-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: ruby
Advisory ID: MDKSA-2004:128
Date: November 8th, 2004
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
Andres Salomon noticed a problem with the CGI session management in
Ruby. The CGI:Session's FileStore implementations store session
information in an insecure manner by just creating files and ignoring
permission issues (CAN-2004-0755).
The ruby developers have corrected a problem in the ruby CGI module
that can be triggered remotely and cause an inifinite loop on the
server (CAN-2004-0983).
The updated packages are patched to prevent these problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0983
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
78ad14ec966b0555089e94ad19604b44 10.0/RPMS/ruby-1.8.1-1.2.100mdk.i586.rpm
33d12ff3583ced4c88be97fb473b0813 10.0/RPMS/ruby-devel-1.8.1-1.2.100mdk.i586.rpm
776bfc4df4f2c093efceebe470391707 10.0/RPMS/ruby-doc-1.8.1-1.2.100mdk.i586.rpm
890a20e02c7f46b47adf6a8f78223659 10.0/RPMS/ruby-tk-1.8.1-1.2.100mdk.i586.rpm
35abe65664a41317a279ef320d56ac46 10.0/SRPMS/ruby-1.8.1-1.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
a264a378c30202cea578c9a4594b3eeb amd64/10.0/RPMS/ruby-1.8.1-1.2.100mdk.amd64.rpm
37bfe093ef80363bedba7b2dadf51bd6 amd64/10.0/RPMS/ruby-devel-1.8.1-1.2.100mdk.amd64.rpm
f87a35ff158820c1e237306a76ad45c2 amd64/10.0/RPMS/ruby-doc-1.8.1-1.2.100mdk.amd64.rpm
c2bed939a9ca7da197f949b71a3a1687 amd64/10.0/RPMS/ruby-tk-1.8.1-1.2.100mdk.amd64.rpm
35abe65664a41317a279ef320d56ac46 amd64/10.0/SRPMS/ruby-1.8.1-1.2.100mdk.src.rpm
Mandrakelinux 10.1:
101f9a5772044b5267a1be98b36dcac5 10.1/RPMS/ruby-1.8.1-4.2.101mdk.i586.rpm
72c1c8413c801e599dfc174041754384 10.1/RPMS/ruby-devel-1.8.1-4.2.101mdk.i586.rpm
b9c6fce1facc4bdbf829435b6075d266 10.1/RPMS/ruby-doc-1.8.1-4.2.101mdk.i586.rpm
b2f516a033fb089f5a5819dcb9f2a38c 10.1/RPMS/ruby-tk-1.8.1-4.2.101mdk.i586.rpm
d356531e89645a5aa9e2f5ad7dac55dd 10.1/SRPMS/ruby-1.8.1-4.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
dc340846e8c30a4ef9115eb7e20520c3 x86_64/10.1/RPMS/ruby-1.8.1-4.2.101mdk.x86_64.rpm
234644faf341899ae3f251cbfb09f0da x86_64/10.1/RPMS/ruby-devel-1.8.1-4.2.101mdk.x86_64.rpm
b4b7876cc7762e09469e2d60ccb7f4f2 x86_64/10.1/RPMS/ruby-doc-1.8.1-4.2.101mdk.x86_64.rpm
4177169d6970c4dd3210ca8a15cffead x86_64/10.1/RPMS/ruby-tk-1.8.1-4.2.101mdk.x86_64.rpm
d356531e89645a5aa9e2f5ad7dac55dd x86_64/10.1/SRPMS/ruby-1.8.1-4.2.101mdk.src.rpm
Corporate Server 2.1:
8467a2a206b02e729e39601e1762af1c corporate/2.1/RPMS/ruby-1.6.7-5.2.C21mdk.i586.rpm
236abcc01b4cabc4f70bbf76d73a604b corporate/2.1/RPMS/ruby-devel-1.6.7-5.2.C21mdk.i586.rpm
47155447664218a143dca3f9c03c1316 corporate/2.1/RPMS/ruby-doc-1.6.7-5.2.C21mdk.i586.rpm
97ca9727e9f927e30723eeda3a935568 corporate/2.1/RPMS/ruby-tk-1.6.7-5.2.C21mdk.i586.rpm
451b383b9a34d35fb11bab1e917437de corporate/2.1/SRPMS/ruby-1.6.7-5.2.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
175f8a45c99de3487df134df6fb22ef4 x86_64/corporate/2.1/RPMS/ruby-1.6.7-5.2.C21mdk.x86_64.rpm
1d303628932bff75f684be71a6e453f1 x86_64/corporate/2.1/RPMS/ruby-devel-1.6.7-5.2.C21mdk.x86_64.rpm
a937b87c10e5f3ecb41610e64b09c9ba x86_64/corporate/2.1/RPMS/ruby-doc-1.6.7-5.2.C21mdk.x86_64.rpm
40a44ec634f8929394835d5c561ad212 x86_64/corporate/2.1/RPMS/ruby-tk-1.6.7-5.2.C21mdk.x86_64.rpm
451b383b9a34d35fb11bab1e917437de x86_64/corporate/2.1/SRPMS/ruby-1.6.7-5.2.C21mdk.src.rpm
Mandrakelinux 9.2:
6f8ee2c9308debe5b391b322f93e9524 9.2/RPMS/ruby-1.8.0-4.2.92mdk.i586.rpm
58cabdd982a8c760e7af0fb5e81d9dc7 9.2/RPMS/ruby-devel-1.8.0-4.2.92mdk.i586.rpm
c7b7d678f4cb76b79996380f2f04a747 9.2/RPMS/ruby-doc-1.8.0-4.2.92mdk.i586.rpm
c613fe92253fdfe9f581eb0af17f75d1 9.2/RPMS/ruby-tk-1.8.0-4.2.92mdk.i586.rpm
95e4882f99900e40a8e9680ecf5d08e1 9.2/SRPMS/ruby-1.8.0-4.2.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
c4d3b440f5c11465b8d496bf4f531df4 amd64/9.2/RPMS/ruby-1.8.0-4.2.92mdk.amd64.rpm
ca6c4b4aac7aa3d091ef62f0cefa3820 amd64/9.2/RPMS/ruby-devel-1.8.0-4.2.92mdk.amd64.rpm
ce56f743c39e354939ff4ca43f288d14 amd64/9.2/RPMS/ruby-doc-1.8.0-4.2.92mdk.amd64.rpm
096e63f35549468726f50ffe2bfa28e7 amd64/9.2/RPMS/ruby-tk-1.8.0-4.2.92mdk.amd64.rpm
95e4882f99900e40a8e9680ecf5d08e1 amd64/9.2/SRPMS/ruby-1.8.0-4.2.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBj9yymqjQ0CJFipgRApMsAKCTPn9wTytfhR6er9Xz+gPAlBGTRQCgo6ur
JC6CkTKLC4uRqAYHbhFZpyU=
=I8fV
-----END PGP SIGNATURE-----
