lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MVYsP-0000xC-Er@titan.mandriva.com>
Date: Tue, 28 Jul 2009 00:41:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:160 ] ruby


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:160
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : ruby
 Date    : July 27, 2009
 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before
 p173 allows context-dependent attackers to cause a denial of service
 (application crash) via a string argument that represents a large
 number, as demonstrated by an attempted conversion to the Float
 data type.
 
 This update corrects the problem.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1904
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 023e157e46bd5bd7459e965fa09c3648  2008.1/i586/ruby-1.8.6-9p114.3mdv2008.1.i586.rpm
 a21992cd7008cd9aef8387181b94d67d  2008.1/i586/ruby-devel-1.8.6-9p114.3mdv2008.1.i586.rpm
 0a85f97c48fb3be6aab45e03318b7ab3  2008.1/i586/ruby-doc-1.8.6-9p114.3mdv2008.1.i586.rpm
 b3af576494298b07e2c7b9c216c06d9f  2008.1/i586/ruby-tk-1.8.6-9p114.3mdv2008.1.i586.rpm 
 fb5a1433a4d764a8e74782bf000f3b5d  2008.1/SRPMS/ruby-1.8.6-9p114.3mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 b7a23f5b04ce3f274e414ab97578fc6a  2008.1/x86_64/ruby-1.8.6-9p114.3mdv2008.1.x86_64.rpm
 8a76ef7557b8e30393edbc5e7d85a826  2008.1/x86_64/ruby-devel-1.8.6-9p114.3mdv2008.1.x86_64.rpm
 a578aa2ec9a865778ea40c3162f87d18  2008.1/x86_64/ruby-doc-1.8.6-9p114.3mdv2008.1.x86_64.rpm
 37cc5a1f43a81db852642d74a0722dc1  2008.1/x86_64/ruby-tk-1.8.6-9p114.3mdv2008.1.x86_64.rpm 
 fb5a1433a4d764a8e74782bf000f3b5d  2008.1/SRPMS/ruby-1.8.6-9p114.3mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 70686e958527580cdd6170e4c69c1b79  2009.0/i586/ruby-1.8.7-7p72.1mdv2009.0.i586.rpm
 f4163392e6383729b356b00a401f1065  2009.0/i586/ruby-devel-1.8.7-7p72.1mdv2009.0.i586.rpm
 fb737159f3c8ec9604c75e9ca1b30b2f  2009.0/i586/ruby-doc-1.8.7-7p72.1mdv2009.0.i586.rpm
 0677b6803841bb4a6a3058c92a77b97d  2009.0/i586/ruby-tk-1.8.7-7p72.1mdv2009.0.i586.rpm 
 992cfbd92c67db3f76e18f4aef57b495  2009.0/SRPMS/ruby-1.8.7-7p72.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 f301015f7363b5956378dd5987acd747  2009.0/x86_64/ruby-1.8.7-7p72.1mdv2009.0.x86_64.rpm
 6e4f8ef15c3e675044ff715a2ba5b953  2009.0/x86_64/ruby-devel-1.8.7-7p72.1mdv2009.0.x86_64.rpm
 0c7ea2ff4e407088182040eac48a296e  2009.0/x86_64/ruby-doc-1.8.7-7p72.1mdv2009.0.x86_64.rpm
 1ad365ce9723434a4975e59950c35e91  2009.0/x86_64/ruby-tk-1.8.7-7p72.1mdv2009.0.x86_64.rpm 
 992cfbd92c67db3f76e18f4aef57b495  2009.0/SRPMS/ruby-1.8.7-7p72.1mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 569f8d2203a5c676548b1b9795d703ab  2009.1/i586/ruby-1.8.7-9p72.1mdv2009.1.i586.rpm
 df2b8d16b9d0fa0b4dab3c806bc3643e  2009.1/i586/ruby-devel-1.8.7-9p72.1mdv2009.1.i586.rpm
 69413d3a3b22f6039be86376cf11c271  2009.1/i586/ruby-doc-1.8.7-9p72.1mdv2009.1.i586.rpm
 7d2ee3b518a38c12ac48377c50a513c9  2009.1/i586/ruby-tk-1.8.7-9p72.1mdv2009.1.i586.rpm 
 3808ba088fcc965ec8fa0a866a3263b5  2009.1/SRPMS/ruby-1.8.7-9p72.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 4ccd63e8cb926629a1c308431b29a11b  2009.1/x86_64/ruby-1.8.7-9p72.1mdv2009.1.x86_64.rpm
 589238b971d9b619209abaace4748d23  2009.1/x86_64/ruby-devel-1.8.7-9p72.1mdv2009.1.x86_64.rpm
 f5d5dfb99dd43d8549d45cfb343efcf0  2009.1/x86_64/ruby-doc-1.8.7-9p72.1mdv2009.1.x86_64.rpm
 76626abab2f83c83251bb1f0ec66b657  2009.1/x86_64/ruby-tk-1.8.7-9p72.1mdv2009.1.x86_64.rpm 
 3808ba088fcc965ec8fa0a866a3263b5  2009.1/SRPMS/ruby-1.8.7-9p72.1mdv2009.1.src.rpm

 Corporate 3.0:
 08537459d909f238d66290d38c852cdc  corporate/3.0/i586/ruby-1.8.1-1.12.C30mdk.i586.rpm
 7fe8a837dd45a10f653c68e50f4fcc19  corporate/3.0/i586/ruby-devel-1.8.1-1.12.C30mdk.i586.rpm
 517345ca6ad8b44da9b377bbc147ae28  corporate/3.0/i586/ruby-doc-1.8.1-1.12.C30mdk.i586.rpm
 ee288e4ba1de7c3ee07217485e13a653  corporate/3.0/i586/ruby-tk-1.8.1-1.12.C30mdk.i586.rpm 
 55165fb24dbe048b23e42f43626c2baa  corporate/3.0/SRPMS/ruby-1.8.1-1.12.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 88ff118792ab4b5d63e7029d6092e278  corporate/3.0/x86_64/ruby-1.8.1-1.12.C30mdk.x86_64.rpm
 0c650d9ef35da1b3e737da192a7c1880  corporate/3.0/x86_64/ruby-devel-1.8.1-1.12.C30mdk.x86_64.rpm
 5250acbab6ac96ff609058b21b2b4d4f  corporate/3.0/x86_64/ruby-doc-1.8.1-1.12.C30mdk.x86_64.rpm
 2a3b9bc75e1e87dc7f9efab7e5917394  corporate/3.0/x86_64/ruby-tk-1.8.1-1.12.C30mdk.x86_64.rpm 
 55165fb24dbe048b23e42f43626c2baa  corporate/3.0/SRPMS/ruby-1.8.1-1.12.C30mdk.src.rpm

 Corporate 4.0:
 73d52e81686a8b66aa3d2a086c7a3026  corporate/4.0/i586/ruby-1.8.2-7.9.20060mlcs4.i586.rpm
 611ce2ab1531b68eee6e8c6e74dcfdd2  corporate/4.0/i586/ruby-devel-1.8.2-7.9.20060mlcs4.i586.rpm
 edd29ede767cf6f1d86b464178f29eb7  corporate/4.0/i586/ruby-doc-1.8.2-7.9.20060mlcs4.i586.rpm
 206e45ae9a72010f804079036d2a4ab5  corporate/4.0/i586/ruby-tk-1.8.2-7.9.20060mlcs4.i586.rpm 
 2f4d6065fc086f6951e86803584bda47  corporate/4.0/SRPMS/ruby-1.8.2-7.9.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 02d54f82e346b17faf032e7af31b6a5c  corporate/4.0/x86_64/ruby-1.8.2-7.9.20060mlcs4.x86_64.rpm
 25b84b1233734f1659902422897a6d95  corporate/4.0/x86_64/ruby-devel-1.8.2-7.9.20060mlcs4.x86_64.rpm
 1d76ad5f96eb0d98639915b9d20ad293  corporate/4.0/x86_64/ruby-doc-1.8.2-7.9.20060mlcs4.x86_64.rpm
 c8d6a19d6eb45c45ab1cfc3aca93d44c  corporate/4.0/x86_64/ruby-tk-1.8.2-7.9.20060mlcs4.x86_64.rpm 
 2f4d6065fc086f6951e86803584bda47  corporate/4.0/SRPMS/ruby-1.8.2-7.9.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKbghzmqjQ0CJFipgRAvUBAJwNTTiHmiJZJyH4sE70Oksrp4hbcwCgr81B
WBWGkZm4NufFwspn8eu72Yk=
=mJlB
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ