Описание
ELSA-2011-1581: ruby security, bug fix, and enhancement update (LOW)
[1.8.7.352-3]
- mkconfig.rb: fix for continued lines.
- ruby-1.8.7-p352-mkconfig.rb-fix-for-continued-lines.patch
- Resolves: rhbz#730287
[1.8.7.352-2]
- Fix of ruby interpreter crash in FIPS mode.
- ruby-1.8.7-FIPS.patch
- Resolves: rhbz#717709
[1.8.7.352-1]
- Update to Ruby 1.8.7-p352.
- Remove Patch43: ruby-1.8.7-CVE-2011-1004.patch; subsumed
- Remove Patch44: ruby-1.8.7-CVE-2011-1005.patch; subsumed
- Remove Patch200: ruby-1.8.7-webrick-CVE.patch; subsumed
- Resolves: rhbz#706332
- Fix of conflict between 32bit and 64bit library versions.
- Resolves: rhbz#674787
- Add systemtap static probes.
- Resolves: rhbz#673162
- Remove duplicate path entry
- Resolves: rhbz#722887
[1.8.7.299-8]
- Address CVE-2011-1004 'Symlink race condition by removing directory trees in
fileutils module'
- ruby-1.8.7-CVE-2011-1004.patch
- Address CVE-2011-1005 'Untrusted codes able to modify arbitrary strings'
- ruby-1.8.7-CVE-2011-1005.patch
- Address CVE-2011-0188 'memory corruption in BigDecimal on 64bit platforms'
- ruby-1.8.7-CVE-2011-0188.patch
- Resolves: rhbz#709964
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
ruby
1.8.7.352-3.el6
ruby-devel
1.8.7.352-3.el6
ruby-docs
1.8.7.352-3.el6
ruby-irb
1.8.7.352-3.el6
ruby-libs
1.8.7.352-3.el6
ruby-rdoc
1.8.7.352-3.el6
ruby-ri
1.8.7.352-3.el6
ruby-static
1.8.7.352-3.el6
ruby-tcltk
1.8.7.352-3.el6
Oracle Linux i686
ruby
1.8.7.352-3.el6
ruby-devel
1.8.7.352-3.el6
ruby-docs
1.8.7.352-3.el6
ruby-irb
1.8.7.352-3.el6
ruby-libs
1.8.7.352-3.el6
ruby-rdoc
1.8.7.352-3.el6
ruby-ri
1.8.7.352-3.el6
ruby-static
1.8.7.352-3.el6
ruby-tcltk
1.8.7.352-3.el6
Связанные CVE
Связанные уязвимости
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby ...
Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.