dd5987acd747 2009.0/x86_64/ruby-1.8.7-7p72.1mdv2009.0.x86_64.rpm
6e4f8ef15c3e675044ff715a2ba5b953 2009.0/x86_64/ruby-devel-1.8.7-7p72.1mdv2009.0.x86_64.rpm
0c7ea2ff4e407088182040eac48a296e 2009.0/x86_64/ruby-doc-1.8.7-7p72.1mdv2009.0.x86_64.rpm
1ad365ce9723434a4975e59950c35e91 2009.0/x86_64/ruby-tk-1.8.7-7p72.1mdv2009.0.x86_64.rpm
992cfbd92c67db3f76e18f4aef57b495 2009.0/SRPMS/ruby-1.8.7-7p72.1mdv2009.0.src.rpm
Mandriva Linux 2009.1:
569f8d2203a5c676548b1b9795d703ab 2009.1/i586/ruby-1.8.7-9p72.1mdv2009.1.i586.rpm
df2b8d16b9d0fa0b4dab3c806bc3643e 2009.1/i586/ruby-devel-1.8.7-9p72.1mdv2009.1.i586.rpm
69413d3a3b22f6039be86376cf11c271 2009.1/i586/ruby-doc-1.8.7-9p72.1mdv2009.1.i586.rpm
7d2ee3b518a38c12ac48377c50a513c9 2009.1/i586/ruby-tk-1.8.7-9p72.1mdv2009.1.i586.rpm
3808ba088fcc965ec8fa0a866a3263b5 2009.1/SRPMS/ruby-1.8.7-9p72.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
4ccd63e8cb926629a1c308431b29a11b 2009.1/x86_64/ruby-1.8.7-9p72.1mdv2009.1.x86_64.rpm
589238b971d9b619209abaace4748d23 2009.1/x86_64/ruby-devel-1.8.7-9p72.1mdv2009.1.x86_64.rpm
f5d5dfb99dd43d8549d45cfb343efcf0 2009.1/x86_64/ruby-doc-1.8.7-9p72.1mdv2009.1.x86_64.rpm
76626abab2f83c83251bb1f0ec66b657 2009.1/x86_64/ruby-tk-1.8.7-9p72.1mdv2009.1.x86_64.rpm
3808ba088fcc965ec8fa0a866a3263b5 2009.1/SRPMS/ruby-1.8.7-9p72.1mdv2009.1.src.rpm
Corporate 3.0:
08537459d909f238d66290d38c852cdc corporate/3.0/i586/ruby-1.8.1-1.12.C30mdk.i586.rpm
7fe8a837dd45a10f653c68e50f4fcc19 corporate/3.0/i586/ruby-devel-1.8.1-1.12.C30mdk.i586.rpm
517345ca6ad8b44da9b377bbc147ae28 corporate/3.0/i586/ruby-doc-1.8.1-1.12.C30mdk.i586.rpm
ee288e4ba1de7c3ee07217485e13a653 corporate/3.0/i586/ruby-tk-1.8.1-1.12.C30mdk.i586.rpm
55165fb24dbe048b23e42f43626c2baa corporate/3.0/SRPMS/ruby-1.8.1-1.12.C30mdk.src.rpm
Corporate 3.0/X86_64:
88ff118792ab4b5d63e7029d6092e278 corporate/3.0/x86_64/ruby-1.8.1-1.12.C30mdk.x86_64.rpm
0c650d9ef35da1b3e737da192a7c1880 corporate/3.0/x86_64/ruby-devel-1.8.1-1.12.C30mdk.x86_64.rpm
5250acbab6ac96ff609058b21b2b4d4f corporate/3.0/x86_64/ruby-doc-1.8.1-1.12.C30mdk.x86_64.rpm
2a3b9bc75e1e87dc7f9efab7e5917394 corporate/3.0/x86_64/ruby-tk-1.8.1-1.12.C30mdk.x86_64.rpm
55165fb24dbe048b23e42f43626c2baa corporate/3.0/SRPMS/ruby-1.8.1-1.12.C30mdk.src.rpm
Corporate 4.0:
73d52e81686a8b66aa3d2a086c7a3026 corporate/4.0/i586/ruby-1.8.2-7.9.20060mlcs4.i586.rpm
611ce2ab1531b68eee6e8c6e74dcfdd2 corporate/4.0/i586/ruby-devel-1.8.2-7.9.20060mlcs4.i586.rpm
edd29ede767cf6f1d86b464178f29eb7 corporate/4.0/i586/ruby-doc-1.8.2-7.9.20060mlcs4.i586.rpm
206e45ae9a72010f804079036d2a4ab5 corporate/4.0/i586/ruby-tk-1.8.2-7.9.20060mlcs4.i586.rpm
2f4d6065fc086f6951e86803584bda47 corporate/4.0/SRPMS/ruby-1.8.2-7.9.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
02d54f82e346b17faf032e7af31b6a5c corporate/4.0/x86_64/ruby-1.8.2-7.9.20060mlcs4.x86_64.rpm
25b84b1233734f1659902422897a6d95 corporate/4.0/x86_64/ruby-devel-1.8.2-7.9.20060mlcs4.x86_64.rpm
1d76ad5f96eb0d98639915b9d20ad293 corporate/4.0/x86_64/ruby-doc-1.8.2-7.9.20060mlcs4.x86_64.rpm
c8d6a19d6eb45c45ab1cfc3aca93d44c corporate/4.0/x86_64/ruby-tk-1.8.2-7.9.20060mlcs4.x86_64.rpm
2f4d6065fc086f6951e86803584bda47 corporate/4.0/SRPMS/ruby-1.8.2-7.9.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKbghzmqjQ0CJFipgRAvUBAJwNTTiHmiJZJyH4sE70Oksrp4hbcwCgr81B
WBWGkZm4NufFwspn8eu72Yk=
=mJlB
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists