Skip to navigation

Security Advisory ruby security update

Advisory: RHSA-2004:441-18
Type: Security Advisory
Severity: Low
Issued on: 2004-09-30
Last updated on: 2004-09-30
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
CVEs (cve.mitre.org): CVE-2004-0755

Details

An updated ruby package that fixes insecure file permissions for CGI session
files is now available.

Ruby is an interpreted scripting language for object-oriented programming.

Andres Salomon reported an insecure file permissions flaw in the CGI
session management of Ruby. FileStore created world readable files that
could allow a malicious local user the ability to read CGI session data.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0755 to this issue.

Users are advised to upgrade to this erratum package, which contains a
backported patch to CGI::Session FileStore.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
ruby-1.6.8-9.EL3.2.src.rpm
File outdated by:  RHSA-2008:0896
    MD5: 4a005a302e389f88e0059a04ffe1c301
ruby-1.6.8-9.EL3.2.src.rpm
File outdated by:  RHSA-2008:0896
    MD5: 4a005a302e389f88e0059a04ffe1c301
 
IA-32:
ruby-1.6.8-9.EL3.2.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: b806ed75a84c93559323ad7a31775ce3
ruby-devel-1.6.8-9.EL3.2.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 945e6b9345cc4f23667ac60909b0ef5d
ruby-libs-1.6.8-9.EL3.2.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 056d3fc25714ecf458837e2350f1403e
ruby-mode-1.6.8-9.EL3.2.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: e3c51a8f573f313113ab0de0811c3993
 
x86_64:
ruby-1.6.8-9.EL3.2.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 3048997bfb6fc66ca6ec6813d2f0aff6
ruby-devel-1.6.8-9.EL3.2.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: b8135ec687a30ca432a67cb383a1e62a
ruby-libs-1.6.8-9.EL3.2.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 056d3fc25714ecf458837e2350f1403e
ruby-libs-1.6.8-9.EL3.2.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 160b4e7a46029a3ccb2ba98fd1a4dd7d
ruby-mode-1.6.8-9.EL3.2.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 8456efd1389a4d322fca5fce518e44a1
 
Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
ruby-1.6.4-2.AS21.0.src.rpm
File outdated by:  RHSA-2008:0895
    MD5: eb97376e716aa09d718d5afc0f4a0020
ruby-1.6.4-2.AS21.0.src.rpm
File outdated by:  RHSA-2008:0895
    MD5: eb97376e716aa09d718d5afc0f4a0020
 
IA-32:
irb-1.6.4-2.AS21.0.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 8570dca43ce0243d098a667d77f08490
ruby-1.6.4-2.AS21.0.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: ec1d1fe2f3f0ebae66342127c5a48e19
ruby-devel-1.6.4-2.AS21.0.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: b318516e9af9320a3638d496754c3f3e
ruby-docs-1.6.4-2.AS21.0.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 95c13aa43397b4d1f8f625d5db8cf0e6
ruby-libs-1.6.4-2.AS21.0.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: dd229e6ba40dee0ddd9f7072bd24780b
ruby-tcltk-1.6.4-2.AS21.0.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: b7b059fa23ba437057ad66125201407e
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
ruby-1.6.8-9.EL3.2.src.rpm
File outdated by:  RHSA-2008:0896
    MD5: 4a005a302e389f88e0059a04ffe1c301
ruby-1.6.8-9.EL3.2.src.rpm
File outdated by:  RHSA-2008:0896
    MD5: 4a005a302e389f88e0059a04ffe1c301
 
IA-32:
ruby-1.6.8-9.EL3.2.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: b806ed75a84c93559323ad7a31775ce3
ruby-devel-1.6.8-9.EL3.2.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 945e6b9345cc4f23667ac60909b0ef5d
ruby-libs-1.6.8-9.EL3.2.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 056d3fc25714ecf458837e2350f1403e
ruby-mode-1.6.8-9.EL3.2.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: e3c51a8f573f313113ab0de0811c3993
 
IA-64:
ruby-1.6.8-9.EL3.2.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 54124222ea6990ebae5aba4355d9ac70
ruby-devel-1.6.8-9.EL3.2.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 3118ec318e2ff6065e4e598ee07374e3
ruby-libs-1.6.8-9.EL3.2.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 056d3fc25714ecf458837e2350f1403e
ruby-libs-1.6.8-9.EL3.2.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: bc523ead60e9bd104cf55373a9ad3b8c
ruby-mode-1.6.8-9.EL3.2.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: f5c7ade5502b67d1a35c76223de7663c
 
PPC:
ruby-1.6.8-9.EL3.2.ppc.rpm
File outdated by:  RHSA-2008:0896
    MD5: e111badd02691f2d3af1228cfd1305ad
ruby-devel-1.6.8-9.EL3.2.ppc.rpm
File outdated by:  RHSA-2008:0896
    MD5: 71f4002652015dc1394d1a0707dac921
ruby-libs-1.6.8-9.EL3.2.ppc.rpm
File outdated by:  RHSA-2008:0896
    MD5: 2834716a178d5c22b2a0bdc3c18e4569
ruby-mode-1.6.8-9.EL3.2.ppc.rpm
File outdated by:  RHSA-2008:0896
    MD5: c722c0ce315e1e5a4229e94b1518ba30
 
s390:
ruby-1.6.8-9.EL3.2.s390.rpm
File outdated by:  RHSA-2008:0896
    MD5: ba3145afb52bc659a5efcc0452a55ff3
ruby-devel-1.6.8-9.EL3.2.s390.rpm
File outdated by:  RHSA-2008:0896
    MD5: e52eb4855a8501f0c2fccf2b1e3524aa
ruby-libs-1.6.8-9.EL3.2.s390.rpm
File outdated by:  RHSA-2008:0896
    MD5: 6b18d38bd6d62c84d757f229845b6079
ruby-mode-1.6.8-9.EL3.2.s390.rpm
File outdated by:  RHSA-2008:0896
    MD5: 0cf38f2a6c42ceb80a674bcc9ffa557d
 
s390x:
ruby-1.6.8-9.EL3.2.s390x.rpm
File outdated by:  RHSA-2008:0896
    MD5: 7292fe703498f5ee33a20d69f7ad6cd1
ruby-devel-1.6.8-9.EL3.2.s390x.rpm
File outdated by:  RHSA-2008:0896
    MD5: e1ff142228b28536b4a3977db8d430a7
ruby-libs-1.6.8-9.EL3.2.s390x.rpm
File outdated by:  RHSA-2008:0896
    MD5: c1849a6c9570941144914d7d518d71e8
ruby-mode-1.6.8-9.EL3.2.s390x.rpm
File outdated by:  RHSA-2008:0896
    MD5: fd9f25954b2d1b87d521848a6bf2501b
 
x86_64:
ruby-1.6.8-9.EL3.2.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 3048997bfb6fc66ca6ec6813d2f0aff6
ruby-devel-1.6.8-9.EL3.2.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: b8135ec687a30ca432a67cb383a1e62a
ruby-libs-1.6.8-9.EL3.2.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 056d3fc25714ecf458837e2350f1403e
ruby-libs-1.6.8-9.EL3.2.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 160b4e7a46029a3ccb2ba98fd1a4dd7d
ruby-mode-1.6.8-9.EL3.2.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 8456efd1389a4d322fca5fce518e44a1
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
ruby-1.6.4-2.AS21.0.src.rpm
File outdated by:  RHSA-2008:0895
    MD5: eb97376e716aa09d718d5afc0f4a0020
ruby-1.6.4-2.AS21.0.src.rpm
File outdated by:  RHSA-2008:0895
    MD5: eb97376e716aa09d718d5afc0f4a0020
 
IA-32:
irb-1.6.4-2.AS21.0.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 8570dca43ce0243d098a667d77f08490
ruby-1.6.4-2.AS21.0.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: ec1d1fe2f3f0ebae66342127c5a48e19
ruby-devel-1.6.4-2.AS21.0.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: b318516e9af9320a3638d496754c3f3e
ruby-docs-1.6.4-2.AS21.0.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 95c13aa43397b4d1f8f625d5db8cf0e6
ruby-libs-1.6.4-2.AS21.0.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: dd229e6ba40dee0ddd9f7072bd24780b
ruby-tcltk-1.6.4-2.AS21.0.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: b7b059fa23ba437057ad66125201407e
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
ruby-1.6.8-9.EL3.2.src.rpm
File outdated by:  RHSA-2008:0896
    MD5: 4a005a302e389f88e0059a04ffe1c301
ruby-1.6.8-9.EL3.2.src.rpm
File outdated by:  RHSA-2008:0896
    MD5: 4a005a302e389f88e0059a04ffe1c301
 
IA-32:
ruby-1.6.8-9.EL3.2.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: b806ed75a84c93559323ad7a31775ce3
ruby-devel-1.6.8-9.EL3.2.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 945e6b9345cc4f23667ac60909b0ef5d
ruby-libs-1.6.8-9.EL3.2.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 056d3fc25714ecf458837e2350f1403e
ruby-mode-1.6.8-9.EL3.2.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: e3c51a8f573f313113ab0de0811c3993
 
IA-64:
ruby-1.6.8-9.EL3.2.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 54124222ea6990ebae5aba4355d9ac70
ruby-devel-1.6.8-9.EL3.2.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 3118ec318e2ff6065e4e598ee07374e3
ruby-libs-1.6.8-9.EL3.2.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 056d3fc25714ecf458837e2350f1403e
ruby-libs-1.6.8-9.EL3.2.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: bc523ead60e9bd104cf55373a9ad3b8c
ruby-mode-1.6.8-9.EL3.2.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: f5c7ade5502b67d1a35c76223de7663c
 
x86_64:
ruby-1.6.8-9.EL3.2.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 3048997bfb6fc66ca6ec6813d2f0aff6
ruby-devel-1.6.8-9.EL3.2.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: b8135ec687a30ca432a67cb383a1e62a
ruby-libs-1.6.8-9.EL3.2.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 056d3fc25714ecf458837e2350f1403e
ruby-libs-1.6.8-9.EL3.2.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 160b4e7a46029a3ccb2ba98fd1a4dd7d
ruby-mode-1.6.8-9.EL3.2.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 8456efd1389a4d322fca5fce518e44a1
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
ruby-1.6.4-2.AS21.0.src.rpm
File outdated by:  RHSA-2008:0895
    MD5: eb97376e716aa09d718d5afc0f4a0020
ruby-1.6.4-2.AS21.0.src.rpm
File outdated by:  RHSA-2008:0895
    MD5: eb97376e716aa09d718d5afc0f4a0020
 
IA-32:
irb-1.6.4-2.AS21.0.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 8570dca43ce0243d098a667d77f08490
ruby-1.6.4-2.AS21.0.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: ec1d1fe2f3f0ebae66342127c5a48e19
ruby-devel-1.6.4-2.AS21.0.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: b318516e9af9320a3638d496754c3f3e
ruby-docs-1.6.4-2.AS21.0.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 95c13aa43397b4d1f8f625d5db8cf0e6
ruby-libs-1.6.4-2.AS21.0.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: dd229e6ba40dee0ddd9f7072bd24780b
ruby-tcltk-1.6.4-2.AS21.0.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: b7b059fa23ba437057ad66125201407e
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
ruby-1.6.8-9.EL3.2.src.rpm
File outdated by:  RHSA-2008:0896
    MD5: 4a005a302e389f88e0059a04ffe1c301
ruby-1.6.8-9.EL3.2.src.rpm
File outdated by:  RHSA-2008:0896
    MD5: 4a005a302e389f88e0059a04ffe1c301
 
IA-32:
ruby-1.6.8-9.EL3.2.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: b806ed75a84c93559323ad7a31775ce3
ruby-devel-1.6.8-9.EL3.2.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 945e6b9345cc4f23667ac60909b0ef5d
ruby-libs-1.6.8-9.EL3.2.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 056d3fc25714ecf458837e2350f1403e
ruby-mode-1.6.8-9.EL3.2.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: e3c51a8f573f313113ab0de0811c3993
 
IA-64:
ruby-1.6.8-9.EL3.2.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 54124222ea6990ebae5aba4355d9ac70
ruby-devel-1.6.8-9.EL3.2.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 3118ec318e2ff6065e4e598ee07374e3
ruby-libs-1.6.8-9.EL3.2.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 056d3fc25714ecf458837e2350f1403e
ruby-libs-1.6.8-9.EL3.2.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: bc523ead60e9bd104cf55373a9ad3b8c
ruby-mode-1.6.8-9.EL3.2.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: f5c7ade5502b67d1a35c76223de7663c
 
x86_64:
ruby-1.6.8-9.EL3.2.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 3048997bfb6fc66ca6ec6813d2f0aff6
ruby-devel-1.6.8-9.EL3.2.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: b8135ec687a30ca432a67cb383a1e62a
ruby-libs-1.6.8-9.EL3.2.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 056d3fc25714ecf458837e2350f1403e
ruby-libs-1.6.8-9.EL3.2.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 160b4e7a46029a3ccb2ba98fd1a4dd7d
ruby-mode-1.6.8-9.EL3.2.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 8456efd1389a4d322fca5fce518e44a1
 

Bugs fixed (see bugzilla for more information)

130065 - CAN-2004-0755 ruby insecure file permissions


References


Keywords

file, permission


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/