Skip to navigation

Security Advisory Moderate: ruby security update

Advisory: RHSA-2007:0965-3
Type: Security Advisory
Severity: Moderate
Issued on: 2007-11-13
Last updated on: 2007-11-13
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.1.z server)
CVEs (cve.mitre.org): CVE-2007-5162
CVE-2007-5770

Details

Updated ruby packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Ruby is an interpreted scripting language for object-oriented programming.

An SSL certificate validation flaw was discovered in several Ruby Net
modules. The libraries were not checking the requested host name against
the common name (CN) in the SSL server certificate, possibly allowing a man
in the middle attack. (CVE-2007-5162, CVE-2007-5770)

Users of Ruby should upgrade to these updated packages, which contain a
backported patch to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
ruby-1.8.5-5.el5_1.1.src.rpm
File outdated by:  RHSA-2013:1090
    MD5: bd2ba2ff48194091448b3c7c61fd218f
 
IA-32:
ruby-devel-1.8.5-5.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:1090
    MD5: fc9636a5d413c56797e35c13e19445c1
ruby-mode-1.8.5-5.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:1090
    MD5: b71daf9336d1c3ddfd572dd6f42aac3a
 
x86_64:
ruby-devel-1.8.5-5.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:1090
    MD5: fc9636a5d413c56797e35c13e19445c1
ruby-devel-1.8.5-5.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:1090
    MD5: c9cfa969d4cff4ba305119184559d59f
ruby-mode-1.8.5-5.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:1090
    MD5: 42b2fdf9d6d85e4701938042d05da90e
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
ruby-1.8.5-5.el5_1.1.src.rpm
File outdated by:  RHSA-2013:1090
    MD5: bd2ba2ff48194091448b3c7c61fd218f
 
IA-32:
ruby-1.8.5-5.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:1090
    MD5: 9a1214c0884a6e4cfa181a693dbf1905
ruby-devel-1.8.5-5.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:1090
    MD5: fc9636a5d413c56797e35c13e19445c1
ruby-docs-1.8.5-5.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:1090
    MD5: 3f99f3d8b23dbd04830d5b622d9acfbe
ruby-irb-1.8.5-5.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:1090
    MD5: fdafed93c351491808f3d787d2e1b967
ruby-libs-1.8.5-5.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:1090
    MD5: 0d59f6f236006e26d2bdb13835adfbe5
ruby-mode-1.8.5-5.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:1090
    MD5: b71daf9336d1c3ddfd572dd6f42aac3a
ruby-rdoc-1.8.5-5.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:1090
    MD5: 6a61484d511a539a6f5e51ab2f1b524d
ruby-ri-1.8.5-5.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:1090
    MD5: 8283e9c796c013c6fec91ebaf0686717
ruby-tcltk-1.8.5-5.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:1090
    MD5: f57234b3f2b2e62c320cce79633517a2
 
IA-64:
ruby-1.8.5-5.el5_1.1.ia64.rpm
File outdated by:  RHSA-2013:1090
    MD5: 833cb4e41f3ce360bffebe58dca7ffed
ruby-devel-1.8.5-5.el5_1.1.ia64.rpm
File outdated by:  RHSA-2013:1090
    MD5: aa9fc9d56a73ddf69284e15178fd5335
ruby-docs-1.8.5-5.el5_1.1.ia64.rpm
File outdated by:  RHSA-2013:1090
    MD5: 5796d0d2c9bd06e7f15311ff7eb76f95
ruby-irb-1.8.5-5.el5_1.1.ia64.rpm
File outdated by:  RHSA-2013:1090
    MD5: 1cb804cb60fe8cd550d171d522566740
ruby-libs-1.8.5-5.el5_1.1.ia64.rpm
File outdated by:  RHSA-2013:1090
    MD5: 012d3122c4de5507f39eb43b339e8db3
ruby-mode-1.8.5-5.el5_1.1.ia64.rpm
File outdated by:  RHSA-2013:1090
    MD5: b54dd1219ac04bc945265c65f4a2e8a9
ruby-rdoc-1.8.5-5.el5_1.1.ia64.rpm
File outdated by:  RHSA-2013:1090
    MD5: b3e415994eb42d61e8d9783e40f586dd
ruby-ri-1.8.5-5.el5_1.1.ia64.rpm
File outdated by:  RHSA-2013:1090
    MD5: 0668bbb175d3fc815ee7c709f1d67e8e
ruby-tcltk-1.8.5-5.el5_1.1.ia64.rpm
File outdated by:  RHSA-2013:1090
    MD5: 03b3bbd6a20b5a570de2571259beb103
 
PPC:
ruby-1.8.5-5.el5_1.1.ppc.rpm
File outdated by:  RHSA-2013:1090
    MD5: 8c799e6408b3c0af19cf7bebea3b0ec4
ruby-devel-1.8.5-5.el5_1.1.ppc.rpm
File outdated by:  RHSA-2013:1090
    MD5: c65c8ac0c44f5574b2d9e0c946bb1cc0
ruby-devel-1.8.5-5.el5_1.1.ppc64.rpm
File outdated by:  RHSA-2013:1090
    MD5: 216d5f434ca5b590361445655cf35546
ruby-docs-1.8.5-5.el5_1.1.ppc.rpm
File outdated by:  RHSA-2013:1090
    MD5: e7cf922d26f18c948840f2250491b432
ruby-irb-1.8.5-5.el5_1.1.ppc.rpm
File outdated by:  RHSA-2013:1090
    MD5: 6b8ddefd1936ee7eb6f529ffd45f0f56
ruby-libs-1.8.5-5.el5_1.1.ppc.rpm
File outdated by:  RHSA-2013:1090
    MD5: 9bd06a79a8d2144ca0425f64ee5bc052
ruby-libs-1.8.5-5.el5_1.1.ppc64.rpm
File outdated by:  RHSA-2013:1090
    MD5: f68509b3bec796e6e35890101422979c
ruby-mode-1.8.5-5.el5_1.1.ppc.rpm
File outdated by:  RHSA-2013:1090
    MD5: cc042ce28dbd9cfca6686b05488cccd2
ruby-rdoc-1.8.5-5.el5_1.1.ppc.rpm
File outdated by:  RHSA-2013:1090
    MD5: 9f52495edcf1c7241d971a772ec9864b
ruby-ri-1.8.5-5.el5_1.1.ppc.rpm
File outdated by:  RHSA-2013:1090
    MD5: d4ef2eb938ad8e500c312f5a0112bc17
ruby-tcltk-1.8.5-5.el5_1.1.ppc.rpm
File outdated by:  RHSA-2013:1090
    MD5: 9b94203c995d9825ea9522d47d2c93b9
 
s390x:
ruby-1.8.5-5.el5_1.1.s390x.rpm
File outdated by:  RHSA-2013:1090
    MD5: 466dbec52fbb1b426a05562d4223f1b5
ruby-devel-1.8.5-5.el5_1.1.s390.rpm
File outdated by:  RHSA-2013:1090
    MD5: 112e2222450789fda4d4aa3ee866f1c0
ruby-devel-1.8.5-5.el5_1.1.s390x.rpm
File outdated by:  RHSA-2013:1090
    MD5: 5cf92a394b87428a0fa8dd3b4e4cb1b1
ruby-docs-1.8.5-5.el5_1.1.s390x.rpm
File outdated by:  RHSA-2013:1090
    MD5: f8cb187ff5e57e17a7ad9a956b04dbf3
ruby-irb-1.8.5-5.el5_1.1.s390x.rpm
File outdated by:  RHSA-2013:1090
    MD5: aee78c767a2c33a31927258d90e07cf9
ruby-libs-1.8.5-5.el5_1.1.s390.rpm
File outdated by:  RHSA-2013:1090
    MD5: 9f539c988f1672d7b7534faf15c889d6
ruby-libs-1.8.5-5.el5_1.1.s390x.rpm
File outdated by:  RHSA-2013:1090
    MD5: cfa7ff37d59ffa463d96c1865b6cd7b0
ruby-mode-1.8.5-5.el5_1.1.s390x.rpm
File outdated by:  RHSA-2013:1090
    MD5: 80f07b5abe18be100c69925551695c75
ruby-rdoc-1.8.5-5.el5_1.1.s390x.rpm
File outdated by:  RHSA-2013:1090
    MD5: 2b1f9972403c4793cd97ef783ba052b7
ruby-ri-1.8.5-5.el5_1.1.s390x.rpm
File outdated by:  RHSA-2013:1090
    MD5: 2d551ece5c839f9b241118a140dbbe02
ruby-tcltk-1.8.5-5.el5_1.1.s390x.rpm
File outdated by:  RHSA-2013:1090
    MD5: 558d87b587fc059bb648a620e91d9506
 
x86_64:
ruby-1.8.5-5.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:1090
    MD5: 1727a1e7a24dffd9bcbaf14dd5885e09
ruby-devel-1.8.5-5.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:1090
    MD5: fc9636a5d413c56797e35c13e19445c1
ruby-devel-1.8.5-5.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:1090
    MD5: c9cfa969d4cff4ba305119184559d59f
ruby-docs-1.8.5-5.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:1090
    MD5: b20add781113d1a6c62da9eb4ae5322e
ruby-irb-1.8.5-5.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:1090
    MD5: 9860b5dcaff839ceac92ad3473474138
ruby-libs-1.8.5-5.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:1090
    MD5: 0d59f6f236006e26d2bdb13835adfbe5
ruby-libs-1.8.5-5.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:1090
    MD5: 7cdaed976249c0f131f545adc6d34a19
ruby-mode-1.8.5-5.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:1090
    MD5: 42b2fdf9d6d85e4701938042d05da90e
ruby-rdoc-1.8.5-5.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:1090
    MD5: b9daa1cda45b5c9eb7977162d32932f8
ruby-ri-1.8.5-5.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:1090
    MD5: 7a97f1f171c16e36bd85abbbadab358b
ruby-tcltk-1.8.5-5.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:1090
    MD5: 9e1e70b9dd97366bd2d46a3bd87da52d
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
ruby-1.8.5-5.el5_1.1.src.rpm
File outdated by:  RHSA-2013:1090
    MD5: bd2ba2ff48194091448b3c7c61fd218f
 
IA-32:
ruby-1.8.5-5.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:1090
    MD5: 9a1214c0884a6e4cfa181a693dbf1905
ruby-docs-1.8.5-5.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:1090
    MD5: 3f99f3d8b23dbd04830d5b622d9acfbe
ruby-irb-1.8.5-5.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:1090
    MD5: fdafed93c351491808f3d787d2e1b967
ruby-libs-1.8.5-5.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:1090
    MD5: 0d59f6f236006e26d2bdb13835adfbe5
ruby-rdoc-1.8.5-5.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:1090
    MD5: 6a61484d511a539a6f5e51ab2f1b524d
ruby-ri-1.8.5-5.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:1090
    MD5: 8283e9c796c013c6fec91ebaf0686717
ruby-tcltk-1.8.5-5.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:1090
    MD5: f57234b3f2b2e62c320cce79633517a2
 
x86_64:
ruby-1.8.5-5.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:1090
    MD5: 1727a1e7a24dffd9bcbaf14dd5885e09
ruby-docs-1.8.5-5.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:1090
    MD5: b20add781113d1a6c62da9eb4ae5322e
ruby-irb-1.8.5-5.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:1090
    MD5: 9860b5dcaff839ceac92ad3473474138
ruby-libs-1.8.5-5.el5_1.1.i386.rpm
File outdated by:  RHSA-2013:1090
    MD5: 0d59f6f236006e26d2bdb13835adfbe5
ruby-libs-1.8.5-5.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:1090
    MD5: 7cdaed976249c0f131f545adc6d34a19
ruby-rdoc-1.8.5-5.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:1090
    MD5: b9daa1cda45b5c9eb7977162d32932f8
ruby-ri-1.8.5-5.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:1090
    MD5: 7a97f1f171c16e36bd85abbbadab358b
ruby-tcltk-1.8.5-5.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2013:1090
    MD5: 9e1e70b9dd97366bd2d46a3bd87da52d
 
Red Hat Enterprise Linux EUS (v. 5.1.z server)

SRPMS:
ruby-1.8.5-5.el5_1.1.src.rpm
File outdated by:  RHSA-2013:1090
    MD5: bd2ba2ff48194091448b3c7c61fd218f
 
IA-32:
ruby-1.8.5-5.el5_1.1.i386.rpm     MD5: 9a1214c0884a6e4cfa181a693dbf1905
ruby-devel-1.8.5-5.el5_1.1.i386.rpm     MD5: fc9636a5d413c56797e35c13e19445c1
ruby-docs-1.8.5-5.el5_1.1.i386.rpm     MD5: 3f99f3d8b23dbd04830d5b622d9acfbe
ruby-irb-1.8.5-5.el5_1.1.i386.rpm     MD5: fdafed93c351491808f3d787d2e1b967
ruby-libs-1.8.5-5.el5_1.1.i386.rpm     MD5: 0d59f6f236006e26d2bdb13835adfbe5
ruby-mode-1.8.5-5.el5_1.1.i386.rpm     MD5: b71daf9336d1c3ddfd572dd6f42aac3a
ruby-rdoc-1.8.5-5.el5_1.1.i386.rpm     MD5: 6a61484d511a539a6f5e51ab2f1b524d
ruby-ri-1.8.5-5.el5_1.1.i386.rpm     MD5: 8283e9c796c013c6fec91ebaf0686717
ruby-tcltk-1.8.5-5.el5_1.1.i386.rpm     MD5: f57234b3f2b2e62c320cce79633517a2
 
IA-64:
ruby-1.8.5-5.el5_1.1.ia64.rpm     MD5: 833cb4e41f3ce360bffebe58dca7ffed
ruby-devel-1.8.5-5.el5_1.1.ia64.rpm     MD5: aa9fc9d56a73ddf69284e15178fd5335
ruby-docs-1.8.5-5.el5_1.1.ia64.rpm     MD5: 5796d0d2c9bd06e7f15311ff7eb76f95
ruby-irb-1.8.5-5.el5_1.1.ia64.rpm     MD5: 1cb804cb60fe8cd550d171d522566740
ruby-libs-1.8.5-5.el5_1.1.ia64.rpm     MD5: 012d3122c4de5507f39eb43b339e8db3
ruby-mode-1.8.5-5.el5_1.1.ia64.rpm     MD5: b54dd1219ac04bc945265c65f4a2e8a9
ruby-rdoc-1.8.5-5.el5_1.1.ia64.rpm     MD5: b3e415994eb42d61e8d9783e40f586dd
ruby-ri-1.8.5-5.el5_1.1.ia64.rpm     MD5: 0668bbb175d3fc815ee7c709f1d67e8e
ruby-tcltk-1.8.5-5.el5_1.1.ia64.rpm     MD5: 03b3bbd6a20b5a570de2571259beb103
 
PPC:
ruby-1.8.5-5.el5_1.1.ppc.rpm     MD5: 8c799e6408b3c0af19cf7bebea3b0ec4
ruby-devel-1.8.5-5.el5_1.1.ppc.rpm     MD5: c65c8ac0c44f5574b2d9e0c946bb1cc0
ruby-devel-1.8.5-5.el5_1.1.ppc64.rpm     MD5: 216d5f434ca5b590361445655cf35546
ruby-docs-1.8.5-5.el5_1.1.ppc.rpm     MD5: e7cf922d26f18c948840f2250491b432
ruby-irb-1.8.5-5.el5_1.1.ppc.rpm     MD5: 6b8ddefd1936ee7eb6f529ffd45f0f56
ruby-libs-1.8.5-5.el5_1.1.ppc.rpm     MD5: 9bd06a79a8d2144ca0425f64ee5bc052
ruby-libs-1.8.5-5.el5_1.1.ppc64.rpm     MD5: f68509b3bec796e6e35890101422979c
ruby-mode-1.8.5-5.el5_1.1.ppc.rpm     MD5: cc042ce28dbd9cfca6686b05488cccd2
ruby-rdoc-1.8.5-5.el5_1.1.ppc.rpm     MD5: 9f52495edcf1c7241d971a772ec9864b
ruby-ri-1.8.5-5.el5_1.1.ppc.rpm     MD5: d4ef2eb938ad8e500c312f5a0112bc17
ruby-tcltk-1.8.5-5.el5_1.1.ppc.rpm     MD5: 9b94203c995d9825ea9522d47d2c93b9
 
s390x:
ruby-1.8.5-5.el5_1.1.s390x.rpm     MD5: 466dbec52fbb1b426a05562d4223f1b5
ruby-devel-1.8.5-5.el5_1.1.s390.rpm     MD5: 112e2222450789fda4d4aa3ee866f1c0
ruby-devel-1.8.5-5.el5_1.1.s390x.rpm     MD5: 5cf92a394b87428a0fa8dd3b4e4cb1b1
ruby-docs-1.8.5-5.el5_1.1.s390x.rpm     MD5: f8cb187ff5e57e17a7ad9a956b04dbf3
ruby-irb-1.8.5-5.el5_1.1.s390x.rpm     MD5: aee78c767a2c33a31927258d90e07cf9
ruby-libs-1.8.5-5.el5_1.1.s390.rpm     MD5: 9f539c988f1672d7b7534faf15c889d6
ruby-libs-1.8.5-5.el5_1.1.s390x.rpm     MD5: cfa7ff37d59ffa463d96c1865b6cd7b0
ruby-mode-1.8.5-5.el5_1.1.s390x.rpm     MD5: 80f07b5abe18be100c69925551695c75
ruby-rdoc-1.8.5-5.el5_1.1.s390x.rpm     MD5: 2b1f9972403c4793cd97ef783ba052b7
ruby-ri-1.8.5-5.el5_1.1.s390x.rpm     MD5: 2d551ece5c839f9b241118a140dbbe02
ruby-tcltk-1.8.5-5.el5_1.1.s390x.rpm     MD5: 558d87b587fc059bb648a620e91d9506
 
x86_64:
ruby-1.8.5-5.el5_1.1.x86_64.rpm     MD5: 1727a1e7a24dffd9bcbaf14dd5885e09
ruby-devel-1.8.5-5.el5_1.1.i386.rpm     MD5: fc9636a5d413c56797e35c13e19445c1
ruby-devel-1.8.5-5.el5_1.1.x86_64.rpm     MD5: c9cfa969d4cff4ba305119184559d59f
ruby-docs-1.8.5-5.el5_1.1.x86_64.rpm     MD5: b20add781113d1a6c62da9eb4ae5322e
ruby-irb-1.8.5-5.el5_1.1.x86_64.rpm     MD5: 9860b5dcaff839ceac92ad3473474138
ruby-libs-1.8.5-5.el5_1.1.i386.rpm     MD5: 0d59f6f236006e26d2bdb13835adfbe5
ruby-libs-1.8.5-5.el5_1.1.x86_64.rpm     MD5: 7cdaed976249c0f131f545adc6d34a19
ruby-mode-1.8.5-5.el5_1.1.x86_64.rpm     MD5: 42b2fdf9d6d85e4701938042d05da90e
ruby-rdoc-1.8.5-5.el5_1.1.x86_64.rpm     MD5: b9daa1cda45b5c9eb7977162d32932f8
ruby-ri-1.8.5-5.el5_1.1.x86_64.rpm     MD5: 7a97f1f171c16e36bd85abbbadab358b
ruby-tcltk-1.8.5-5.el5_1.1.x86_64.rpm     MD5: 9e1e70b9dd97366bd2d46a3bd87da52d
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

313691 - CVE-2007-5162 ruby Net:HTTP insufficient verification of SSL certificate
362081 - CVE-2007-5770 ruby insufficient verification of SSL certificate in various net::* modules


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/