Jump to content
Compatible Support Forums
Sign in to follow this  
news

[Security Announce] [ MDVSA-2010:017 ] ruby

Recommended Posts

This is a multi-part message in MIME format...

 

------------=_1263924750-24326-3648

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2010:017

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : ruby

Date : January 19, 2010

Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,

Enterprise Server 5.0

_______________________________________________________________________

 

Problem Description:

 

A vulnerability has been found and corrected in ruby:

 

WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through

patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev

writes data to a log file without sanitizing non-printable characters,

which might allow remote attackers to modify a window's title,

or possibly execute arbitrary commands or overwrite files, via an

HTTP request containing an escape sequence for a terminal emulator

(CVE-2009-4492).

 

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

 

The updated packages have been patched to correct this issue.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4492

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2008.0:

81ffde889fff5e736c7fc8ff4caed3af 2008.0/i586/ruby-1.8.6-5.5mdv2008.0.i586.rpm

5cc1e869a22fc16936eedfd34005a683 2008.0/i586/ruby-devel-1.8.6-5.5mdv2008.0.i586.rpm

6d1f7748edeb1aba0051cc11560a071b 2008.0/i586/ruby-doc-1.8.6-5.5mdv2008.0.i586.rpm

39bc1acbe49a9453acab67b49b084b80 2008.0/i586/ruby-tk-1.8.6-5.5mdv2008.0.i586.rpm

744a650335e29123f403d35cf366e5b6 2008.0/SRPMS/ruby-1.8.6-5.5mdv2008.0.src.rpm

 

Mandriva Linux 2008.0/X86_64:

f02c68cceb01dc048f5b056d61672346 2008.0/x86_64/ruby-1.8.6-5.5mdv2008.0.x86_64.rpm

2c1242265445600bd8ee386766f4bd22 2008.0/x86_64/ruby-devel-1.8.6-5.5mdv2008.0.x86_64.rpm

0f70cc7a2b8ec3c4d7b56ff4ce21e703 2008.0/x86_64/ruby-doc-1.8.6-5.5mdv2008.0.x86_64.rpm

2c8c2aad4db092fa7afc86ab6081862b 2008.0/x86_64/ruby-tk-1.8.6-5.5mdv2008.0.x86_64.rpm

744a650335e29123f403d35cf366e5b6 2008.0/SRPMS/ruby-1.8.6-5.5mdv2008.0.src.rpm

 

Mandriva Linux 2009.0:

b2fd3ee6542e4cd9631b91acf9dea020 2009.0/i586/ruby-1.8.7-7p72.3mdv2009.0.i586.rpm

dbdd2531cc1fa4e0b7f36231da1ff758 2009.0/i586/ruby-devel-1.8.7-7p72.3mdv2009.0.i586.rpm

cacf5f1c157efdb1d34c487c5981c743 2009.0/i586/ruby-doc-1.8.7-7p72.3mdv2009.0.i586.rpm

21e92249cbfd8be58fb0f4e7fb179b8f 2009.0/i586/ruby-tk-1.8.7-7p72.3mdv2009.0.i586.rpm

4d73e6540dd45a75948aae15c227180c 2009.0/SRPMS/ruby-1.8.7-7p72.3mdv2009.0.src.rpm

 

Mandriva Linux 2009.0/X86_64:

5fcb69fd1908cf385712fe8f0c7197ad 2009.0/x86_64/ruby-1.8.7-7p72.3mdv2009.0.x86_64.rpm

24e163680c8ab0c33599954482d66c8a 2009.0/x86_64/ruby-devel-1.8.7-7p72.3mdv2009.0.x86_64.rpm

a7ca58b52fe54fc71b84a5bf13db878c 2009.0/x86_64/ruby-doc-1.8.7-7p72.3mdv2009.0.x86_64.rpm

f59a9ebd06d9447729f86816849f2829 2009.0/x86_64/ruby-tk-1.8.7-7p72.3mdv2009.0.x86_64.rpm

4d73e6540dd45a75948aae15c227180c 2009.0/SRPMS/ruby-1.8.7-7p72.3mdv2009.0.src.rpm

 

Mandriva Linux 2009.1:

88cfd59b0e447ce2fc3e555bd8cc8c05 2009.1/i586/ruby-1.8.7-9p72.3mdv2009.1.i586.rpm

b26875792b8dd1450acf22e1cd5e7125 2009.1/i586/ruby-devel-1.8.7-9p72.3mdv2009.1.i586.rpm

ae27cb9ea848800dd24eed2622c863a5 2009.1/i586/ruby-doc-1.8.7-9p72.3mdv2009.1.i586.rpm

80d7ae68c8318b4544c3c15605baf376 2009.1/i586/ruby-tk-1.8.7-9p72.3mdv2009.1.i586.rpm

158e9c9ea053a470c964e0bc3ce03a00 2009.1/SRPMS/ruby-1.8.7-9p72.3mdv2009.1.src.rpm

 

Mandriva Linux 2009.1/X86_64:

dacfa4833a9dfd882c93bf87b671fe90 2009.1/x86_64/ruby-1.8.7-9p72.3mdv2009.1.x86_64.rpm

8409d1abd0192d2bfa7426049ffaaf8b 2009.1/x86_64/ruby-devel-1.8.7-9p72.3mdv2009.1.x86_64.rpm

0cc95c768f986b0bb168ae821b04c370 2009.1/x86_64/ruby-doc-1.8.7-9p72.3mdv2009.1.x86_64.rpm

1088ecc3fa689f1d41346880f7a71427 2009.1/x86_64/ruby-tk-1.8.7-9p72.3mdv2009.1.x86_64.rpm

158e9c9ea053a470c964e0bc3ce03a00 2009.1/SRPMS/ruby-1.8.7-9p72.3mdv2009.1.src.rpm

 

Mandriva Linux 2010.0:

2c0a2f50cb64ce9c8db446c7c43a3ad5 2010.0/i586/ruby-1.8.7-9p174.1mdv2010.0.i586.rpm

1d3b0284cefce641ae3a9e0acad3eb31 2010.0/i586/ruby-devel-1.8.7-9p174.1mdv2010.0.i586.rpm

a5889305c1e1efe0306e87e0e0584905 2010.0/i586/ruby-doc-1.8.7-9p174.1mdv2010.0.i586.rpm

e04504a888df5b80242b430253d01ebe 2010.0/i586/ruby-tk-1.8.7-9p174.1mdv2010.0.i586.rpm

bb56bb35355c556f4be4e11bcf53cc93 2010.0/SRPMS/ruby-1.8.7-9p174.1mdv2010.0.src.rpm

 

Mandriva Linux 2010.0/X86_64:

75230d955e7f28d6fbbe0efb5069b2d2 2010.0/x86_64/ruby-1.8.7-9p174.1mdv2010.0.x86_64.rpm

085cb4af83feef546a9cf6a3929c5c51 2010.0/x86_64/ruby-devel-1.8.7-9p174.1mdv2010.0.x86_64.rpm

9e35d282e30588fa843b4edc36808068 2010.0/x86_64/ruby-doc-1.8.7-9p174.1mdv2010.0.x86_64.rpm

2e4b95c6c1d025b2f79eb7bdc238a71e 2010.0/x86_64/ruby-tk-1.8.7-9p174.1mdv2010.0.x86_64.rpm

bb56bb35355c556f4be4e11bcf53cc93 2010.0/SRPMS/ruby-1.8.7-9p174.1mdv2010.0.src.rpm

 

Corporate 4.0:

98e84ca9925a882b8e1066c04908abca corporate/4.0/i586/ruby-1.8.2-7.11.20060mlcs4.i586.rpm

105a34d3d939962a47ce98f241f60686 corporate/4.0/i586/ruby-devel-1.8.2-7.11.20060mlcs4.i586.rpm

a381e8a59417a80959889a672468cd3a corporate/4.0/i586/ruby-doc-1.8.2-7.11.20060mlcs4.i586.rpm

60c661ae3c3b064e345132df059f1372 corporate/4.0/i586/ruby-tk-1.8.2-7.11.20060mlcs4.i586.rpm

da4e4f78d71d8fe3cb5aca3d3ad425f6 corporate/4.0/SRPMS/ruby-1.8.2-7.11.20060mlcs4.src.rpm

 

Corporate 4.0/X86_64:

dfa4f7f7bf69e3554b5218562ecbb75d corporate/4.0/x86_64/ruby-1.8.2-7.11.20060mlcs4.x86_64.rpm

639d9a74cab0dbffab9b9d8219484a7d corporate/4.0/x86_64/ruby-devel-1.8.2-7.11.20060mlcs4.x86_64.rpm

ad2a1ed0795737b949e100b5aa8aa4bd corporate/4.0/x86_64/ruby-doc-1.8.2-7.11.20060mlcs4.x86_64.rpm

0b17648baae8bed85c805ccf525e5d72 corporate/4.0/x86_64/ruby-tk-1.8.2-7.11.20060mlcs4.x86_64.rpm

da4e4f78d71d8fe3cb5aca3d3ad425f6 corporate/4.0/SRPMS/ruby-1.8.2-7.11.20060mlcs4.src.rpm

 

Mandriva Enterprise Server 5:

79c8d1db00e6939832a482cd56deb332 mes5/i586/ruby-1.8.7-7p72.3mdvmes5.i586.rpm

104fc5981f5c66832963b09daf9a6e3f mes5/i586/ruby-devel-1.8.7-7p72.3mdvmes5.i586.rpm

829ed2328066244e3c093e3779b79d82 mes5/i586/ruby-doc-1.8.7-7p72.3mdvmes5.i586.rpm

39acd4fa454c8d2598400268999b9ffa mes5/i586/ruby-tk-1.8.7-7p72.3mdvmes5.i586.rpm

29b5d57995f9c40e6e9e2bb8d6122dbd mes5/SRPMS/ruby-1.8.7-7p72.3mdvmes5.src.rpm

 

Mandriva Enterprise Server 5/X86_64:

6b48873043c691eea6b3144d1172e326 mes5/x86_64/ruby-1.8.7-7p72.3mdvmes5.x86_64.rpm

9ce68537d8c0e8c691b7c55aa0aac974 mes5/x86_64/ruby-devel-1.8.7-7p72.3mdvmes5.x86_64.rpm

9ab66ce856dff1f387e9c5af7eed1ba3 mes5/x86_64/ruby-doc-1.8.7-7p72.3mdvmes5.x86_64.rpm

4f521606bafcd7f799dfd60cace1e7ec mes5/x86_64/ruby-tk-1.8.7-7p72.3mdvmes5.x86_64.rpm

29b5d57995f9c40e6e9e2bb8d6122dbd mes5/SRPMS/ruby-1.8.7-7p72.3mdvmes5.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFLVcRkmqjQ0CJFipgRAnHVAKDAc7u9TkI+GQGjps4sx5B+LKzTLACgq4LH

yK3VNNDk9Qz8FyuhlMFidUw=

=o89E

-----END PGP SIGNATURE-----

 

 

------------=_1263924750-24326-3648

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1263924750-24326-3648--

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×