<<< Date Index >>>     <<< Thread Index >>>

[ MDKSA-2006:134 ] - Updated ruby packages fix safe-level vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:134
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : ruby
 Date    : July 28, 2006
 Affected: 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 A number of flaws were discovered in the safe-level restrictions in
 the Ruby language.  Because of these flaws, it would be possible for
 an attacker to create a carefully crafted malicious script that could
 allow them to bypass certain safe-level restrictions.
 
 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3694
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 8eed80b6fcd6b41fc7c15d617732c97c  2006.0/RPMS/ruby-1.8.2-7.3.20060mdk.i586.rpm
 770370523d64d39b003943cd4363b55d  
2006.0/RPMS/ruby-devel-1.8.2-7.3.20060mdk.i586.rpm
 737aad366fda8c8b75ca7b8739bc19bc  
2006.0/RPMS/ruby-doc-1.8.2-7.3.20060mdk.i586.rpm
 949de9702c29ffa2519e3c9bd4866127  
2006.0/RPMS/ruby-tk-1.8.2-7.3.20060mdk.i586.rpm
 37aaacc8b046ceb135833a201e229d95  2006.0/SRPMS/ruby-1.8.2-7.3.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 a84ffa78943e7e69c172a824a8804c65  
x86_64/2006.0/RPMS/ruby-1.8.2-7.3.20060mdk.x86_64.rpm
 7e4e992fed64a245f8d4450b279f45e5  
x86_64/2006.0/RPMS/ruby-devel-1.8.2-7.3.20060mdk.x86_64.rpm
 65a180f269c974a673beb9d35366de5e  
x86_64/2006.0/RPMS/ruby-doc-1.8.2-7.3.20060mdk.x86_64.rpm
 db56c49363d539bb66d0ec9975b74c57  
x86_64/2006.0/RPMS/ruby-tk-1.8.2-7.3.20060mdk.x86_64.rpm
 37aaacc8b046ceb135833a201e229d95  
x86_64/2006.0/SRPMS/ruby-1.8.2-7.3.20060mdk.src.rpm

 Corporate 3.0:
 04ae53b4b5662872aba838c9fbd72466  
corporate/3.0/RPMS/ruby-1.8.1-1.6.C30mdk.i586.rpm
 c1e94f6f01fca30ce36227b91e466f21  
corporate/3.0/RPMS/ruby-devel-1.8.1-1.6.C30mdk.i586.rpm
 c5019548c2003c1da8a8aa95617c22f4  
corporate/3.0/RPMS/ruby-doc-1.8.1-1.6.C30mdk.i586.rpm
 a7e171ffa0477f6da36bdf9707e163b4  
corporate/3.0/RPMS/ruby-tk-1.8.1-1.6.C30mdk.i586.rpm
 fb9c099b9c479dbd284e2bcd8d07699f  
corporate/3.0/SRPMS/ruby-1.8.1-1.6.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 20a7d42a40547b1bed6aac4900386537  
x86_64/corporate/3.0/RPMS/ruby-1.8.1-1.6.C30mdk.x86_64.rpm
 ef6b2b513036f3f9b6f9e43bbdd83a50  
x86_64/corporate/3.0/RPMS/ruby-devel-1.8.1-1.6.C30mdk.x86_64.rpm
 59a038e5c8928e6a81b57984f5260eca  
x86_64/corporate/3.0/RPMS/ruby-doc-1.8.1-1.6.C30mdk.x86_64.rpm
 e613282d66e153526b1e6a23062c2e9e  
x86_64/corporate/3.0/RPMS/ruby-tk-1.8.1-1.6.C30mdk.x86_64.rpm
 fb9c099b9c479dbd284e2bcd8d07699f  
x86_64/corporate/3.0/SRPMS/ruby-1.8.1-1.6.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEykoomqjQ0CJFipgRAsaWAJ9mcBNpKEbsAJLL+2rf8taG4nRSOgCgxV/3
YO5uxqMIyBE6dno3W+gKNV0=
=xuDy
-----END PGP SIGNATURE-----