Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2008.0990 -- [RedHat] Moderate: ruby security update 22 October 2008 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ruby Publisher: Red Hat Operating System: Red Hat Linux Impact: Inappropriate Access Provide Misleading Information Denial of Service Access: Remote/Unauthenticated CVE Names: CVE-2008-3905 CVE-2008-3790 CVE-2008-3657 CVE-2008-3656 CVE-2008-3655 CVE-2008-3443 Ref: ESB-2008.0966 ESB-2008.0827 ESB-2008.0789 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2008-0895.html https://rhn.redhat.com/errata/RHSA-2008-0896.html https://rhn.redhat.com/errata/RHSA-2008-0897.html Comment: This bulletin contains three (3) Red Hat Security Advisories - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby security update Advisory ID: RHSA-2008:0895-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0895.html Issue date: 2008-10-21 CVE Names: CVE-2008-3443 CVE-2008-3655 ===================================================================== 1. Summary: Updated ruby packages that fix various security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Description: Ruby is an interpreted scripting language for quick and easy object-oriented programming. A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655) A denial of service flaw was found in Ruby's regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite-loop and crash. (CVE-2008-3443) Users of ruby should upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 458948 - CVE-2008-3655 ruby: multiple insufficient safe mode restrictions 459266 - CVE-2008-3443 ruby: Memory allocation failure in Ruby regex engine (remotely exploitable DoS) 6. Package List: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/ruby-1.6.4-7.el2.src.rpm i386: irb-1.6.4-7.el2.i386.rpm ruby-1.6.4-7.el2.i386.rpm ruby-devel-1.6.4-7.el2.i386.rpm ruby-docs-1.6.4-7.el2.i386.rpm ruby-libs-1.6.4-7.el2.i386.rpm ruby-tcltk-1.6.4-7.el2.i386.rpm Red Hat Enterprise Linux ES version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/ruby-1.6.4-7.el2.src.rpm i386: irb-1.6.4-7.el2.i386.rpm ruby-1.6.4-7.el2.i386.rpm ruby-devel-1.6.4-7.el2.i386.rpm ruby-docs-1.6.4-7.el2.i386.rpm ruby-libs-1.6.4-7.el2.i386.rpm ruby-tcltk-1.6.4-7.el2.i386.rpm Red Hat Enterprise Linux WS version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/ruby-1.6.4-7.el2.src.rpm i386: irb-1.6.4-7.el2.i386.rpm ruby-1.6.4-7.el2.i386.rpm ruby-devel-1.6.4-7.el2.i386.rpm ruby-docs-1.6.4-7.el2.i386.rpm ruby-libs-1.6.4-7.el2.i386.rpm ruby-tcltk-1.6.4-7.el2.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3443 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3655 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFI/e9eXlSAg2UNWIIRAojUAJ4vN3Pig/xdB7A60gjQS6aU8MHixgCfYfn+ ROtoNaBPciuwH026vG6FBYA= =jETQ - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby security update Advisory ID: RHSA-2008:0896-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0896.html Issue date: 2008-10-21 CVE Names: CVE-2008-3443 CVE-2008-3655 CVE-2008-3905 ===================================================================== 1. Summary: Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655) A denial of service flaw was found in Ruby's regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite-loop and crash. (CVE-2008-3443) Users of ruby should upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 458948 - CVE-2008-3655 ruby: multiple insufficient safe mode restrictions 459266 - CVE-2008-3443 ruby: Memory allocation failure in Ruby regex engine (remotely exploitable DoS) 461495 - CVE-2008-3905 ruby: use of predictable source port and transaction id in DNS requests done by resolv.rb module 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ruby-1.6.8-13.el3.src.rpm i386: irb-1.6.8-13.el3.i386.rpm ruby-1.6.8-13.el3.i386.rpm ruby-debuginfo-1.6.8-13.el3.i386.rpm ruby-devel-1.6.8-13.el3.i386.rpm ruby-docs-1.6.8-13.el3.i386.rpm ruby-libs-1.6.8-13.el3.i386.rpm ruby-mode-1.6.8-13.el3.i386.rpm ruby-tcltk-1.6.8-13.el3.i386.rpm ia64: irb-1.6.8-13.el3.ia64.rpm ruby-1.6.8-13.el3.ia64.rpm ruby-debuginfo-1.6.8-13.el3.i386.rpm ruby-debuginfo-1.6.8-13.el3.ia64.rpm ruby-devel-1.6.8-13.el3.ia64.rpm ruby-docs-1.6.8-13.el3.ia64.rpm ruby-libs-1.6.8-13.el3.i386.rpm ruby-libs-1.6.8-13.el3.ia64.rpm ruby-mode-1.6.8-13.el3.ia64.rpm ruby-tcltk-1.6.8-13.el3.ia64.rpm ppc: irb-1.6.8-13.el3.ppc.rpm ruby-1.6.8-13.el3.ppc.rpm ruby-debuginfo-1.6.8-13.el3.ppc.rpm ruby-debuginfo-1.6.8-13.el3.ppc64.rpm ruby-devel-1.6.8-13.el3.ppc.rpm ruby-docs-1.6.8-13.el3.ppc.rpm ruby-libs-1.6.8-13.el3.ppc.rpm ruby-libs-1.6.8-13.el3.ppc64.rpm ruby-mode-1.6.8-13.el3.ppc.rpm ruby-tcltk-1.6.8-13.el3.ppc.rpm s390: irb-1.6.8-13.el3.s390.rpm ruby-1.6.8-13.el3.s390.rpm ruby-debuginfo-1.6.8-13.el3.s390.rpm ruby-devel-1.6.8-13.el3.s390.rpm ruby-docs-1.6.8-13.el3.s390.rpm ruby-libs-1.6.8-13.el3.s390.rpm ruby-mode-1.6.8-13.el3.s390.rpm ruby-tcltk-1.6.8-13.el3.s390.rpm s390x: irb-1.6.8-13.el3.s390x.rpm ruby-1.6.8-13.el3.s390x.rpm ruby-debuginfo-1.6.8-13.el3.s390.rpm ruby-debuginfo-1.6.8-13.el3.s390x.rpm ruby-devel-1.6.8-13.el3.s390x.rpm ruby-docs-1.6.8-13.el3.s390x.rpm ruby-libs-1.6.8-13.el3.s390.rpm ruby-libs-1.6.8-13.el3.s390x.rpm ruby-mode-1.6.8-13.el3.s390x.rpm ruby-tcltk-1.6.8-13.el3.s390x.rpm x86_64: irb-1.6.8-13.el3.x86_64.rpm ruby-1.6.8-13.el3.x86_64.rpm ruby-debuginfo-1.6.8-13.el3.i386.rpm ruby-debuginfo-1.6.8-13.el3.x86_64.rpm ruby-devel-1.6.8-13.el3.x86_64.rpm ruby-docs-1.6.8-13.el3.x86_64.rpm ruby-libs-1.6.8-13.el3.i386.rpm ruby-libs-1.6.8-13.el3.x86_64.rpm ruby-mode-1.6.8-13.el3.x86_64.rpm ruby-tcltk-1.6.8-13.el3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ruby-1.6.8-13.el3.src.rpm i386: irb-1.6.8-13.el3.i386.rpm ruby-1.6.8-13.el3.i386.rpm ruby-debuginfo-1.6.8-13.el3.i386.rpm ruby-devel-1.6.8-13.el3.i386.rpm ruby-docs-1.6.8-13.el3.i386.rpm ruby-libs-1.6.8-13.el3.i386.rpm ruby-mode-1.6.8-13.el3.i386.rpm ruby-tcltk-1.6.8-13.el3.i386.rpm x86_64: irb-1.6.8-13.el3.x86_64.rpm ruby-1.6.8-13.el3.x86_64.rpm ruby-debuginfo-1.6.8-13.el3.i386.rpm ruby-debuginfo-1.6.8-13.el3.x86_64.rpm ruby-devel-1.6.8-13.el3.x86_64.rpm ruby-docs-1.6.8-13.el3.x86_64.rpm ruby-libs-1.6.8-13.el3.i386.rpm ruby-libs-1.6.8-13.el3.x86_64.rpm ruby-mode-1.6.8-13.el3.x86_64.rpm ruby-tcltk-1.6.8-13.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ruby-1.6.8-13.el3.src.rpm i386: irb-1.6.8-13.el3.i386.rpm ruby-1.6.8-13.el3.i386.rpm ruby-debuginfo-1.6.8-13.el3.i386.rpm ruby-devel-1.6.8-13.el3.i386.rpm ruby-docs-1.6.8-13.el3.i386.rpm ruby-libs-1.6.8-13.el3.i386.rpm ruby-mode-1.6.8-13.el3.i386.rpm ruby-tcltk-1.6.8-13.el3.i386.rpm ia64: irb-1.6.8-13.el3.ia64.rpm ruby-1.6.8-13.el3.ia64.rpm ruby-debuginfo-1.6.8-13.el3.i386.rpm ruby-debuginfo-1.6.8-13.el3.ia64.rpm ruby-devel-1.6.8-13.el3.ia64.rpm ruby-docs-1.6.8-13.el3.ia64.rpm ruby-libs-1.6.8-13.el3.i386.rpm ruby-libs-1.6.8-13.el3.ia64.rpm ruby-mode-1.6.8-13.el3.ia64.rpm ruby-tcltk-1.6.8-13.el3.ia64.rpm x86_64: irb-1.6.8-13.el3.x86_64.rpm ruby-1.6.8-13.el3.x86_64.rpm ruby-debuginfo-1.6.8-13.el3.i386.rpm ruby-debuginfo-1.6.8-13.el3.x86_64.rpm ruby-devel-1.6.8-13.el3.x86_64.rpm ruby-docs-1.6.8-13.el3.x86_64.rpm ruby-libs-1.6.8-13.el3.i386.rpm ruby-libs-1.6.8-13.el3.x86_64.rpm ruby-mode-1.6.8-13.el3.x86_64.rpm ruby-tcltk-1.6.8-13.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ruby-1.6.8-13.el3.src.rpm i386: irb-1.6.8-13.el3.i386.rpm ruby-1.6.8-13.el3.i386.rpm ruby-debuginfo-1.6.8-13.el3.i386.rpm ruby-devel-1.6.8-13.el3.i386.rpm ruby-docs-1.6.8-13.el3.i386.rpm ruby-libs-1.6.8-13.el3.i386.rpm ruby-mode-1.6.8-13.el3.i386.rpm ruby-tcltk-1.6.8-13.el3.i386.rpm ia64: irb-1.6.8-13.el3.ia64.rpm ruby-1.6.8-13.el3.ia64.rpm ruby-debuginfo-1.6.8-13.el3.i386.rpm ruby-debuginfo-1.6.8-13.el3.ia64.rpm ruby-devel-1.6.8-13.el3.ia64.rpm ruby-docs-1.6.8-13.el3.ia64.rpm ruby-libs-1.6.8-13.el3.i386.rpm ruby-libs-1.6.8-13.el3.ia64.rpm ruby-mode-1.6.8-13.el3.ia64.rpm ruby-tcltk-1.6.8-13.el3.ia64.rpm x86_64: irb-1.6.8-13.el3.x86_64.rpm ruby-1.6.8-13.el3.x86_64.rpm ruby-debuginfo-1.6.8-13.el3.i386.rpm ruby-debuginfo-1.6.8-13.el3.x86_64.rpm ruby-devel-1.6.8-13.el3.x86_64.rpm ruby-docs-1.6.8-13.el3.x86_64.rpm ruby-libs-1.6.8-13.el3.i386.rpm ruby-libs-1.6.8-13.el3.x86_64.rpm ruby-mode-1.6.8-13.el3.x86_64.rpm ruby-tcltk-1.6.8-13.el3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3443 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3905 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFI/e+AXlSAg2UNWIIRAkaaAKCxokgMmvl7L7wJQsgl2yXL98mSugCeNIyp l9NIsTL8kJUDtAf/I/HbAsQ= =U+FD - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby security update Advisory ID: RHSA-2008:0897-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0897.html Issue date: 2008-10-21 CVE Names: CVE-2008-3443 CVE-2008-3655 CVE-2008-3656 CVE-2008-3657 CVE-2008-3790 CVE-2008-3905 ===================================================================== 1. Summary: Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) Ruby's XML document parsing module (REXML) was prone to a denial of service attack via XML documents with large XML entity definitions recursion. A specially-crafted XML file could cause a Ruby application using the REXML module to use an excessive amount of CPU and memory. (CVE-2008-3790) An insufficient "taintness" check flaw was discovered in Ruby's DL module, which provides direct access to the C language functions. An attacker could use this flaw to bypass intended safe-level restrictions by calling external C functions with the arguments from an untrusted tainted inputs. (CVE-2008-3657) A denial of service flaw was discovered in WEBrick, Ruby's HTTP server toolkit. A remote attacker could send a specially-crafted HTTP request to a WEBrick server that would cause the server to use an excessive amount of CPU time. (CVE-2008-3656) A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655) A denial of service flaw was found in Ruby's regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite-loop and crash. (CVE-2008-3443) Users of ruby should upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 458948 - CVE-2008-3655 ruby: multiple insufficient safe mode restrictions 458953 - CVE-2008-3656 ruby: WEBrick DoS vulnerability (CPU consumption) 458966 - CVE-2008-3657 ruby: missing "taintness" checks in dl module 459266 - CVE-2008-3443 ruby: Memory allocation failure in Ruby regex engine (remotely exploitable DoS) 460134 - CVE-2008-3790 ruby: DoS vulnerability in the REXML module 461495 - CVE-2008-3905 ruby: use of predictable source port and transaction id in DNS requests done by resolv.rb module 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ruby-1.8.1-7.el4_7.1.src.rpm i386: irb-1.8.1-7.el4_7.1.i386.rpm ruby-1.8.1-7.el4_7.1.i386.rpm ruby-debuginfo-1.8.1-7.el4_7.1.i386.rpm ruby-devel-1.8.1-7.el4_7.1.i386.rpm ruby-docs-1.8.1-7.el4_7.1.i386.rpm ruby-libs-1.8.1-7.el4_7.1.i386.rpm ruby-mode-1.8.1-7.el4_7.1.i386.rpm ruby-tcltk-1.8.1-7.el4_7.1.i386.rpm ia64: irb-1.8.1-7.el4_7.1.ia64.rpm ruby-1.8.1-7.el4_7.1.ia64.rpm ruby-debuginfo-1.8.1-7.el4_7.1.i386.rpm ruby-debuginfo-1.8.1-7.el4_7.1.ia64.rpm ruby-devel-1.8.1-7.el4_7.1.ia64.rpm ruby-docs-1.8.1-7.el4_7.1.ia64.rpm ruby-libs-1.8.1-7.el4_7.1.i386.rpm ruby-libs-1.8.1-7.el4_7.1.ia64.rpm ruby-mode-1.8.1-7.el4_7.1.ia64.rpm ruby-tcltk-1.8.1-7.el4_7.1.ia64.rpm ppc: irb-1.8.1-7.el4_7.1.ppc.rpm ruby-1.8.1-7.el4_7.1.ppc.rpm ruby-debuginfo-1.8.1-7.el4_7.1.ppc.rpm ruby-debuginfo-1.8.1-7.el4_7.1.ppc64.rpm ruby-devel-1.8.1-7.el4_7.1.ppc.rpm ruby-docs-1.8.1-7.el4_7.1.ppc.rpm ruby-libs-1.8.1-7.el4_7.1.ppc.rpm ruby-libs-1.8.1-7.el4_7.1.ppc64.rpm ruby-mode-1.8.1-7.el4_7.1.ppc.rpm ruby-tcltk-1.8.1-7.el4_7.1.ppc.rpm s390: irb-1.8.1-7.el4_7.1.s390.rpm ruby-1.8.1-7.el4_7.1.s390.rpm ruby-debuginfo-1.8.1-7.el4_7.1.s390.rpm ruby-devel-1.8.1-7.el4_7.1.s390.rpm ruby-docs-1.8.1-7.el4_7.1.s390.rpm ruby-libs-1.8.1-7.el4_7.1.s390.rpm ruby-mode-1.8.1-7.el4_7.1.s390.rpm ruby-tcltk-1.8.1-7.el4_7.1.s390.rpm s390x: irb-1.8.1-7.el4_7.1.s390x.rpm ruby-1.8.1-7.el4_7.1.s390x.rpm ruby-debuginfo-1.8.1-7.el4_7.1.s390.rpm ruby-debuginfo-1.8.1-7.el4_7.1.s390x.rpm ruby-devel-1.8.1-7.el4_7.1.s390x.rpm ruby-docs-1.8.1-7.el4_7.1.s390x.rpm ruby-libs-1.8.1-7.el4_7.1.s390.rpm ruby-libs-1.8.1-7.el4_7.1.s390x.rpm ruby-mode-1.8.1-7.el4_7.1.s390x.rpm ruby-tcltk-1.8.1-7.el4_7.1.s390x.rpm x86_64: irb-1.8.1-7.el4_7.1.x86_64.rpm ruby-1.8.1-7.el4_7.1.x86_64.rpm ruby-debuginfo-1.8.1-7.el4_7.1.i386.rpm ruby-debuginfo-1.8.1-7.el4_7.1.x86_64.rpm ruby-devel-1.8.1-7.el4_7.1.x86_64.rpm ruby-docs-1.8.1-7.el4_7.1.x86_64.rpm ruby-libs-1.8.1-7.el4_7.1.i386.rpm ruby-libs-1.8.1-7.el4_7.1.x86_64.rpm ruby-mode-1.8.1-7.el4_7.1.x86_64.rpm ruby-tcltk-1.8.1-7.el4_7.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ruby-1.8.1-7.el4_7.1.src.rpm i386: irb-1.8.1-7.el4_7.1.i386.rpm ruby-1.8.1-7.el4_7.1.i386.rpm ruby-debuginfo-1.8.1-7.el4_7.1.i386.rpm ruby-devel-1.8.1-7.el4_7.1.i386.rpm ruby-docs-1.8.1-7.el4_7.1.i386.rpm ruby-libs-1.8.1-7.el4_7.1.i386.rpm ruby-mode-1.8.1-7.el4_7.1.i386.rpm ruby-tcltk-1.8.1-7.el4_7.1.i386.rpm x86_64: irb-1.8.1-7.el4_7.1.x86_64.rpm ruby-1.8.1-7.el4_7.1.x86_64.rpm ruby-debuginfo-1.8.1-7.el4_7.1.i386.rpm ruby-debuginfo-1.8.1-7.el4_7.1.x86_64.rpm ruby-devel-1.8.1-7.el4_7.1.x86_64.rpm ruby-docs-1.8.1-7.el4_7.1.x86_64.rpm ruby-libs-1.8.1-7.el4_7.1.i386.rpm ruby-libs-1.8.1-7.el4_7.1.x86_64.rpm ruby-mode-1.8.1-7.el4_7.1.x86_64.rpm ruby-tcltk-1.8.1-7.el4_7.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ruby-1.8.1-7.el4_7.1.src.rpm i386: irb-1.8.1-7.el4_7.1.i386.rpm ruby-1.8.1-7.el4_7.1.i386.rpm ruby-debuginfo-1.8.1-7.el4_7.1.i386.rpm ruby-devel-1.8.1-7.el4_7.1.i386.rpm ruby-docs-1.8.1-7.el4_7.1.i386.rpm ruby-libs-1.8.1-7.el4_7.1.i386.rpm ruby-mode-1.8.1-7.el4_7.1.i386.rpm ruby-tcltk-1.8.1-7.el4_7.1.i386.rpm ia64: irb-1.8.1-7.el4_7.1.ia64.rpm ruby-1.8.1-7.el4_7.1.ia64.rpm ruby-debuginfo-1.8.1-7.el4_7.1.i386.rpm ruby-debuginfo-1.8.1-7.el4_7.1.ia64.rpm ruby-devel-1.8.1-7.el4_7.1.ia64.rpm ruby-docs-1.8.1-7.el4_7.1.ia64.rpm ruby-libs-1.8.1-7.el4_7.1.i386.rpm ruby-libs-1.8.1-7.el4_7.1.ia64.rpm ruby-mode-1.8.1-7.el4_7.1.ia64.rpm ruby-tcltk-1.8.1-7.el4_7.1.ia64.rpm x86_64: irb-1.8.1-7.el4_7.1.x86_64.rpm ruby-1.8.1-7.el4_7.1.x86_64.rpm ruby-debuginfo-1.8.1-7.el4_7.1.i386.rpm ruby-debuginfo-1.8.1-7.el4_7.1.x86_64.rpm ruby-devel-1.8.1-7.el4_7.1.x86_64.rpm ruby-docs-1.8.1-7.el4_7.1.x86_64.rpm ruby-libs-1.8.1-7.el4_7.1.i386.rpm ruby-libs-1.8.1-7.el4_7.1.x86_64.rpm ruby-mode-1.8.1-7.el4_7.1.x86_64.rpm ruby-tcltk-1.8.1-7.el4_7.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ruby-1.8.1-7.el4_7.1.src.rpm i386: irb-1.8.1-7.el4_7.1.i386.rpm ruby-1.8.1-7.el4_7.1.i386.rpm ruby-debuginfo-1.8.1-7.el4_7.1.i386.rpm ruby-devel-1.8.1-7.el4_7.1.i386.rpm ruby-docs-1.8.1-7.el4_7.1.i386.rpm ruby-libs-1.8.1-7.el4_7.1.i386.rpm ruby-mode-1.8.1-7.el4_7.1.i386.rpm ruby-tcltk-1.8.1-7.el4_7.1.i386.rpm ia64: irb-1.8.1-7.el4_7.1.ia64.rpm ruby-1.8.1-7.el4_7.1.ia64.rpm ruby-debuginfo-1.8.1-7.el4_7.1.i386.rpm ruby-debuginfo-1.8.1-7.el4_7.1.ia64.rpm ruby-devel-1.8.1-7.el4_7.1.ia64.rpm ruby-docs-1.8.1-7.el4_7.1.ia64.rpm ruby-libs-1.8.1-7.el4_7.1.i386.rpm ruby-libs-1.8.1-7.el4_7.1.ia64.rpm ruby-mode-1.8.1-7.el4_7.1.ia64.rpm ruby-tcltk-1.8.1-7.el4_7.1.ia64.rpm x86_64: irb-1.8.1-7.el4_7.1.x86_64.rpm ruby-1.8.1-7.el4_7.1.x86_64.rpm ruby-debuginfo-1.8.1-7.el4_7.1.i386.rpm ruby-debuginfo-1.8.1-7.el4_7.1.x86_64.rpm ruby-devel-1.8.1-7.el4_7.1.x86_64.rpm ruby-docs-1.8.1-7.el4_7.1.x86_64.rpm ruby-libs-1.8.1-7.el4_7.1.i386.rpm ruby-libs-1.8.1-7.el4_7.1.x86_64.rpm ruby-mode-1.8.1-7.el4_7.1.x86_64.rpm ruby-tcltk-1.8.1-7.el4_7.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ruby-1.8.5-5.el5_2.5.src.rpm i386: ruby-1.8.5-5.el5_2.5.i386.rpm ruby-debuginfo-1.8.5-5.el5_2.5.i386.rpm ruby-docs-1.8.5-5.el5_2.5.i386.rpm ruby-irb-1.8.5-5.el5_2.5.i386.rpm ruby-libs-1.8.5-5.el5_2.5.i386.rpm ruby-rdoc-1.8.5-5.el5_2.5.i386.rpm ruby-ri-1.8.5-5.el5_2.5.i386.rpm ruby-tcltk-1.8.5-5.el5_2.5.i386.rpm x86_64: ruby-1.8.5-5.el5_2.5.x86_64.rpm ruby-debuginfo-1.8.5-5.el5_2.5.i386.rpm ruby-debuginfo-1.8.5-5.el5_2.5.x86_64.rpm ruby-docs-1.8.5-5.el5_2.5.x86_64.rpm ruby-irb-1.8.5-5.el5_2.5.x86_64.rpm ruby-libs-1.8.5-5.el5_2.5.i386.rpm ruby-libs-1.8.5-5.el5_2.5.x86_64.rpm ruby-rdoc-1.8.5-5.el5_2.5.x86_64.rpm ruby-ri-1.8.5-5.el5_2.5.x86_64.rpm ruby-tcltk-1.8.5-5.el5_2.5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ruby-1.8.5-5.el5_2.5.src.rpm i386: ruby-debuginfo-1.8.5-5.el5_2.5.i386.rpm ruby-devel-1.8.5-5.el5_2.5.i386.rpm ruby-mode-1.8.5-5.el5_2.5.i386.rpm x86_64: ruby-debuginfo-1.8.5-5.el5_2.5.i386.rpm ruby-debuginfo-1.8.5-5.el5_2.5.x86_64.rpm ruby-devel-1.8.5-5.el5_2.5.i386.rpm ruby-devel-1.8.5-5.el5_2.5.x86_64.rpm ruby-mode-1.8.5-5.el5_2.5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ruby-1.8.5-5.el5_2.5.src.rpm i386: ruby-1.8.5-5.el5_2.5.i386.rpm ruby-debuginfo-1.8.5-5.el5_2.5.i386.rpm ruby-devel-1.8.5-5.el5_2.5.i386.rpm ruby-docs-1.8.5-5.el5_2.5.i386.rpm ruby-irb-1.8.5-5.el5_2.5.i386.rpm ruby-libs-1.8.5-5.el5_2.5.i386.rpm ruby-mode-1.8.5-5.el5_2.5.i386.rpm ruby-rdoc-1.8.5-5.el5_2.5.i386.rpm ruby-ri-1.8.5-5.el5_2.5.i386.rpm ruby-tcltk-1.8.5-5.el5_2.5.i386.rpm ia64: ruby-1.8.5-5.el5_2.5.ia64.rpm ruby-debuginfo-1.8.5-5.el5_2.5.ia64.rpm ruby-devel-1.8.5-5.el5_2.5.ia64.rpm ruby-docs-1.8.5-5.el5_2.5.ia64.rpm ruby-irb-1.8.5-5.el5_2.5.ia64.rpm ruby-libs-1.8.5-5.el5_2.5.ia64.rpm ruby-mode-1.8.5-5.el5_2.5.ia64.rpm ruby-rdoc-1.8.5-5.el5_2.5.ia64.rpm ruby-ri-1.8.5-5.el5_2.5.ia64.rpm ruby-tcltk-1.8.5-5.el5_2.5.ia64.rpm ppc: ruby-1.8.5-5.el5_2.5.ppc.rpm ruby-debuginfo-1.8.5-5.el5_2.5.ppc.rpm ruby-debuginfo-1.8.5-5.el5_2.5.ppc64.rpm ruby-devel-1.8.5-5.el5_2.5.ppc.rpm ruby-devel-1.8.5-5.el5_2.5.ppc64.rpm ruby-docs-1.8.5-5.el5_2.5.ppc.rpm ruby-irb-1.8.5-5.el5_2.5.ppc.rpm ruby-libs-1.8.5-5.el5_2.5.ppc.rpm ruby-libs-1.8.5-5.el5_2.5.ppc64.rpm ruby-mode-1.8.5-5.el5_2.5.ppc.rpm ruby-rdoc-1.8.5-5.el5_2.5.ppc.rpm ruby-ri-1.8.5-5.el5_2.5.ppc.rpm ruby-tcltk-1.8.5-5.el5_2.5.ppc.rpm s390x: ruby-1.8.5-5.el5_2.5.s390x.rpm ruby-debuginfo-1.8.5-5.el5_2.5.s390.rpm ruby-debuginfo-1.8.5-5.el5_2.5.s390x.rpm ruby-devel-1.8.5-5.el5_2.5.s390.rpm ruby-devel-1.8.5-5.el5_2.5.s390x.rpm ruby-docs-1.8.5-5.el5_2.5.s390x.rpm ruby-irb-1.8.5-5.el5_2.5.s390x.rpm ruby-libs-1.8.5-5.el5_2.5.s390.rpm ruby-libs-1.8.5-5.el5_2.5.s390x.rpm ruby-mode-1.8.5-5.el5_2.5.s390x.rpm ruby-rdoc-1.8.5-5.el5_2.5.s390x.rpm ruby-ri-1.8.5-5.el5_2.5.s390x.rpm ruby-tcltk-1.8.5-5.el5_2.5.s390x.rpm x86_64: ruby-1.8.5-5.el5_2.5.x86_64.rpm ruby-debuginfo-1.8.5-5.el5_2.5.i386.rpm ruby-debuginfo-1.8.5-5.el5_2.5.x86_64.rpm ruby-devel-1.8.5-5.el5_2.5.i386.rpm ruby-devel-1.8.5-5.el5_2.5.x86_64.rpm ruby-docs-1.8.5-5.el5_2.5.x86_64.rpm ruby-irb-1.8.5-5.el5_2.5.x86_64.rpm ruby-libs-1.8.5-5.el5_2.5.i386.rpm ruby-libs-1.8.5-5.el5_2.5.x86_64.rpm ruby-mode-1.8.5-5.el5_2.5.x86_64.rpm ruby-rdoc-1.8.5-5.el5_2.5.x86_64.rpm ruby-ri-1.8.5-5.el5_2.5.x86_64.rpm ruby-tcltk-1.8.5-5.el5_2.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3443 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3657 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3905 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFI/e+UXlSAg2UNWIIRAhkmAKCipGrP/Td1I7HfBbBs9nbNOLSSqwCbBZ7x YqlWKQvtkDOlTAE5C1RpHXc= =NCZC - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBSP5wDih9+71yA2DNAQL6mwP/RJ1/puAb4Vm35ftJq/Od0fyVAHubrKGD 8vllWibgmwURDlgqZVP5OI9KxJwseD7pwLyD7Ih6H2F3c49EK1OcxDG6iKgQy8HZ GjGxbnQ4jRMRP4wCY/2Eix+hCEnDc06Rcoxhf2A5UCktWl6Xkx5z4bEaKxhTkXN7 xK3TlL1wNV8= =APlT -----END PGP SIGNATURE-----