From: Mandriva Security Team <security@mandriva.com.>
To: [email protected]Subject: MDKSA-2005:118 - Updated ruby packages fix vulnerabilities
Message-Id: <E1DsV0M-00085t-4b@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
Date: Tue, 12 Jul 2005 18:21:38 -0600
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: ruby
Advisory ID: MDKSA-2005:118
Date: July 12th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
A vulnerability was discovered in ruby version 1.8 that could allow for
the execution of arbitrary commands on a server running the ruby xmlrpc
server.
The updated packages have been patched to address this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1992
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
043863c657386a3854a0360efe400485 10.1/RPMS/ruby-1.8.1-4.3.101mdk.i586.rpm
2a8de5aaf553cae5ba5fc4ce64989c2a 10.1/RPMS/ruby-devel-1.8.1-4.3.101mdk.i586.rpm
b05c05c460299fb987781b1a7bcb76a3 10.1/RPMS/ruby-doc-1.8.1-4.3.101mdk.i586.rpm
a639754ad5ddec161d3e6310d2c8f597 10.1/RPMS/ruby-tk-1.8.1-4.3.101mdk.i586.rpm
6b8c255d78584b374868f68c0fba1f9a 10.1/SRPMS/ruby-1.8.1-4.3.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
422ce1ef49205b71ec46cba5b324596e x86_64/10.1/RPMS/ruby-1.8.1-4.3.101mdk.x86_64.rpm
9cd8d758760b3a6f8e2d294b49974795 x86_64/10.1/RPMS/ruby-devel-1.8.1-4.3.101mdk.x86_64.rpm
d1f77bd35fec7be67c174d421004cc99 x86_64/10.1/RPMS/ruby-doc-1.8.1-4.3.101mdk.x86_64.rpm
ff201be467588f67119dac4c77d2451d x86_64/10.1/RPMS/ruby-tk-1.8.1-4.3.101mdk.x86_64.rpm
6b8c255d78584b374868f68c0fba1f9a x86_64/10.1/SRPMS/ruby-1.8.1-4.3.101mdk.src.rpm
Mandrakelinux 10.2:
1abe15ec37c10254da6f869a91f462d6 10.2/RPMS/ruby-1.8.2-6.1.102mdk.i586.rpm
69902e1e9f69fa0417de527b86b08129 10.2/RPMS/ruby-devel-1.8.2-6.1.102mdk.i586.rpm
79d13e6dc12446bf0d4ceba8f3891746 10.2/RPMS/ruby-doc-1.8.2-6.1.102mdk.i586.rpm
4d1bae45003f12c8f640354654d08c66 10.2/RPMS/ruby-tk-1.8.2-6.1.102mdk.i586.rpm
72470b9bdecc8085247dd3ea9bfd026e 10.2/SRPMS/ruby-1.8.2-6.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
6defbc537392fd90ca86512ec16f84ba x86_64/10.2/RPMS/ruby-1.8.2-6.1.102mdk.x86_64.rpm
42f826518c7e2d7184409006156e85a1 x86_64/10.2/RPMS/ruby-devel-1.8.2-6.1.102mdk.x86_64.rpm
be826ba64425c2b6257ae2106311c4ba x86_64/10.2/RPMS/ruby-doc-1.8.2-6.1.102mdk.x86_64.rpm
a229474a25b363f856dc73999e620409 x86_64/10.2/RPMS/ruby-tk-1.8.2-6.1.102mdk.x86_64.rpm
72470b9bdecc8085247dd3ea9bfd026e x86_64/10.2/SRPMS/ruby-1.8.2-6.1.102mdk.src.rpm
Corporate 3.0:
ee7b55f434cddfabbb51ff7de4b4300a corporate/3.0/RPMS/ruby-1.8.1-1.3.C30mdk.i586.rpm
8f30c891611ec8a94f2547ea9d6fc4f5 corporate/3.0/RPMS/ruby-devel-1.8.1-1.3.C30mdk.i586.rpm
82012434d3fe44cfd6d3f22643382134 corporate/3.0/RPMS/ruby-doc-1.8.1-1.3.C30mdk.i586.rpm
fac1f5244b97d58523ddf13afa550889 corporate/3.0/RPMS/ruby-tk-1.8.1-1.3.C30mdk.i586.rpm
7781778b81a36b85cfb60424337ab463 corporate/3.0/SRPMS/ruby-1.8.1-1.3.C30mdk.src.rpm
Corporate 3.0/X86_64:
8dccd5b797263c2784a6159bdf1b4614 x86_64/corporate/3.0/RPMS/ruby-1.8.1-1.3.C30mdk.x86_64.rpm
89b25dcefd9e99b9b67255f1ed862946 x86_64/corporate/3.0/RPMS/ruby-devel-1.8.1-1.3.C30mdk.x86_64.rpm
24559489e7e1aebe6f7f788caa31d0c3 x86_64/corporate/3.0/RPMS/ruby-doc-1.8.1-1.3.C30mdk.x86_64.rpm
2737e9bdaafe436bcec1a367d4c80c82 x86_64/corporate/3.0/RPMS/ruby-tk-1.8.1-1.3.C30mdk.x86_64.rpm
7781778b81a36b85cfb60424337ab463 x86_64/corporate/3.0/SRPMS/ruby-1.8.1-1.3.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFC1F6SmqjQ0CJFipgRApk6AKDYfxK9rSRXzCjoUrweytJnimPijQCeJa46
/RtageXCJm+dnkONlvjpd2Q=
=X4d+
-----END PGP SIGNATURE-----