Fedora Legacy Test Update Notification: ruby

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2007
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2007
2005-02-17
---------------------------------------------------------------------

Name        : ruby
Versions    : rh7.3: ruby-1.6.7-5.legacy
Versions    : rh9: ruby-1.6.8-6.2.legacy
Versions    : fc1: ruby-1.8.0-5.legacy
Summary     : An interpreter of object-oriented scripting language.
Description :
Ruby is the interpreted scripting language for quick and easy
object-oriented programming. It has many features to process text
files and to do system management tasks (as in Perl). It is simple,
straight-forward, and extensible.

---------------------------------------------------------------------
Update Information:

An updated ruby package that fixes security issues is now available.

Ruby is an interpreted scripting language for object-oriented
programming.

A flaw was discovered in the CGI module of Ruby. If empty data is sent
by the POST method to the CGI script which requires MIME type
multipart/form-data, it can get stuck in a loop. A remote attacker could
trigger this flaw and cause a denial of service. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0983 to this issue.

Andres Salomon reported an insecure file permissions flaw in the CGI
session management of Ruby. FileStore created world readable files that
could allow a malicious local user the ability to read CGI session data.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0755 to this issue.

Users are advised to upgrade to this erratum package, which contains
backported patches fixing these issues.

---------------------------------------------------------------------
Changelogs

rh73:
* Sun Feb 13 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.6.7-5.legacy
- Added missing bison and db1-devel BuildRequires


* Mon Jan 17 2005 David Eisenstein <deisenst@xxxxxxx> 1.6.7-4.legacy
- Added security patch for CAN-2004-0983, CGI Denial of Service
  (Fedora Legacy Bugzilla # 2007)

* Fri Oct 08 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.6.7-3.legacy
- Added security patch for CAN-2004-0755


rh9:
* Sun Feb 13 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.6.8-6.2.legacy
- Added missing db4-devel BuildRequires


* Wed Jan 12 2005 Pekka Savola <pekkas@xxxxxxxxxx> 1.6.8-6.1.legacy
- fix CAN-2004-0755, CAN-2004-0983 (#2007)

fc1:
* Tue Feb 15 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.8.0-5.legacy
- Added missing groff, bison, tcl-devel, tk-devel, openssl-devel
zlib-devel, db4-devel and libtermcap-devel BuildRequires


* Sat Nov 20 2004 David Eisenstein <deisenst@xxxxxxx> 1.8.0-4.legacy
- Redid security fix [CAN-2004-0755]
- ruby-1.8.0-cgi_session_perms.patch: sets the permission of the session data
file to 0600. Backport of FC2's patch to 1.8.1. (#2007)
- Re-enabled make test.


* Wed Nov 17 2004 David Eisenstein <deisenst@xxxxxxx> 1.8.0-3.legacy
- security fix [CAN-2004-0983]
- ruby-1.8.0-cgi-dos.patch: applied to fix a denial of service issue. (#2007)


* Fri Oct 08 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.8.0-2.legacy
- Added security patch for CAN-2004-0755
- Disabled make test (for some reason, doesn't always work)


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh7.3:
20229f10316a40bf968cfd79e54326d9853d62fa redhat/7.3/updates-testing/i386/irb-1.6.7-5.legacy.i386.rpm
9221938904eb3752f6f662793590d0fd485717a3 redhat/7.3/updates-testing/i386/ruby-1.6.7-5.legacy.i386.rpm
e75c9fb30e5cc1ce70cc626269ee694bdc4ea192 redhat/7.3/updates-testing/i386/ruby-devel-1.6.7-5.legacy.i386.rpm
2f0efc45d8fc54bc2dd1be177c104e09f0869e5a redhat/7.3/updates-testing/i386/ruby-docs-1.6.7-5.legacy.i386.rpm
f57720143f0c3cc0414f35bac468d2a43a4f4ba5 redhat/7.3/updates-testing/i386/ruby-libs-1.6.7-5.legacy.i386.rpm
c54372b3e92143c6a485a1eaec28e88084feda1c redhat/7.3/updates-testing/i386/ruby-mode-1.6.7-5.legacy.i386.rpm
074cef5949a3d172808a482a8ce0854c2f57dae9 redhat/7.3/updates-testing/i386/ruby-mode-xemacs-1.6.7-5.legacy.i386.rpm
268350eb562c748eff321f7a60d4e8b2b35a75b4 redhat/7.3/updates-testing/i386/ruby-tcltk-1.6.7-5.legacy.i386.rpm
27418dc877d16766d22fc1906ce15b9937d2d631 redhat/7.3/updates-testing/SRPMS/ruby-1.6.7-5.legacy.src.rpm


rh9:
2bdad0706f49449491a7e48158d8d2e5796fc043 redhat/9/updates-testing/i386/irb-1.6.8-6.2.legacy.i386.rpm
3ff73cc2715e1e05b89c793a990d632a6e2d5ebc redhat/9/updates-testing/i386/ruby-1.6.8-6.2.legacy.i386.rpm
4d9d86ee0b1393cd4d081404fb8905d0b58af1ec redhat/9/updates-testing/i386/ruby-devel-1.6.8-6.2.legacy.i386.rpm
f8c4d14d8bbc90e974824eb355f7031d6d988fbb redhat/9/updates-testing/i386/ruby-docs-1.6.8-6.2.legacy.i386.rpm
679649deebf9ffcfbeadadf0797aa4becf19e61e redhat/9/updates-testing/i386/ruby-libs-1.6.8-6.2.legacy.i386.rpm
dda4147c16cbbb684a96e41393d2d2e9d162718d redhat/9/updates-testing/i386/ruby-mode-1.6.8-6.2.legacy.i386.rpm
6146235cd606bbcccf6b5a0cfe3548aeccf06fa8 redhat/9/updates-testing/i386/ruby-tcltk-1.6.8-6.2.legacy.i386.rpm
42a4bbd8fb1938e18fd74bb6681f161bdf563048 redhat/9/updates-testing/SRPMS/ruby-1.6.8-6.2.legacy.src.rpm


fc1:
04c2365f7f3e81d6301cea8202b6da93049d8830 fedora/1/updates-testing/i386/irb-1.8.0-5.legacy.i386.rpm
f316e376df3ec8ef4d36492f1059fc830116579a fedora/1/updates-testing/i386/ruby-1.8.0-5.legacy.i386.rpm
99152c9afef3260c395d98918f6dce80cdde6b33 fedora/1/updates-testing/i386/ruby-devel-1.8.0-5.legacy.i386.rpm
db7227360fff6dd7bfa038732267296867bfc100 fedora/1/updates-testing/i386/ruby-docs-1.8.0-5.legacy.i386.rpm
a1cdd38cd7899553856b474ab8a83430be7c0416 fedora/1/updates-testing/i386/ruby-libs-1.8.0-5.legacy.i386.rpm
ee5fb8899a19891ad523a0eedaa2b91ce9e99bd4 fedora/1/updates-testing/i386/ruby-mode-1.8.0-5.legacy.i386.rpm
b04a2aab214b5acdcc244efd13953dca51255d64 fedora/1/updates-testing/i386/ruby-tcltk-1.8.0-5.legacy.i386.rpm
e0776a0929040910b9059993a26ada0008f641c6 fedora/1/updates-testing/SRPMS/ruby-1.8.0-5.legacy.src.rpm


---------------------------------------------------------------------

Please test and comment in bugzilla.

Attachment: signature.asc
Description: OpenPGP digital signature

--

fedora-legacy-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux