Skip to navigation

Security Advisory ruby security update

Advisory: RHSA-2005:543-08
Type: Security Advisory
Severity: Moderate
Issued on: 2005-08-05
Last updated on: 2005-08-05
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-1992

Details

Updated ruby packages that fix an arbitrary command execution issue are now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Ruby is an interpreted scripting language for object-oriented programming.

A bug was found in the way Ruby launched an XMLRPC server. If an XMLRPC
server is launched in a certain way, it becomes possible for a remote
attacker to execute arbitrary commands within the XMLRPC server. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-1992 to this issue.

Users of Ruby should update to these erratum packages, which contain a
backported patch and are not vulnerable to this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
ruby-1.8.1-7.EL4.1.src.rpm
File outdated by:  RHSA-2012:0070
    MD5: 31372062f0d881ce2c91e2d187b029d5
 
IA-32:
irb-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: b9ab29ce32e70dd5471de91560bdd4f6
ruby-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: eba2cc72188020b2b9bbc5bbde939bb8
ruby-devel-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: 4257ac1ab4709dfa464f81054bd12c39
ruby-docs-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: dedecf5621f2859495d52f0b02282841
ruby-libs-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: f7ed1bed02b2f79fe4cd097dc567a2c7
ruby-mode-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: c380cbac78da65fbb897c646cb3b5459
ruby-tcltk-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: e9e56dd4415929b52a4c90d6839659b9
 
x86_64:
irb-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: bc12397f3bb00edddf14f64f74ab67ba
ruby-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: b26063e6a2aa63710e6944d5bb79b453
ruby-devel-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 427f4782a84142f57a1af1b7c61cdf9d
ruby-docs-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: f0c0d0ea9a30b3d3f66dfd8373e9b499
ruby-libs-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: f7ed1bed02b2f79fe4cd097dc567a2c7
ruby-libs-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 1725ca62b635102dfcbb093227acb20c
ruby-mode-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 8cc745ce2f953090fb82ba0b85a0b63c
ruby-tcltk-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 4bb79c1c55987a45937382465bc4522f
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
ruby-1.8.1-7.EL4.1.src.rpm
File outdated by:  RHSA-2012:0070
    MD5: 31372062f0d881ce2c91e2d187b029d5
 
IA-32:
irb-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: b9ab29ce32e70dd5471de91560bdd4f6
ruby-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: eba2cc72188020b2b9bbc5bbde939bb8
ruby-devel-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: 4257ac1ab4709dfa464f81054bd12c39
ruby-docs-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: dedecf5621f2859495d52f0b02282841
ruby-libs-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: f7ed1bed02b2f79fe4cd097dc567a2c7
ruby-mode-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: c380cbac78da65fbb897c646cb3b5459
ruby-tcltk-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: e9e56dd4415929b52a4c90d6839659b9
 
IA-64:
irb-1.8.1-7.EL4.1.ia64.rpm
File outdated by:  RHSA-2012:0070
    MD5: ed8843b0bfe19091e0c533d8db33196c
ruby-1.8.1-7.EL4.1.ia64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 4c5ce3e8cbb7c57cee6f66849fc763cc
ruby-devel-1.8.1-7.EL4.1.ia64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 34e76823bfaeda823383bde64d0df4e0
ruby-docs-1.8.1-7.EL4.1.ia64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 21647391f11e72744b0be03dc8028602
ruby-libs-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: f7ed1bed02b2f79fe4cd097dc567a2c7
ruby-libs-1.8.1-7.EL4.1.ia64.rpm
File outdated by:  RHSA-2012:0070
    MD5: b4073db97e76467866f7d85a45765595
ruby-mode-1.8.1-7.EL4.1.ia64.rpm
File outdated by:  RHSA-2012:0070
    MD5: fa21b028a1b2a5799def731cb846b344
ruby-tcltk-1.8.1-7.EL4.1.ia64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 193f81cc54cf1227b139a6e5ac119ea6
 
PPC:
irb-1.8.1-7.EL4.1.ppc.rpm
File outdated by:  RHSA-2012:0070
    MD5: beb4d0fdf8d2f5f38651eba62dd6ba9e
ruby-1.8.1-7.EL4.1.ppc.rpm
File outdated by:  RHSA-2012:0070
    MD5: d8ed91625d984f15bd6c9b352e54aaec
ruby-devel-1.8.1-7.EL4.1.ppc.rpm
File outdated by:  RHSA-2012:0070
    MD5: cc105ec506abbd823bf8dc80fb7cec08
ruby-docs-1.8.1-7.EL4.1.ppc.rpm
File outdated by:  RHSA-2012:0070
    MD5: 51920db16a6ee64764898987d2026448
ruby-libs-1.8.1-7.EL4.1.ppc.rpm
File outdated by:  RHSA-2012:0070
    MD5: b0c61ce2d92fc642e9b6d52c66e8040e
ruby-libs-1.8.1-7.EL4.1.ppc64.rpm
File outdated by:  RHSA-2012:0070
    MD5: a46badf51f3138a6620391f246729b0f
ruby-mode-1.8.1-7.EL4.1.ppc.rpm
File outdated by:  RHSA-2012:0070
    MD5: 25c298da4b472459db1fc2b40c8db701
ruby-tcltk-1.8.1-7.EL4.1.ppc.rpm
File outdated by:  RHSA-2012:0070
    MD5: 60271fc79cbdff10cf5cb1ef722a39bd
 
s390:
irb-1.8.1-7.EL4.1.s390.rpm
File outdated by:  RHSA-2012:0070
    MD5: 04aa2db064a7a762e5389b235b5daa91
ruby-1.8.1-7.EL4.1.s390.rpm
File outdated by:  RHSA-2012:0070
    MD5: f72f12eed8b173cb92bb511b1dbf3302
ruby-devel-1.8.1-7.EL4.1.s390.rpm
File outdated by:  RHSA-2012:0070
    MD5: 6f86c9e7b69193900f580ede127b60b2
ruby-docs-1.8.1-7.EL4.1.s390.rpm
File outdated by:  RHSA-2012:0070
    MD5: 0b7143547b88db11492d4864cb701880
ruby-libs-1.8.1-7.EL4.1.s390.rpm
File outdated by:  RHSA-2012:0070
    MD5: 243c6aaea67f84a658fab8b8c31244db
ruby-mode-1.8.1-7.EL4.1.s390.rpm
File outdated by:  RHSA-2012:0070
    MD5: 40cdfa4be97de9aad1a6a9da689c059a
ruby-tcltk-1.8.1-7.EL4.1.s390.rpm
File outdated by:  RHSA-2012:0070
    MD5: f2e934e2ebfdf5a6191106aec522a892
 
s390x:
irb-1.8.1-7.EL4.1.s390x.rpm
File outdated by:  RHSA-2012:0070
    MD5: 11a8a4d354b51334138a0ea477bb4fd7
ruby-1.8.1-7.EL4.1.s390x.rpm
File outdated by:  RHSA-2012:0070
    MD5: f02bb4e23c656ab468d1537c1190a61c
ruby-devel-1.8.1-7.EL4.1.s390x.rpm
File outdated by:  RHSA-2012:0070
    MD5: 63139e897479ddaf3e054e59fcd08526
ruby-docs-1.8.1-7.EL4.1.s390x.rpm
File outdated by:  RHSA-2012:0070
    MD5: 3e6448faa84b800efa597db361263727
ruby-libs-1.8.1-7.EL4.1.s390.rpm
File outdated by:  RHSA-2012:0070
    MD5: 243c6aaea67f84a658fab8b8c31244db
ruby-libs-1.8.1-7.EL4.1.s390x.rpm
File outdated by:  RHSA-2012:0070
    MD5: cc7f3c4f5c0435cc6120a12781b2d5d4
ruby-mode-1.8.1-7.EL4.1.s390x.rpm
File outdated by:  RHSA-2012:0070
    MD5: c9ea680fbc08965381d30fe5bb471da0
ruby-tcltk-1.8.1-7.EL4.1.s390x.rpm
File outdated by:  RHSA-2012:0070
    MD5: 295e384de3ce95eb0f0bcdaeda286d8d
 
x86_64:
irb-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: bc12397f3bb00edddf14f64f74ab67ba
ruby-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: b26063e6a2aa63710e6944d5bb79b453
ruby-devel-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 427f4782a84142f57a1af1b7c61cdf9d
ruby-docs-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: f0c0d0ea9a30b3d3f66dfd8373e9b499
ruby-libs-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: f7ed1bed02b2f79fe4cd097dc567a2c7
ruby-libs-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 1725ca62b635102dfcbb093227acb20c
ruby-mode-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 8cc745ce2f953090fb82ba0b85a0b63c
ruby-tcltk-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 4bb79c1c55987a45937382465bc4522f
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
ruby-1.8.1-7.EL4.1.src.rpm
File outdated by:  RHSA-2012:0070
    MD5: 31372062f0d881ce2c91e2d187b029d5
 
IA-32:
irb-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: b9ab29ce32e70dd5471de91560bdd4f6
ruby-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: eba2cc72188020b2b9bbc5bbde939bb8
ruby-devel-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: 4257ac1ab4709dfa464f81054bd12c39
ruby-docs-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: dedecf5621f2859495d52f0b02282841
ruby-libs-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: f7ed1bed02b2f79fe4cd097dc567a2c7
ruby-mode-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: c380cbac78da65fbb897c646cb3b5459
ruby-tcltk-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: e9e56dd4415929b52a4c90d6839659b9
 
IA-64:
irb-1.8.1-7.EL4.1.ia64.rpm
File outdated by:  RHSA-2012:0070
    MD5: ed8843b0bfe19091e0c533d8db33196c
ruby-1.8.1-7.EL4.1.ia64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 4c5ce3e8cbb7c57cee6f66849fc763cc
ruby-devel-1.8.1-7.EL4.1.ia64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 34e76823bfaeda823383bde64d0df4e0
ruby-docs-1.8.1-7.EL4.1.ia64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 21647391f11e72744b0be03dc8028602
ruby-libs-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: f7ed1bed02b2f79fe4cd097dc567a2c7
ruby-libs-1.8.1-7.EL4.1.ia64.rpm
File outdated by:  RHSA-2012:0070
    MD5: b4073db97e76467866f7d85a45765595
ruby-mode-1.8.1-7.EL4.1.ia64.rpm
File outdated by:  RHSA-2012:0070
    MD5: fa21b028a1b2a5799def731cb846b344
ruby-tcltk-1.8.1-7.EL4.1.ia64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 193f81cc54cf1227b139a6e5ac119ea6
 
x86_64:
irb-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: bc12397f3bb00edddf14f64f74ab67ba
ruby-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: b26063e6a2aa63710e6944d5bb79b453
ruby-devel-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 427f4782a84142f57a1af1b7c61cdf9d
ruby-docs-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: f0c0d0ea9a30b3d3f66dfd8373e9b499
ruby-libs-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: f7ed1bed02b2f79fe4cd097dc567a2c7
ruby-libs-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 1725ca62b635102dfcbb093227acb20c
ruby-mode-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 8cc745ce2f953090fb82ba0b85a0b63c
ruby-tcltk-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 4bb79c1c55987a45937382465bc4522f
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
ruby-1.8.1-7.EL4.1.src.rpm
File outdated by:  RHSA-2012:0070
    MD5: 31372062f0d881ce2c91e2d187b029d5
 
IA-32:
irb-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: b9ab29ce32e70dd5471de91560bdd4f6
ruby-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: eba2cc72188020b2b9bbc5bbde939bb8
ruby-devel-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: 4257ac1ab4709dfa464f81054bd12c39
ruby-docs-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: dedecf5621f2859495d52f0b02282841
ruby-libs-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: f7ed1bed02b2f79fe4cd097dc567a2c7
ruby-mode-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: c380cbac78da65fbb897c646cb3b5459
ruby-tcltk-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: e9e56dd4415929b52a4c90d6839659b9
 
IA-64:
irb-1.8.1-7.EL4.1.ia64.rpm
File outdated by:  RHSA-2012:0070
    MD5: ed8843b0bfe19091e0c533d8db33196c
ruby-1.8.1-7.EL4.1.ia64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 4c5ce3e8cbb7c57cee6f66849fc763cc
ruby-devel-1.8.1-7.EL4.1.ia64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 34e76823bfaeda823383bde64d0df4e0
ruby-docs-1.8.1-7.EL4.1.ia64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 21647391f11e72744b0be03dc8028602
ruby-libs-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: f7ed1bed02b2f79fe4cd097dc567a2c7
ruby-libs-1.8.1-7.EL4.1.ia64.rpm
File outdated by:  RHSA-2012:0070
    MD5: b4073db97e76467866f7d85a45765595
ruby-mode-1.8.1-7.EL4.1.ia64.rpm
File outdated by:  RHSA-2012:0070
    MD5: fa21b028a1b2a5799def731cb846b344
ruby-tcltk-1.8.1-7.EL4.1.ia64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 193f81cc54cf1227b139a6e5ac119ea6
 
x86_64:
irb-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: bc12397f3bb00edddf14f64f74ab67ba
ruby-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: b26063e6a2aa63710e6944d5bb79b453
ruby-devel-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 427f4782a84142f57a1af1b7c61cdf9d
ruby-docs-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: f0c0d0ea9a30b3d3f66dfd8373e9b499
ruby-libs-1.8.1-7.EL4.1.i386.rpm
File outdated by:  RHSA-2012:0070
    MD5: f7ed1bed02b2f79fe4cd097dc567a2c7
ruby-libs-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 1725ca62b635102dfcbb093227acb20c
ruby-mode-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 8cc745ce2f953090fb82ba0b85a0b63c
ruby-tcltk-1.8.1-7.EL4.1.x86_64.rpm
File outdated by:  RHSA-2012:0070
    MD5: 4bb79c1c55987a45937382465bc4522f
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

161095 - CAN-2005-1992 ruby arbitrary command execution on XMLRPC server


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/