[El-errata] ELSA-2008-0897 Moderate: Enterprise Linux 5 ruby security update

Tue Oct 21 21:31:04 PDT 2008

Enterprise Linux Security Advisory ELSA-2008-0897

https://rhn.redhat.com/errata/RHSA-2008-0897.html

The following updated rpms for Enterprise Linux 5 have been uploaded to 
the Unbreakable Linux Network:

i386:
ruby-1.8.5-5.el5_2.5.i386.rpm
ruby-devel-1.8.5-5.el5_2.5.i386.rpm
ruby-docs-1.8.5-5.el5_2.5.i386.rpm
ruby-irb-1.8.5-5.el5_2.5.i386.rpm
ruby-libs-1.8.5-5.el5_2.5.i386.rpm
ruby-mode-1.8.5-5.el5_2.5.i386.rpm
ruby-rdoc-1.8.5-5.el5_2.5.i386.rpm
ruby-ri-1.8.5-5.el5_2.5.i386.rpm
ruby-tcltk-1.8.5-5.el5_2.5.i386.rpm

x86_64:
ruby-1.8.5-5.el5_2.5.x86_64.rpm
ruby-devel-1.8.5-5.el5_2.5.i386.rpm
ruby-devel-1.8.5-5.el5_2.5.x86_64.rpm
ruby-docs-1.8.5-5.el5_2.5.x86_64.rpm
ruby-irb-1.8.5-5.el5_2.5.x86_64.rpm
ruby-libs-1.8.5-5.el5_2.5.i386.rpm
ruby-libs-1.8.5-5.el5_2.5.x86_64.rpm
ruby-mode-1.8.5-5.el5_2.5.x86_64.rpm
ruby-rdoc-1.8.5-5.el5_2.5.x86_64.rpm
ruby-ri-1.8.5-5.el5_2.5.x86_64.rpm
ruby-tcltk-1.8.5-5.el5_2.5.x86_64.rpm

SRPMS:
http://oss.oracle.com/el5/SRPMS-updates/ruby-1.8.5-5.el5_2.5.src.rpm

Description of changes:

[1.8.5-5.el5_2.5]
- Build with -fno-strict-aliasing.

[1.8.5-5.el5_2.4]
- security fixes. (#461590)
- CVE-2008-3655: multiple insufficient safe mode restrictions.
- CVE-2008-3656: WEBrick DoS vulnerability (CPU consumption).
- CVE-2008-3657: missing "taintness" checks in dl module.
- CVE-2008-3905: use of predictable source port and transaction id in DNS
                 requests done by resolv.rb module.
- CVE-2008-3443: Memory allocation failure in Ruby regex engine
                 (remotely exploitable DoS).
- CVE-2008-3790: DoS vulnerability in the REXML module.