Mandriva 1274 Published by

The Mandriva Security Team published a new security update: MDKSA-2005:191 - Updated ruby packages fix safe level and taint flag protections vulnerability for Mandriva Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: ruby
Advisory ID: MDKSA-2005:191
Date: October 20th, 2005

Affected versions: 10.1, 10.2, 2006.0, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________

Problem Description:

Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented
scripting language, that can cause illegal program code to bypass the safe
level and taint flag protections check and be executed.

The updated packages have been patched to address this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?nameÊN-2005-2337
______________________________________________________________________

Updated Packages:

Mandrivalinux 10.1:
013e98f0b0a09acd8c48b5d438c4e151 10.1/RPMS/ruby-1.8.1-4.4.101mdk.i586.rpm
479e965b6302bd0e74b8699f0a7b9f46 10.1/RPMS/ruby-devel-1.8.1-4.4.101mdk.i586.rpm
b5654a6d4bab0b5a33e3e65fdb8bab52 10.1/RPMS/ruby-doc-1.8.1-4.4.101mdk.i586.rpm
2294bfd6f57ebc2cc6eb353e4a62a4b5 10.1/RPMS/ruby-tk-1.8.1-4.4.101mdk.i586.rpm
5407dfbbb45af31d3ffa53f120773f77 10.1/SRPMS/ruby-1.8.1-4.4.101mdk.src.rpm

Mandrivalinux 10.1/X86_64:
b8347f871a62a176f049cbe010e298ce x86_64/10.1/RPMS/ruby-1.8.1-4.4.101mdk.x86_64.rpm
b9ac7ecba0bc317869795146cf3cc5a4 x86_64/10.1/RPMS/ruby-devel-1.8.1-4.4.101mdk.x86_64.rpm
7803195d658cdf63324f8bf54753018e x86_64/10.1/RPMS/ruby-doc-1.8.1-4.4.101mdk.x86_64.rpm
0f6cb61b12453673ef4a7fb99b6069af x86_64/10.1/RPMS/ruby-tk-1.8.1-4.4.101mdk.x86_64.rpm
5407dfbbb45af31d3ffa53f120773f77 x86_64/10.1/SRPMS/ruby-1.8.1-4.4.101mdk.src.rpm

Mandrivalinux 10.2:
8dacd4429ab40932585f32c446c485c4 10.2/RPMS/ruby-1.8.2-6.2.102mdk.i586.rpm
9bd632d447a4181d23df23b201ed0449 10.2/RPMS/ruby-devel-1.8.2-6.2.102mdk.i586.rpm
2791a34503afa5961322eaf5fc333bd4 10.2/RPMS/ruby-doc-1.8.2-6.2.102mdk.i586.rpm
049930c32634b61b84d9dee864e61aa9 10.2/RPMS/ruby-tk-1.8.2-6.2.102mdk.i586.rpm
dc977cb9732027526dbd44560782efaa 10.2/SRPMS/ruby-1.8.2-6.2.102mdk.src.rpm

Mandrivalinux 10.2/X86_64:
9f6f824fa7aded95ede337b87be9f755 x86_64/10.2/RPMS/ruby-1.8.2-6.2.102mdk.x86_64.rpm
0ad81eece9fc0407edeaadc5022968ea x86_64/10.2/RPMS/ruby-doc-1.8.2-6.2.102mdk.x86_64.rpm
0cbd8c37bb4aea5c10cda8365f7ed24f x86_64/10.2/RPMS/ruby-devel-1.8.2-6.2.102mdk.x86_64.rpm
3f09e472b1cecb61a8678d020011950c x86_64/10.2/RPMS/ruby-tk-1.8.2-6.2.102mdk.x86_64.rpm
dc977cb9732027526dbd44560782efaa x86_64/10.2/SRPMS/ruby-1.8.2-6.2.102mdk.src.rpm

Mandrivalinux 2006.0:
c06382cc5f1a7fc8cc2c40b9711faaf7 2006.0/RPMS/ruby-1.8.2-7.1.20060mdk.i586.rpm
5e9055ac81c54dd7f3890545218e4c45 2006.0/RPMS/ruby-devel-1.8.2-7.1.20060mdk.i586.rpm
cebf1739bb3556133869e7b7e9a00d0a 2006.0/RPMS/ruby-doc-1.8.2-7.1.20060mdk.i586.rpm
98c29d442e747bf59eb7ea9e6827f71b 2006.0/RPMS/ruby-tk-1.8.2-7.1.20060mdk.i586.rpm
097adecc2dd5717d2a680022e45ff0cb 2006.0/SRPMS/ruby-1.8.2-7.1.20060mdk.src.rpm

Mandrivalinux 2006.0/X86_64:
b3bfdeb9f7cfa57a7fa9c3c7f596d56e x86_64/2006.0/RPMS/ruby-1.8.2-7.1.20060mdk.x86_64.rpm
1cb9a200ad2c5164e8b7eff06753af39 x86_64/2006.0/RPMS/ruby-devel-1.8.2-7.1.20060mdk.x86_64.rpm
cff404480732c672d36ca80b8ca1a4ec x86_64/2006.0/RPMS/ruby-doc-1.8.2-7.1.20060mdk.x86_64.rpm
01bb92434b21127244b0fcd452a06251 x86_64/2006.0/RPMS/ruby-tk-1.8.2-7.1.20060mdk.x86_64.rpm
097adecc2dd5717d2a680022e45ff0cb x86_64/2006.0/SRPMS/ruby-1.8.2-7.1.20060mdk.src.rpm

Corporate Server 2.1:
2aa9219b24bbcf8673df418eb373881b corporate/2.1/RPMS/ruby-devel-1.6.7-5.3.C21mdk.i586.rpm
e5b4282401bf2c0794d14b52d7c6c319 corporate/2.1/RPMS/ruby-1.6.7-5.3.C21mdk.i586.rpm
e72d411868d4ca8d7a05ba2e0baee926 corporate/2.1/RPMS/ruby-doc-1.6.7-5.3.C21mdk.i586.rpm
c795d629e28719f7fe1e8a1619805fdc corporate/2.1/RPMS/ruby-tk-1.6.7-5.3.C21mdk.i586.rpm
61457cb16d1b24e1c31a10c687af94ef corporate/2.1/SRPMS/ruby-1.6.7-5.3.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
d477751b1302ec7c5f271fe9597216fa x86_64/corporate/2.1/RPMS/ruby-1.6.7-5.3.C21mdk.x86_64.rpm
b7ac888d722dc6fb8c5b9b9207e34ea3 x86_64/corporate/2.1/RPMS/ruby-devel-1.6.7-5.3.C21mdk.x86_64.rpm
27a29077b76158382c514b965fdf614f x86_64/corporate/2.1/RPMS/ruby-doc-1.6.7-5.3.C21mdk.x86_64.rpm
0e4752d11d67acdabc4561c37c41511e x86_64/corporate/2.1/RPMS/ruby-tk-1.6.7-5.3.C21mdk.x86_64.rpm
61457cb16d1b24e1c31a10c687af94ef x86_64/corporate/2.1/SRPMS/ruby-1.6.7-5.3.C21mdk.src.rpm

Corporate 3.0:
704c24801697727ef0085d6408cc9d11 corporate/3.0/RPMS/ruby-1.8.1-1.4.C30mdk.i586.rpm
6a89e560b9f9ce68ed352cc3409ebf22 corporate/3.0/RPMS/ruby-devel-1.8.1-1.4.C30mdk.i586.rpm
cfcc4c2bf95f4ae6b3a0fb7013b25618 corporate/3.0/RPMS/ruby-doc-1.8.1-1.4.C30mdk.i586.rpm
482e8dcdbedcac577f91c9133647c3cc corporate/3.0/RPMS/ruby-tk-1.8.1-1.4.C30mdk.i586.rpm
a05a8da48327c79254cabaf42a7002d3 corporate/3.0/SRPMS/ruby-1.8.1-1.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
416a775e25eca23fe89314e4f0c1c762 x86_64/corporate/3.0/RPMS/ruby-1.8.1-1.4.C30mdk.x86_64.rpm
9ee750fd72214d68a95e2a45967e4107 x86_64/corporate/3.0/RPMS/ruby-devel-1.8.1-1.4.C30mdk.x86_64.rpm
c4e65ac8d2660883cd6f9bb87b33db61 x86_64/corporate/3.0/RPMS/ruby-doc-1.8.1-1.4.C30mdk.x86_64.rpm
871cb8738de7856ab3d5d0602e3bfa10 x86_64/corporate/3.0/RPMS/ruby-tk-1.8.1-1.4.C30mdk.x86_64.rpm
a05a8da48327c79254cabaf42a7002d3 x86_64/corporate/3.0/SRPMS/ruby-1.8.1-1.4.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDWIoAmqjQ0CJFipgRAmWAAKC2bXtS0hkrz2D8YGR1CPZK1Mb36QCeJ73+
HLz1sPgGs4IBkVKUEn36DsI=
=JLok
-----END PGP SIGNATURE-----