Jump to content
Compatible Support Forums
Sign in to follow this  
news

[Security Announce] [ MDVSA-2009:193 ] ruby

Recommended Posts

This is a multi-part message in MIME format...

 

------------=_1249513951-13155-686

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2009:193

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : ruby

Date : August 5, 2009

Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,

Enterprise Server 5.0

_______________________________________________________________________

 

Problem Description:

 

ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check

the return value from the OCSP_basic_verify function, which might allow

remote attackers to successfully present an invalid X.509 certificate,

possibly involving a revoked certificate.

 

This update corrects the problem, including for older ruby versions.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0642

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2008.1:

b6713b937acd6177e43d5dd9adf78a92 2008.1/i586/ruby-1.8.6-9p114.4mdv2008.1.i586.rpm

09481407505f55b81cade1db95d738c6 2008.1/i586/ruby-devel-1.8.6-9p114.4mdv2008.1.i586.rpm

0308ccc0cb62ca9031c654c94cc0e9ee 2008.1/i586/ruby-doc-1.8.6-9p114.4mdv2008.1.i586.rpm

a1f5fffec41efe72ce8976c8ef79a660 2008.1/i586/ruby-tk-1.8.6-9p114.4mdv2008.1.i586.rpm

4bbb4018722168d2ced70b7c107c6ea0 2008.1/SRPMS/ruby-1.8.6-9p114.4mdv2008.1.src.rpm

 

Mandriva Linux 2008.1/X86_64:

6128ad00fe61fe921239487a3a7f9c2a 2008.1/x86_64/ruby-1.8.6-9p114.4mdv2008.1.x86_64.rpm

a37e6862e77d34a6b8a511bdfb2a6d24 2008.1/x86_64/ruby-devel-1.8.6-9p114.4mdv2008.1.x86_64.rpm

d47b51ac7bd9ce7233e607f1d3d1edc3 2008.1/x86_64/ruby-doc-1.8.6-9p114.4mdv2008.1.x86_64.rpm

6b8503f890db07a56a602e5004dcde76 2008.1/x86_64/ruby-tk-1.8.6-9p114.4mdv2008.1.x86_64.rpm

4bbb4018722168d2ced70b7c107c6ea0 2008.1/SRPMS/ruby-1.8.6-9p114.4mdv2008.1.src.rpm

 

Mandriva Linux 2009.0:

a99dca894009b3416c947c9b918ca565 2009.0/i586/ruby-1.8.7-7p72.2mdv2009.0.i586.rpm

ffdba0c2d07588a9d03e8b35b2bfdc62 2009.0/i586/ruby-devel-1.8.7-7p72.2mdv2009.0.i586.rpm

a87ad8e2b9aa8a12e0d263a51d392abf 2009.0/i586/ruby-doc-1.8.7-7p72.2mdv2009.0.i586.rpm

8603163c55d43873154a15f412cf9dc6 2009.0/i586/ruby-tk-1.8.7-7p72.2mdv2009.0.i586.rpm

643988677dc99d19e0f70907745edb64 2009.0/SRPMS/ruby-1.8.7-7p72.2mdv2009.0.src.rpm

 

Mandriva Linux 2009.0/X86_64:

07840368d916f0d15f9c00e135f7c307 2009.0/x86_64/ruby-1.8.7-7p72.2mdv2009.0.x86_64.rpm

b7e8a14de19e4898e3ee6396f6c2d073 2009.0/x86_64/ruby-devel-1.8.7-7p72.2mdv2009.0.x86_64.rpm

ab0cf8b25ac28347827a8c09f1f0a6eb 2009.0/x86_64/ruby-doc-1.8.7-7p72.2mdv2009.0.x86_64.rpm

539aecfa8e5cfc78b25551b64144ae44 2009.0/x86_64/ruby-tk-1.8.7-7p72.2mdv2009.0.x86_64.rpm

643988677dc99d19e0f70907745edb64 2009.0/SRPMS/ruby-1.8.7-7p72.2mdv2009.0.src.rpm

 

Mandriva Linux 2009.1:

8c79d647f56c69f4092db555f76f2fc0 2009.1/i586/ruby-1.8.7-9p72.2mdv2009.1.i586.rpm

1de68e2e5913980856e94bb48776ccf6 2009.1/i586/ruby-devel-1.8.7-9p72.2mdv2009.1.i586.rpm

2e25f7bee81951aa32c3cb22c235295e 2009.1/i586/ruby-doc-1.8.7-9p72.2mdv2009.1.i586.rpm

87808e106da38245199b7fe1ce2df0a0 2009.1/i586/ruby-tk-1.8.7-9p72.2mdv2009.1.i586.rpm

a2d2afc50337c9e59faf07560d524acf 2009.1/SRPMS/ruby-1.8.7-9p72.2mdv2009.1.src.rpm

 

Mandriva Linux 2009.1/X86_64:

9fa5300ab40245ffb8a9324b6a508dd1 2009.1/x86_64/ruby-1.8.7-9p72.2mdv2009.1.x86_64.rpm

e3d66178e2688a3ffa2474f51f06fdb0 2009.1/x86_64/ruby-devel-1.8.7-9p72.2mdv2009.1.x86_64.rpm

f67eb8be42e770f0cab2bc27011cb914 2009.1/x86_64/ruby-doc-1.8.7-9p72.2mdv2009.1.x86_64.rpm

daa9e7bdcef05e5184d7330f404aabe6 2009.1/x86_64/ruby-tk-1.8.7-9p72.2mdv2009.1.x86_64.rpm

a2d2afc50337c9e59faf07560d524acf 2009.1/SRPMS/ruby-1.8.7-9p72.2mdv2009.1.src.rpm

 

Corporate 3.0:

bb6f25ad3053954c969ff74fca117518 corporate/3.0/i586/ruby-1.8.1-1.13.C30mdk.i586.rpm

ad4055c50ce8da0372d831e0b488af9c corporate/3.0/i586/ruby-devel-1.8.1-1.13.C30mdk.i586.rpm

13448c01625ca8b1b538aa5162d2c620 corporate/3.0/i586/ruby-doc-1.8.1-1.13.C30mdk.i586.rpm

78451cec2892c715ace6ce09b75a4f07 corporate/3.0/i586/ruby-tk-1.8.1-1.13.C30mdk.i586.rpm

a235fb7168b3c327d4d6ae80290bdd6e corporate/3.0/SRPMS/ruby-1.8.1-1.13.C30mdk.src.rpm

 

Corporate 3.0/X86_64:

5d315613d9f992d6c4f58c52bd03d627 corporate/3.0/x86_64/ruby-1.8.1-1.13.C30mdk.x86_64.rpm

d3b693c92ee4968e6f6d63e3b71e5a90 corporate/3.0/x86_64/ruby-devel-1.8.1-1.13.C30mdk.x86_64.rpm

7f0ca0f79a7b9286cd98e2da2ba6c2b4 corporate/3.0/x86_64/ruby-doc-1.8.1-1.13.C30mdk.x86_64.rpm

9f4cc39abd6d039223c80dfcc101e51f corporate/3.0/x86_64/ruby-tk-1.8.1-1.13.C30mdk.x86_64.rpm

a235fb7168b3c327d4d6ae80290bdd6e corporate/3.0/SRPMS/ruby-1.8.1-1.13.C30mdk.src.rpm

 

Corporate 4.0:

14eefde3ea5f870005dd4c0fb2025c8c corporate/4.0/i586/ruby-1.8.2-7.10.20060mlcs4.i586.rpm

e4b685717a138c661ca4f13ee4c00c12 corporate/4.0/i586/ruby-devel-1.8.2-7.10.20060mlcs4.i586.rpm

e63feea2d4bd7b87be16335da05142a9 corporate/4.0/i586/ruby-doc-1.8.2-7.10.20060mlcs4.i586.rpm

ccbefcfcf5c49233f2573ca89a60c687 corporate/4.0/i586/ruby-tk-1.8.2-7.10.20060mlcs4.i586.rpm

66356780c7aacc6ad849f4c87898de31 corporate/4.0/SRPMS/ruby-1.8.2-7.10.20060mlcs4.src.rpm

 

Corporate 4.0/X86_64:

ac7b9ff49f03f98310cdce61ca88d87f corporate/4.0/x86_64/ruby-1.8.2-7.10.20060mlcs4.x86_64.rpm

488c64e56c4b7c9cf1336c98436d492f corporate/4.0/x86_64/ruby-devel-1.8.2-7.10.20060mlcs4.x86_64.rpm

f487ec8a14a4b0690ae8f3337fc518cc corporate/4.0/x86_64/ruby-doc-1.8.2-7.10.20060mlcs4.x86_64.rpm

a5a8f90e1fbfd7dc680c9cd8827857c7 corporate/4.0/x86_64/ruby-tk-1.8.2-7.10.20060mlcs4.x86_64.rpm

66356780c7aacc6ad849f4c87898de31 corporate/4.0/SRPMS/ruby-1.8.2-7.10.20060mlcs4.src.rpm

 

Mandriva Enterprise Server 5:

89918bfc80df73ecbd918b78facac289 mes5/i586/ruby-1.8.7-7p72.2mdvmes5.i586.rpm

342607d25b5573fb4e3193e3d74978df mes5/i586/ruby-devel-1.8.7-7p72.2mdvmes5.i586.rpm

49796832a7df2a8f26381bb6ff2525a0 mes5/i586/ruby-doc-1.8.7-7p72.2mdvmes5.i586.rpm

54307ad3d0a7278bc520dad9e6861f86 mes5/i586/ruby-tk-1.8.7-7p72.2mdvmes5.i586.rpm

c53fadcd8cef5e5b80a4c85d8538a8a5 mes5/SRPMS/ruby-1.8.7-7p72.2mdvmes5.src.rpm

 

Mandriva Enterprise Server 5/X86_64:

910d0b5fa5766311f5c5dd067f8faeef mes5/x86_64/ruby-1.8.7-7p72.2mdvmes5.x86_64.rpm

c970d0fed769ad331bfca522b7e5419f mes5/x86_64/ruby-devel-1.8.7-7p72.2mdvmes5.x86_64.rpm

5e5ec905b65a9e9635ef3d97d9783aa4 mes5/x86_64/ruby-doc-1.8.7-7p72.2mdvmes5.x86_64.rpm

8d60e7dd804cf09d17d6e8a6360b01f1 mes5/x86_64/ruby-tk-1.8.7-7p72.2mdvmes5.x86_64.rpm

c53fadcd8cef5e5b80a4c85d8538a8a5 mes5/SRPMS/ruby-1.8.7-7p72.2mdvmes5.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFKeeMjmqjQ0CJFipgRAjpNAJ9QEqQ8BQQw94EJCb8w+GKuPulhTwCdF4dc

AKqRkdKUelkudpzxgkwoMLo=

=YKb2

-----END PGP SIGNATURE-----

 

 

------------=_1249513951-13155-686

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1249513951-13155-686--

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×