[ MDKSA-2006:225 ] - Updated ruby packages fix DoS vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:225
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ruby
Date : December 6, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Another vulnerability has been discovered in the CGI library (cgi.rb)
that ships with Ruby which could be used by a malicious user to create
a denial of service attack (DoS).
Updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6303
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
cf4eb0abe6d54c41a9b7e94adbd894ab 2006.0/i586/ruby-1.8.2-7.5.20060mdk.i586.rpm
42a501b32ad7f9c1140d2665a8c35bdf
2006.0/i586/ruby-devel-1.8.2-7.5.20060mdk.i586.rpm
fadf1005a3cecb41da322d6472023562
2006.0/i586/ruby-doc-1.8.2-7.5.20060mdk.i586.rpm
6754c4c9f5047d032a15819820595fcb
2006.0/i586/ruby-tk-1.8.2-7.5.20060mdk.i586.rpm
fb133b0d4f1b5eb27e67f0eb39772564 2006.0/SRPMS/ruby-1.8.2-7.5.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
a68db589ace220742904a49587e65087
2006.0/x86_64/ruby-1.8.2-7.5.20060mdk.x86_64.rpm
7f14ec97214b7f501c7bcd8963ad2b0a
2006.0/x86_64/ruby-devel-1.8.2-7.5.20060mdk.x86_64.rpm
5b6604fd9628a2312ee2b7f3b4371f45
2006.0/x86_64/ruby-doc-1.8.2-7.5.20060mdk.x86_64.rpm
ba38430b90e8b454c7b2228073c4d3dd
2006.0/x86_64/ruby-tk-1.8.2-7.5.20060mdk.x86_64.rpm
fb133b0d4f1b5eb27e67f0eb39772564 2006.0/SRPMS/ruby-1.8.2-7.5.20060mdk.src.rpm
Mandriva Linux 2007.0:
b126d91632869a7a659f7044cbca180c 2007.0/i586/ruby-1.8.5-2.2mdv2007.0.i586.rpm
a1414e09dcb3d0c858e3fc5070608e47
2007.0/i586/ruby-devel-1.8.5-2.2mdv2007.0.i586.rpm
d6bf66762039af18a6c5f0a8b27d2bfa
2007.0/i586/ruby-doc-1.8.5-2.2mdv2007.0.i586.rpm
017468bee38279e7f42adad194866cff
2007.0/i586/ruby-tk-1.8.5-2.2mdv2007.0.i586.rpm
45e958263f67f96797318621052f1e3f 2007.0/SRPMS/ruby-1.8.5-2.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
2721a9103870075c0e64dd1a7c01b9a5
2007.0/x86_64/ruby-1.8.5-2.2mdv2007.0.x86_64.rpm
6b6bd12e97b4ddf070849603bea45623
2007.0/x86_64/ruby-devel-1.8.5-2.2mdv2007.0.x86_64.rpm
2e163941297e43e62d2f798a93efe960
2007.0/x86_64/ruby-doc-1.8.5-2.2mdv2007.0.x86_64.rpm
d953012dc537a4f6e8343138d8f32f31
2007.0/x86_64/ruby-tk-1.8.5-2.2mdv2007.0.x86_64.rpm
45e958263f67f96797318621052f1e3f 2007.0/SRPMS/ruby-1.8.5-2.2mdv2007.0.src.rpm
Corporate 3.0:
95abd86462f84450392cd41ab5946666
corporate/3.0/i586/ruby-1.8.1-1.8.C30mdk.i586.rpm
174fe6c12a1a6a7dbf03f755cf0a57cd
corporate/3.0/i586/ruby-devel-1.8.1-1.8.C30mdk.i586.rpm
2d0e7d3f950e7040f6e6c19a921bdb78
corporate/3.0/i586/ruby-doc-1.8.1-1.8.C30mdk.i586.rpm
37fe39a689b25aa2caf193994a5dbf05
corporate/3.0/i586/ruby-tk-1.8.1-1.8.C30mdk.i586.rpm
71b024abd10b00f7e278e39492f98aa6
corporate/3.0/SRPMS/ruby-1.8.1-1.8.C30mdk.src.rpm
Corporate 3.0/X86_64:
366a4003551813d500eec00996981abf
corporate/3.0/x86_64/ruby-1.8.1-1.8.C30mdk.x86_64.rpm
ef95e042be0f3a881ae6a66502c1c905
corporate/3.0/x86_64/ruby-devel-1.8.1-1.8.C30mdk.x86_64.rpm
d72e56164f0a0fcb99b190dbb2ce7c2c
corporate/3.0/x86_64/ruby-doc-1.8.1-1.8.C30mdk.x86_64.rpm
81c6c9a396d26dea3bd683c2207eb96b
corporate/3.0/x86_64/ruby-tk-1.8.1-1.8.C30mdk.x86_64.rpm
71b024abd10b00f7e278e39492f98aa6
corporate/3.0/SRPMS/ruby-1.8.1-1.8.C30mdk.src.rpm
Corporate 4.0:
9796f3458efc694c98ab821158a0599b
corporate/4.0/i586/ruby-1.8.2-7.5.20060mlcs4.i586.rpm
3578dc2bd6735967f79f43b21b14f8b2
corporate/4.0/i586/ruby-devel-1.8.2-7.5.20060mlcs4.i586.rpm
4505b6152a025ecef599e48c4ef11763
corporate/4.0/i586/ruby-doc-1.8.2-7.5.20060mlcs4.i586.rpm
466b48eb68199179c044b8a0fe5f7a3f
corporate/4.0/i586/ruby-tk-1.8.2-7.5.20060mlcs4.i586.rpm
b7f41e2f4f5f71e3c2f214c041957533
corporate/4.0/SRPMS/ruby-1.8.2-7.5.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
2771fffe29e377ea0bcf594bb94a0f7b
corporate/4.0/x86_64/ruby-1.8.2-7.5.20060mlcs4.x86_64.rpm
2d0b06a00590a0dfae303be8079f852a
corporate/4.0/x86_64/ruby-devel-1.8.2-7.5.20060mlcs4.x86_64.rpm
87d597d03cc146b1b9ac89e29b7a2879
corporate/4.0/x86_64/ruby-doc-1.8.2-7.5.20060mlcs4.x86_64.rpm
ec2d09506bfebab08d523fd258f8136b
corporate/4.0/x86_64/ruby-tk-1.8.2-7.5.20060mlcs4.x86_64.rpm
b7f41e2f4f5f71e3c2f214c041957533
corporate/4.0/SRPMS/ruby-1.8.2-7.5.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFduZamqjQ0CJFipgRAv9iAKDPZ8d8ORe8hjsnV+kvVFm9ZHsZZwCcD/PC
3qAszwS/61EmGp8G9xExGA8=
=cEew
-----END PGP SIGNATURE-----