[El-errata] ELSA-2008-0897 Moderate: Enterprise Linux 5 ruby security update
Errata Announcements for Enterprise Linux
el-errata at oss.oracle.com
Tue Oct 21 21:31:04 PDT 2008
Enterprise Linux Security Advisory ELSA-2008-0897
https://rhn.redhat.com/errata/RHSA-2008-0897.html
The following updated rpms for Enterprise Linux 5 have been uploaded to
the Unbreakable Linux Network:
i386:
ruby-1.8.5-5.el5_2.5.i386.rpm
ruby-devel-1.8.5-5.el5_2.5.i386.rpm
ruby-docs-1.8.5-5.el5_2.5.i386.rpm
ruby-irb-1.8.5-5.el5_2.5.i386.rpm
ruby-libs-1.8.5-5.el5_2.5.i386.rpm
ruby-mode-1.8.5-5.el5_2.5.i386.rpm
ruby-rdoc-1.8.5-5.el5_2.5.i386.rpm
ruby-ri-1.8.5-5.el5_2.5.i386.rpm
ruby-tcltk-1.8.5-5.el5_2.5.i386.rpm
x86_64:
ruby-1.8.5-5.el5_2.5.x86_64.rpm
ruby-devel-1.8.5-5.el5_2.5.i386.rpm
ruby-devel-1.8.5-5.el5_2.5.x86_64.rpm
ruby-docs-1.8.5-5.el5_2.5.x86_64.rpm
ruby-irb-1.8.5-5.el5_2.5.x86_64.rpm
ruby-libs-1.8.5-5.el5_2.5.i386.rpm
ruby-libs-1.8.5-5.el5_2.5.x86_64.rpm
ruby-mode-1.8.5-5.el5_2.5.x86_64.rpm
ruby-rdoc-1.8.5-5.el5_2.5.x86_64.rpm
ruby-ri-1.8.5-5.el5_2.5.x86_64.rpm
ruby-tcltk-1.8.5-5.el5_2.5.x86_64.rpm
SRPMS:
http://oss.oracle.com/el5/SRPMS-updates/ruby-1.8.5-5.el5_2.5.src.rpm
Description of changes:
[1.8.5-5.el5_2.5]
- Build with -fno-strict-aliasing.
[1.8.5-5.el5_2.4]
- security fixes. (#461590)
- CVE-2008-3655: multiple insufficient safe mode restrictions.
- CVE-2008-3656: WEBrick DoS vulnerability (CPU consumption).
- CVE-2008-3657: missing "taintness" checks in dl module.
- CVE-2008-3905: use of predictable source port and transaction id in DNS
requests done by resolv.rb module.
- CVE-2008-3443: Memory allocation failure in Ruby regex engine
(remotely exploitable DoS).
- CVE-2008-3790: DoS vulnerability in the REXML module.
More information about the El-errata
mailing list