[El-errata] ELSA-2008-0897 Moderate: Enterprise Linux 4 ruby security update

Tue Oct 21 21:31:43 PDT 2008

Enterprise Linux Security Advisory ELSA-2008-0897

https://rhn.redhat.com/errata/RHSA-2008-0897.html

The following updated rpms for Enterprise Linux 4 have been uploaded to 
the Unbreakable Linux Network:

i386:
irb-1.8.1-7.0.1.el4_7.1.i386.rpm
ruby-1.8.1-7.0.1.el4_7.1.i386.rpm
ruby-devel-1.8.1-7.0.1.el4_7.1.i386.rpm
ruby-docs-1.8.1-7.0.1.el4_7.1.i386.rpm
ruby-libs-1.8.1-7.0.1.el4_7.1.i386.rpm
ruby-mode-1.8.1-7.0.1.el4_7.1.i386.rpm
ruby-tcltk-1.8.1-7.0.1.el4_7.1.i386.rpm

x86_64:
irb-1.8.1-7.0.1.el4_7.1.x86_64.rpm
ruby-1.8.1-7.0.1.el4_7.1.x86_64.rpm
ruby-devel-1.8.1-7.0.1.el4_7.1.x86_64.rpm
ruby-docs-1.8.1-7.0.1.el4_7.1.x86_64.rpm
ruby-libs-1.8.1-7.0.1.el4_7.1.i386.rpm
ruby-libs-1.8.1-7.0.1.el4_7.1.x86_64.rpm
ruby-mode-1.8.1-7.0.1.el4_7.1.x86_64.rpm
ruby-tcltk-1.8.1-7.0.1.el4_7.1.x86_64.rpm

ia64:
irb-1.8.1-7.0.1.el4_7.1.ia64.rpm
ruby-1.8.1-7.0.1.el4_7.1.ia64.rpm
ruby-devel-1.8.1-7.0.1.el4_7.1.ia64.rpm
ruby-docs-1.8.1-7.0.1.el4_7.1.ia64.rpm
ruby-libs-1.8.1-7.0.1.el4_7.1.i386.rpm
ruby-libs-1.8.1-7.0.1.el4_7.1.ia64.rpm
ruby-mode-1.8.1-7.0.1.el4_7.1.ia64.rpm
ruby-tcltk-1.8.1-7.0.1.el4_7.1.ia64.rpm

SRPMS:
http://oss.oracle.com/el4/SRPMS-updates/ruby-1.8.1-7.0.1.el4_7.1.src.rpm

Description of changes:

[1.8.1-7.0.1.el4_7.1]
- Update release and rebuild to be latest on ULN channel

[1.8.1-7.el4_7.1]
- security fixes. (#461579)
- CVE-2008-3655: multiple insufficient safe mode restrictions.
- CVE-2008-3656: WEBrick DoS vulnerability (CPU consumption).
- CVE-2008-3657: missing "taintness" checks in dl module.
- CVE-2008-3905: use of predictable source port and transaction id in DNS
                 requests done by resolv.rb module.
- CVE-2008-3443: Memory allocation failure in Ruby regex engine
                 (remotely exploitable DoS).
- CVE-2008-3790: DoS vulnerability in the REXML module.