Security Advisory Moderate: ruby security update

Advisory: RHSA-2008:0562-5
Type: Security Advisory
Severity: Moderate
Issued on: 2008-07-14
Last updated on: 2008-07-14
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
OVAL: com.redhat.rhsa-20080562.xml
CVEs (cve.mitre.org): CVE-2006-6303
CVE-2008-2376
CVE-2008-2663
CVE-2008-2664
CVE-2008-2725
CVE-2008-2726

Details

Updated ruby packages that fix several security issues are now available
for Red Hat Enterprise Linux 2.1 and 3.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Ruby is an interpreted scripting language for quick and easy
object-oriented programming.

Multiple integer overflows leading to a heap overflow were discovered in
the array- and string-handling code used by Ruby. An attacker could use
these flaws to crash a Ruby application or, possibly, execute arbitrary
code with the privileges of the Ruby application using untrusted inputs in
array or string operations. (CVE-2008-2376, CVE-2008-2663, CVE-2008-2725,
CVE-2008-2726)

It was discovered that Ruby used the alloca() memory allocation function in
the format (%) method of the String class without properly restricting
maximum string length. An attacker could use this flaw to crash a Ruby
application or, possibly, execute arbitrary code with the privileges of the
Ruby application using long, untrusted strings as format strings.
(CVE-2008-2664)

Red Hat would like to thank Drew Yao of the Apple Product Security team for
reporting these issues.

A flaw was discovered in the way Ruby's CGI module handles certain HTTP
requests. A remote attacker could send a specially crafted request and
cause the Ruby CGI script to enter an infinite loop, possibly causing a
denial of service. (CVE-2006-6303)

Users of Ruby should upgrade to these updated packages, which contain a
backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
ruby-1.6.8-12.el3.src.rpm     60d3b1746c8cb4ddb30cec2fd6b456d3
 
IA-32:
irb-1.6.8-12.el3.i386.rpm     fad84b291a85db6a8d8c1c46201f4aa5
ruby-1.6.8-12.el3.i386.rpm     1180178152afb9e7aa974dd9b5eaa520
ruby-devel-1.6.8-12.el3.i386.rpm     63f61f2df98638e69f66f3d0e4c850a7
ruby-docs-1.6.8-12.el3.i386.rpm     90f1e654d58903b44d9a4a14d83f38f2
ruby-libs-1.6.8-12.el3.i386.rpm     9b09c94c4b27fdb1d1452166a413ed5d
ruby-mode-1.6.8-12.el3.i386.rpm     df54d3f20b4b8c6afc6a5a09d7636d7a
ruby-tcltk-1.6.8-12.el3.i386.rpm     e5a2243d184e0918e5d98d283dcdabcf
 
x86_64:
irb-1.6.8-12.el3.x86_64.rpm     59c2dd1357009f38acfc00f8c0fa546b
ruby-1.6.8-12.el3.x86_64.rpm     56ba994b113ebc1f9daadaef3d9908c4
ruby-devel-1.6.8-12.el3.x86_64.rpm     821edab6e6e355751136b52448cf75c7
ruby-docs-1.6.8-12.el3.x86_64.rpm     13a2c4e5801293a1235412de15f5180c
ruby-libs-1.6.8-12.el3.i386.rpm     9b09c94c4b27fdb1d1452166a413ed5d
ruby-libs-1.6.8-12.el3.x86_64.rpm     7e74ffc4facc5fa900ceccbb0819268b
ruby-mode-1.6.8-12.el3.x86_64.rpm     fa69157de507fbb05adccfcde0af7584
ruby-tcltk-1.6.8-12.el3.x86_64.rpm     361762125f2f9fda0b9e19080150b7e2
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
ruby-1.6.4-6.el2.src.rpm     e69244e9215017ff8f1dfd5669400a8b
 
IA-32:
irb-1.6.4-6.el2.i386.rpm     0133f32db9a79b90363eced9aff7e8a5
ruby-1.6.4-6.el2.i386.rpm     319cfd9d2f10708f7c2eedab2e800ed3
ruby-devel-1.6.4-6.el2.i386.rpm     2a5a0fb0129cb9201663a9c3f946f5d9
ruby-docs-1.6.4-6.el2.i386.rpm     d55e075a14785400ed555506bcb5d7d4
ruby-libs-1.6.4-6.el2.i386.rpm     01f6319980f4c91763cd1043859d3d7f
ruby-tcltk-1.6.4-6.el2.i386.rpm     2fe3c36103eb9e987b47014c8d0e14c5
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
ruby-1.6.8-12.el3.src.rpm     60d3b1746c8cb4ddb30cec2fd6b456d3
 
IA-32:
irb-1.6.8-12.el3.i386.rpm     fad84b291a85db6a8d8c1c46201f4aa5
ruby-1.6.8-12.el3.i386.rpm     1180178152afb9e7aa974dd9b5eaa520
ruby-devel-1.6.8-12.el3.i386.rpm     63f61f2df98638e69f66f3d0e4c850a7
ruby-docs-1.6.8-12.el3.i386.rpm     90f1e654d58903b44d9a4a14d83f38f2
ruby-libs-1.6.8-12.el3.i386.rpm     9b09c94c4b27fdb1d1452166a413ed5d
ruby-mode-1.6.8-12.el3.i386.rpm     df54d3f20b4b8c6afc6a5a09d7636d7a
ruby-tcltk-1.6.8-12.el3.i386.rpm     e5a2243d184e0918e5d98d283dcdabcf
 
IA-64:
irb-1.6.8-12.el3.ia64.rpm     07b84938a1375a44675401753e3caeab
ruby-1.6.8-12.el3.ia64.rpm     ea7f887ca70f5daf8f483d3d76c22e78
ruby-devel-1.6.8-12.el3.ia64.rpm     6df87f66ae3da7b8b92bdacf6096220a
ruby-docs-1.6.8-12.el3.ia64.rpm     a02539960ce043c28aff7e5e53a6c10d
ruby-libs-1.6.8-12.el3.i386.rpm     9b09c94c4b27fdb1d1452166a413ed5d
ruby-libs-1.6.8-12.el3.ia64.rpm     927bc29954d0dcbf33de45fc6cfc5315
ruby-mode-1.6.8-12.el3.ia64.rpm     23a3ed272e49d65d483edca9acc83d4b
ruby-tcltk-1.6.8-12.el3.ia64.rpm     e67585d34a8cd0b2fc5c4b72dbe98d26
 
PPC:
irb-1.6.8-12.el3.ppc.rpm     65dadb67122a57a44efb4e5ca5123a79
ruby-1.6.8-12.el3.ppc.rpm     0e4c36b4c4487c0740ddd16a8b68cb54
ruby-devel-1.6.8-12.el3.ppc.rpm     4b1885d4fd383b5ac0400ed8555a52f4
ruby-docs-1.6.8-12.el3.ppc.rpm     0ea83447b611fb0718ddf483945c5045
ruby-libs-1.6.8-12.el3.ppc.rpm     46df0c67367a18c826c6e04c7c24ffd8
ruby-libs-1.6.8-12.el3.ppc64.rpm     a13f971513c38072f214d6a8ddfde23f
ruby-mode-1.6.8-12.el3.ppc.rpm     275c5d9308b0951f5e213b512715e1d9
ruby-tcltk-1.6.8-12.el3.ppc.rpm     02ae9f7963c2ed952637b75e6ae84d48
 
s390:
irb-1.6.8-12.el3.s390.rpm     1e2d50b9ca332331ef2d7ec3c02f0a55
ruby-1.6.8-12.el3.s390.rpm     d9e4487edc141930bf1ba947edf43561
ruby-devel-1.6.8-12.el3.s390.rpm     a3fb20c4251f2f441bbb19bd7c1b9fdc
ruby-docs-1.6.8-12.el3.s390.rpm     05376edfbc20c5d17b4c7ff6b598b9cf
ruby-libs-1.6.8-12.el3.s390.rpm     35e30f9f8b48dd6c567e715e89c7282d
ruby-mode-1.6.8-12.el3.s390.rpm     f46e956c877f0451b05603849b334577
ruby-tcltk-1.6.8-12.el3.s390.rpm     513ba54ef7efeee02048c656a9ebf465
 
s390x:
irb-1.6.8-12.el3.s390x.rpm     cc704f2bb1f0d54f603699cd8a10e452
ruby-1.6.8-12.el3.s390x.rpm     62f94a1c00d98a8c92c3f4b65071e9b2
ruby-devel-1.6.8-12.el3.s390x.rpm     c0c9fac5e32470c2ae0c74d2661c43fb
ruby-docs-1.6.8-12.el3.s390x.rpm     fd32fb4e50a73fef7af1a5c5e49c0939
ruby-libs-1.6.8-12.el3.s390.rpm     35e30f9f8b48dd6c567e715e89c7282d
ruby-libs-1.6.8-12.el3.s390x.rpm     ae6225bfe7ef5d13fb54fea605a5c7c1
ruby-mode-1.6.8-12.el3.s390x.rpm     d7a3ac114dca0dea7414d5937d37116e
ruby-tcltk-1.6.8-12.el3.s390x.rpm     3e4923bae5cd29a5e8e85987ad6f181a
 
x86_64:
irb-1.6.8-12.el3.x86_64.rpm     59c2dd1357009f38acfc00f8c0fa546b
ruby-1.6.8-12.el3.x86_64.rpm     56ba994b113ebc1f9daadaef3d9908c4
ruby-devel-1.6.8-12.el3.x86_64.rpm     821edab6e6e355751136b52448cf75c7
ruby-docs-1.6.8-12.el3.x86_64.rpm     13a2c4e5801293a1235412de15f5180c
ruby-libs-1.6.8-12.el3.i386.rpm     9b09c94c4b27fdb1d1452166a413ed5d
ruby-libs-1.6.8-12.el3.x86_64.rpm     7e74ffc4facc5fa900ceccbb0819268b
ruby-mode-1.6.8-12.el3.x86_64.rpm     fa69157de507fbb05adccfcde0af7584
ruby-tcltk-1.6.8-12.el3.x86_64.rpm     361762125f2f9fda0b9e19080150b7e2
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
ruby-1.6.4-6.el2.src.rpm     e69244e9215017ff8f1dfd5669400a8b
 
IA-32:
irb-1.6.4-6.el2.i386.rpm     0133f32db9a79b90363eced9aff7e8a5
ruby-1.6.4-6.el2.i386.rpm     319cfd9d2f10708f7c2eedab2e800ed3
ruby-devel-1.6.4-6.el2.i386.rpm     2a5a0fb0129cb9201663a9c3f946f5d9
ruby-docs-1.6.4-6.el2.i386.rpm     d55e075a14785400ed555506bcb5d7d4
ruby-libs-1.6.4-6.el2.i386.rpm     01f6319980f4c91763cd1043859d3d7f
ruby-tcltk-1.6.4-6.el2.i386.rpm     2fe3c36103eb9e987b47014c8d0e14c5
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
ruby-1.6.8-12.el3.src.rpm     60d3b1746c8cb4ddb30cec2fd6b456d3
 
IA-32:
irb-1.6.8-12.el3.i386.rpm     fad84b291a85db6a8d8c1c46201f4aa5
ruby-1.6.8-12.el3.i386.rpm     1180178152afb9e7aa974dd9b5eaa520
ruby-devel-1.6.8-12.el3.i386.rpm     63f61f2df98638e69f66f3d0e4c850a7
ruby-docs-1.6.8-12.el3.i386.rpm     90f1e654d58903b44d9a4a14d83f38f2
ruby-libs-1.6.8-12.el3.i386.rpm     9b09c94c4b27fdb1d1452166a413ed5d
ruby-mode-1.6.8-12.el3.i386.rpm     df54d3f20b4b8c6afc6a5a09d7636d7a
ruby-tcltk-1.6.8-12.el3.i386.rpm     e5a2243d184e0918e5d98d283dcdabcf
 
IA-64:
irb-1.6.8-12.el3.ia64.rpm     07b84938a1375a44675401753e3caeab
ruby-1.6.8-12.el3.ia64.rpm     ea7f887ca70f5daf8f483d3d76c22e78
ruby-devel-1.6.8-12.el3.ia64.rpm     6df87f66ae3da7b8b92bdacf6096220a
ruby-docs-1.6.8-12.el3.ia64.rpm     a02539960ce043c28aff7e5e53a6c10d
ruby-libs-1.6.8-12.el3.i386.rpm     9b09c94c4b27fdb1d1452166a413ed5d
ruby-libs-1.6.8-12.el3.ia64.rpm     927bc29954d0dcbf33de45fc6cfc5315
ruby-mode-1.6.8-12.el3.ia64.rpm     23a3ed272e49d65d483edca9acc83d4b
ruby-tcltk-1.6.8-12.el3.ia64.rpm     e67585d34a8cd0b2fc5c4b72dbe98d26
 
x86_64:
irb-1.6.8-12.el3.x86_64.rpm     59c2dd1357009f38acfc00f8c0fa546b
ruby-1.6.8-12.el3.x86_64.rpm     56ba994b113ebc1f9daadaef3d9908c4
ruby-devel-1.6.8-12.el3.x86_64.rpm     821edab6e6e355751136b52448cf75c7
ruby-docs-1.6.8-12.el3.x86_64.rpm     13a2c4e5801293a1235412de15f5180c
ruby-libs-1.6.8-12.el3.i386.rpm     9b09c94c4b27fdb1d1452166a413ed5d
ruby-libs-1.6.8-12.el3.x86_64.rpm     7e74ffc4facc5fa900ceccbb0819268b
ruby-mode-1.6.8-12.el3.x86_64.rpm     fa69157de507fbb05adccfcde0af7584
ruby-tcltk-1.6.8-12.el3.x86_64.rpm     361762125f2f9fda0b9e19080150b7e2
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
ruby-1.6.4-6.el2.src.rpm     e69244e9215017ff8f1dfd5669400a8b
 
IA-32:
irb-1.6.4-6.el2.i386.rpm     0133f32db9a79b90363eced9aff7e8a5
ruby-1.6.4-6.el2.i386.rpm     319cfd9d2f10708f7c2eedab2e800ed3
ruby-devel-1.6.4-6.el2.i386.rpm     2a5a0fb0129cb9201663a9c3f946f5d9
ruby-docs-1.6.4-6.el2.i386.rpm     d55e075a14785400ed555506bcb5d7d4
ruby-libs-1.6.4-6.el2.i386.rpm     01f6319980f4c91763cd1043859d3d7f
ruby-tcltk-1.6.4-6.el2.i386.rpm     2fe3c36103eb9e987b47014c8d0e14c5
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
ruby-1.6.8-12.el3.src.rpm     60d3b1746c8cb4ddb30cec2fd6b456d3
 
IA-32:
irb-1.6.8-12.el3.i386.rpm     fad84b291a85db6a8d8c1c46201f4aa5
ruby-1.6.8-12.el3.i386.rpm     1180178152afb9e7aa974dd9b5eaa520
ruby-devel-1.6.8-12.el3.i386.rpm     63f61f2df98638e69f66f3d0e4c850a7
ruby-docs-1.6.8-12.el3.i386.rpm     90f1e654d58903b44d9a4a14d83f38f2
ruby-libs-1.6.8-12.el3.i386.rpm     9b09c94c4b27fdb1d1452166a413ed5d
ruby-mode-1.6.8-12.el3.i386.rpm     df54d3f20b4b8c6afc6a5a09d7636d7a
ruby-tcltk-1.6.8-12.el3.i386.rpm     e5a2243d184e0918e5d98d283dcdabcf
 
IA-64:
irb-1.6.8-12.el3.ia64.rpm     07b84938a1375a44675401753e3caeab
ruby-1.6.8-12.el3.ia64.rpm     ea7f887ca70f5daf8f483d3d76c22e78
ruby-devel-1.6.8-12.el3.ia64.rpm     6df87f66ae3da7b8b92bdacf6096220a
ruby-docs-1.6.8-12.el3.ia64.rpm     a02539960ce043c28aff7e5e53a6c10d
ruby-libs-1.6.8-12.el3.i386.rpm     9b09c94c4b27fdb1d1452166a413ed5d
ruby-libs-1.6.8-12.el3.ia64.rpm     927bc29954d0dcbf33de45fc6cfc5315
ruby-mode-1.6.8-12.el3.ia64.rpm     23a3ed272e49d65d483edca9acc83d4b
ruby-tcltk-1.6.8-12.el3.ia64.rpm     e67585d34a8cd0b2fc5c4b72dbe98d26
 
x86_64:
irb-1.6.8-12.el3.x86_64.rpm     59c2dd1357009f38acfc00f8c0fa546b
ruby-1.6.8-12.el3.x86_64.rpm     56ba994b113ebc1f9daadaef3d9908c4
ruby-devel-1.6.8-12.el3.x86_64.rpm     821edab6e6e355751136b52448cf75c7
ruby-docs-1.6.8-12.el3.x86_64.rpm     13a2c4e5801293a1235412de15f5180c
ruby-libs-1.6.8-12.el3.i386.rpm     9b09c94c4b27fdb1d1452166a413ed5d
ruby-libs-1.6.8-12.el3.x86_64.rpm     7e74ffc4facc5fa900ceccbb0819268b
ruby-mode-1.6.8-12.el3.x86_64.rpm     fa69157de507fbb05adccfcde0af7584
ruby-tcltk-1.6.8-12.el3.x86_64.rpm     361762125f2f9fda0b9e19080150b7e2
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

218287 - CVE-2006-6303 ruby's cgi.rb vulnerable infinite loop DoS
450825 - CVE-2008-2663 ruby: Integer overflows in rb_ary_store()
450834 - CVE-2008-2664 ruby: Unsafe use of alloca in rb_str_format()
451821 - CVE-2008-2725 ruby: integer overflow in rb_ary_splice/update/replace() - REALLOC_N
451828 - CVE-2008-2726 ruby: integer overflow in rb_ary_splice/update/replace() - beg + rlen
453589 - CVE-2008-2376 ruby: integer overflows in rb_ary_fill() / Array#fill


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/