Skip to navigation

Security Advisory Moderate: ruby security update

Advisory: RHSA-2008:0562-5
Type: Security Advisory
Severity: Moderate
Issued on: 2008-07-14
Last updated on: 2008-07-14
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
CVEs (cve.mitre.org): CVE-2006-6303
CVE-2008-2376
CVE-2008-2663
CVE-2008-2664
CVE-2008-2725
CVE-2008-2726

Details

Updated ruby packages that fix several security issues are now available
for Red Hat Enterprise Linux 2.1 and 3.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Ruby is an interpreted scripting language for quick and easy
object-oriented programming.

Multiple integer overflows leading to a heap overflow were discovered in
the array- and string-handling code used by Ruby. An attacker could use
these flaws to crash a Ruby application or, possibly, execute arbitrary
code with the privileges of the Ruby application using untrusted inputs in
array or string operations. (CVE-2008-2376, CVE-2008-2663, CVE-2008-2725,
CVE-2008-2726)

It was discovered that Ruby used the alloca() memory allocation function in
the format (%) method of the String class without properly restricting
maximum string length. An attacker could use this flaw to crash a Ruby
application or, possibly, execute arbitrary code with the privileges of the
Ruby application using long, untrusted strings as format strings.
(CVE-2008-2664)

Red Hat would like to thank Drew Yao of the Apple Product Security team for
reporting these issues.

A flaw was discovered in the way Ruby's CGI module handles certain HTTP
requests. A remote attacker could send a specially crafted request and
cause the Ruby CGI script to enter an infinite loop, possibly causing a
denial of service. (CVE-2006-6303)

Users of Ruby should upgrade to these updated packages, which contain a
backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 3)

IA-32:
irb-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: fad84b291a85db6a8d8c1c46201f4aa5
ruby-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 1180178152afb9e7aa974dd9b5eaa520
ruby-devel-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 63f61f2df98638e69f66f3d0e4c850a7
ruby-docs-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 90f1e654d58903b44d9a4a14d83f38f2
ruby-libs-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 9b09c94c4b27fdb1d1452166a413ed5d
ruby-mode-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: df54d3f20b4b8c6afc6a5a09d7636d7a
ruby-tcltk-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: e5a2243d184e0918e5d98d283dcdabcf
 
x86_64:
irb-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 59c2dd1357009f38acfc00f8c0fa546b
ruby-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 56ba994b113ebc1f9daadaef3d9908c4
ruby-devel-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 821edab6e6e355751136b52448cf75c7
ruby-docs-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 13a2c4e5801293a1235412de15f5180c
ruby-libs-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 9b09c94c4b27fdb1d1452166a413ed5d
ruby-libs-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 7e74ffc4facc5fa900ceccbb0819268b
ruby-mode-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: fa69157de507fbb05adccfcde0af7584
ruby-tcltk-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 361762125f2f9fda0b9e19080150b7e2
 
Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
ruby-1.6.4-6.el2.src.rpm
File outdated by:  RHSA-2008:0895
    MD5: e69244e9215017ff8f1dfd5669400a8b
 
IA-32:
irb-1.6.4-6.el2.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 0133f32db9a79b90363eced9aff7e8a5
ruby-1.6.4-6.el2.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 319cfd9d2f10708f7c2eedab2e800ed3
ruby-devel-1.6.4-6.el2.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 2a5a0fb0129cb9201663a9c3f946f5d9
ruby-docs-1.6.4-6.el2.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: d55e075a14785400ed555506bcb5d7d4
ruby-libs-1.6.4-6.el2.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 01f6319980f4c91763cd1043859d3d7f
ruby-tcltk-1.6.4-6.el2.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 2fe3c36103eb9e987b47014c8d0e14c5
 
Red Hat Enterprise Linux AS (v. 3)

IA-32:
irb-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: fad84b291a85db6a8d8c1c46201f4aa5
ruby-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 1180178152afb9e7aa974dd9b5eaa520
ruby-devel-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 63f61f2df98638e69f66f3d0e4c850a7
ruby-docs-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 90f1e654d58903b44d9a4a14d83f38f2
ruby-libs-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 9b09c94c4b27fdb1d1452166a413ed5d
ruby-mode-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: df54d3f20b4b8c6afc6a5a09d7636d7a
ruby-tcltk-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: e5a2243d184e0918e5d98d283dcdabcf
 
IA-64:
irb-1.6.8-12.el3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 07b84938a1375a44675401753e3caeab
ruby-1.6.8-12.el3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: ea7f887ca70f5daf8f483d3d76c22e78
ruby-devel-1.6.8-12.el3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 6df87f66ae3da7b8b92bdacf6096220a
ruby-docs-1.6.8-12.el3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: a02539960ce043c28aff7e5e53a6c10d
ruby-libs-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 9b09c94c4b27fdb1d1452166a413ed5d
ruby-libs-1.6.8-12.el3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 927bc29954d0dcbf33de45fc6cfc5315
ruby-mode-1.6.8-12.el3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 23a3ed272e49d65d483edca9acc83d4b
ruby-tcltk-1.6.8-12.el3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: e67585d34a8cd0b2fc5c4b72dbe98d26
 
PPC:
irb-1.6.8-12.el3.ppc.rpm
File outdated by:  RHSA-2008:0896
    MD5: 65dadb67122a57a44efb4e5ca5123a79
ruby-1.6.8-12.el3.ppc.rpm
File outdated by:  RHSA-2008:0896
    MD5: 0e4c36b4c4487c0740ddd16a8b68cb54
ruby-devel-1.6.8-12.el3.ppc.rpm
File outdated by:  RHSA-2008:0896
    MD5: 4b1885d4fd383b5ac0400ed8555a52f4
ruby-docs-1.6.8-12.el3.ppc.rpm
File outdated by:  RHSA-2008:0896
    MD5: 0ea83447b611fb0718ddf483945c5045
ruby-libs-1.6.8-12.el3.ppc.rpm
File outdated by:  RHSA-2008:0896
    MD5: 46df0c67367a18c826c6e04c7c24ffd8
ruby-libs-1.6.8-12.el3.ppc64.rpm
File outdated by:  RHSA-2008:0896
    MD5: a13f971513c38072f214d6a8ddfde23f
ruby-mode-1.6.8-12.el3.ppc.rpm
File outdated by:  RHSA-2008:0896
    MD5: 275c5d9308b0951f5e213b512715e1d9
ruby-tcltk-1.6.8-12.el3.ppc.rpm
File outdated by:  RHSA-2008:0896
    MD5: 02ae9f7963c2ed952637b75e6ae84d48
 
s390:
irb-1.6.8-12.el3.s390.rpm
File outdated by:  RHSA-2008:0896
    MD5: 1e2d50b9ca332331ef2d7ec3c02f0a55
ruby-1.6.8-12.el3.s390.rpm
File outdated by:  RHSA-2008:0896
    MD5: d9e4487edc141930bf1ba947edf43561
ruby-devel-1.6.8-12.el3.s390.rpm
File outdated by:  RHSA-2008:0896
    MD5: a3fb20c4251f2f441bbb19bd7c1b9fdc
ruby-docs-1.6.8-12.el3.s390.rpm
File outdated by:  RHSA-2008:0896
    MD5: 05376edfbc20c5d17b4c7ff6b598b9cf
ruby-libs-1.6.8-12.el3.s390.rpm
File outdated by:  RHSA-2008:0896
    MD5: 35e30f9f8b48dd6c567e715e89c7282d
ruby-mode-1.6.8-12.el3.s390.rpm
File outdated by:  RHSA-2008:0896
    MD5: f46e956c877f0451b05603849b334577
ruby-tcltk-1.6.8-12.el3.s390.rpm
File outdated by:  RHSA-2008:0896
    MD5: 513ba54ef7efeee02048c656a9ebf465
 
s390x:
irb-1.6.8-12.el3.s390x.rpm
File outdated by:  RHSA-2008:0896
    MD5: cc704f2bb1f0d54f603699cd8a10e452
ruby-1.6.8-12.el3.s390x.rpm
File outdated by:  RHSA-2008:0896
    MD5: 62f94a1c00d98a8c92c3f4b65071e9b2
ruby-devel-1.6.8-12.el3.s390x.rpm
File outdated by:  RHSA-2008:0896
    MD5: c0c9fac5e32470c2ae0c74d2661c43fb
ruby-docs-1.6.8-12.el3.s390x.rpm
File outdated by:  RHSA-2008:0896
    MD5: fd32fb4e50a73fef7af1a5c5e49c0939
ruby-libs-1.6.8-12.el3.s390.rpm
File outdated by:  RHSA-2008:0896
    MD5: 35e30f9f8b48dd6c567e715e89c7282d
ruby-libs-1.6.8-12.el3.s390x.rpm
File outdated by:  RHSA-2008:0896
    MD5: ae6225bfe7ef5d13fb54fea605a5c7c1
ruby-mode-1.6.8-12.el3.s390x.rpm
File outdated by:  RHSA-2008:0896
    MD5: d7a3ac114dca0dea7414d5937d37116e
ruby-tcltk-1.6.8-12.el3.s390x.rpm
File outdated by:  RHSA-2008:0896
    MD5: 3e4923bae5cd29a5e8e85987ad6f181a
 
x86_64:
irb-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 59c2dd1357009f38acfc00f8c0fa546b
ruby-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 56ba994b113ebc1f9daadaef3d9908c4
ruby-devel-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 821edab6e6e355751136b52448cf75c7
ruby-docs-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 13a2c4e5801293a1235412de15f5180c
ruby-libs-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 9b09c94c4b27fdb1d1452166a413ed5d
ruby-libs-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 7e74ffc4facc5fa900ceccbb0819268b
ruby-mode-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: fa69157de507fbb05adccfcde0af7584
ruby-tcltk-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 361762125f2f9fda0b9e19080150b7e2
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
ruby-1.6.4-6.el2.src.rpm
File outdated by:  RHSA-2008:0895
    MD5: e69244e9215017ff8f1dfd5669400a8b
 
IA-32:
irb-1.6.4-6.el2.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 0133f32db9a79b90363eced9aff7e8a5
ruby-1.6.4-6.el2.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 319cfd9d2f10708f7c2eedab2e800ed3
ruby-devel-1.6.4-6.el2.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 2a5a0fb0129cb9201663a9c3f946f5d9
ruby-docs-1.6.4-6.el2.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: d55e075a14785400ed555506bcb5d7d4
ruby-libs-1.6.4-6.el2.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 01f6319980f4c91763cd1043859d3d7f
ruby-tcltk-1.6.4-6.el2.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 2fe3c36103eb9e987b47014c8d0e14c5
 
Red Hat Enterprise Linux ES (v. 3)

IA-32:
irb-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: fad84b291a85db6a8d8c1c46201f4aa5
ruby-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 1180178152afb9e7aa974dd9b5eaa520
ruby-devel-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 63f61f2df98638e69f66f3d0e4c850a7
ruby-docs-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 90f1e654d58903b44d9a4a14d83f38f2
ruby-libs-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 9b09c94c4b27fdb1d1452166a413ed5d
ruby-mode-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: df54d3f20b4b8c6afc6a5a09d7636d7a
ruby-tcltk-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: e5a2243d184e0918e5d98d283dcdabcf
 
IA-64:
irb-1.6.8-12.el3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 07b84938a1375a44675401753e3caeab
ruby-1.6.8-12.el3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: ea7f887ca70f5daf8f483d3d76c22e78
ruby-devel-1.6.8-12.el3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 6df87f66ae3da7b8b92bdacf6096220a
ruby-docs-1.6.8-12.el3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: a02539960ce043c28aff7e5e53a6c10d
ruby-libs-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 9b09c94c4b27fdb1d1452166a413ed5d
ruby-libs-1.6.8-12.el3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 927bc29954d0dcbf33de45fc6cfc5315
ruby-mode-1.6.8-12.el3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 23a3ed272e49d65d483edca9acc83d4b
ruby-tcltk-1.6.8-12.el3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: e67585d34a8cd0b2fc5c4b72dbe98d26
 
x86_64:
irb-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 59c2dd1357009f38acfc00f8c0fa546b
ruby-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 56ba994b113ebc1f9daadaef3d9908c4
ruby-devel-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 821edab6e6e355751136b52448cf75c7
ruby-docs-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 13a2c4e5801293a1235412de15f5180c
ruby-libs-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 9b09c94c4b27fdb1d1452166a413ed5d
ruby-libs-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 7e74ffc4facc5fa900ceccbb0819268b
ruby-mode-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: fa69157de507fbb05adccfcde0af7584
ruby-tcltk-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 361762125f2f9fda0b9e19080150b7e2
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
ruby-1.6.4-6.el2.src.rpm
File outdated by:  RHSA-2008:0895
    MD5: e69244e9215017ff8f1dfd5669400a8b
 
IA-32:
irb-1.6.4-6.el2.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 0133f32db9a79b90363eced9aff7e8a5
ruby-1.6.4-6.el2.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 319cfd9d2f10708f7c2eedab2e800ed3
ruby-devel-1.6.4-6.el2.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 2a5a0fb0129cb9201663a9c3f946f5d9
ruby-docs-1.6.4-6.el2.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: d55e075a14785400ed555506bcb5d7d4
ruby-libs-1.6.4-6.el2.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 01f6319980f4c91763cd1043859d3d7f
ruby-tcltk-1.6.4-6.el2.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 2fe3c36103eb9e987b47014c8d0e14c5
 
Red Hat Enterprise Linux WS (v. 3)

IA-32:
irb-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: fad84b291a85db6a8d8c1c46201f4aa5
ruby-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 1180178152afb9e7aa974dd9b5eaa520
ruby-devel-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 63f61f2df98638e69f66f3d0e4c850a7
ruby-docs-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 90f1e654d58903b44d9a4a14d83f38f2
ruby-libs-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 9b09c94c4b27fdb1d1452166a413ed5d
ruby-mode-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: df54d3f20b4b8c6afc6a5a09d7636d7a
ruby-tcltk-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: e5a2243d184e0918e5d98d283dcdabcf
 
IA-64:
irb-1.6.8-12.el3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 07b84938a1375a44675401753e3caeab
ruby-1.6.8-12.el3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: ea7f887ca70f5daf8f483d3d76c22e78
ruby-devel-1.6.8-12.el3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 6df87f66ae3da7b8b92bdacf6096220a
ruby-docs-1.6.8-12.el3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: a02539960ce043c28aff7e5e53a6c10d
ruby-libs-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 9b09c94c4b27fdb1d1452166a413ed5d
ruby-libs-1.6.8-12.el3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 927bc29954d0dcbf33de45fc6cfc5315
ruby-mode-1.6.8-12.el3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 23a3ed272e49d65d483edca9acc83d4b
ruby-tcltk-1.6.8-12.el3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: e67585d34a8cd0b2fc5c4b72dbe98d26
 
x86_64:
irb-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 59c2dd1357009f38acfc00f8c0fa546b
ruby-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 56ba994b113ebc1f9daadaef3d9908c4
ruby-devel-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 821edab6e6e355751136b52448cf75c7
ruby-docs-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 13a2c4e5801293a1235412de15f5180c
ruby-libs-1.6.8-12.el3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 9b09c94c4b27fdb1d1452166a413ed5d
ruby-libs-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 7e74ffc4facc5fa900ceccbb0819268b
ruby-mode-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: fa69157de507fbb05adccfcde0af7584
ruby-tcltk-1.6.8-12.el3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 361762125f2f9fda0b9e19080150b7e2
 

Bugs fixed (see bugzilla for more information)

218287 - CVE-2006-6303 ruby's cgi.rb vulnerable infinite loop DoS
450825 - CVE-2008-2663 ruby: Integer overflows in rb_ary_store()
450834 - CVE-2008-2664 ruby: Unsafe use of alloca in rb_str_format()
451821 - CVE-2008-2725 ruby: integer overflow in rb_ary_splice/update/replace() - REALLOC_N
451828 - CVE-2008-2726 ruby: integer overflow in rb_ary_splice/update/replace() - beg + rlen
453589 - CVE-2008-2376 ruby: integer overflows in rb_ary_fill() / Array#fill


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/