Login
Newsletter
Werbung

Sicherheit: Ausführen beliebigen Codes in ruby
Aktuelle Meldungen Distributionen
Name: Ausführen beliebigen Codes in ruby
ID: MDKSA-2005:118
Distribution: Mandriva
Plattformen: Mandriva 10.1, Mandriva Corporate 3.0, Mandriva 10.2
Datum: Mi, 13. Juli 2005, 13:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1992
Applikationen: Ruby

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: ruby
Advisory ID: MDKSA-2005:118
Date: July 12th, 2005

Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________

Problem Description:

A vulnerability was discovered in ruby version 1.8 that could allow for
the execution of arbitrary commands on a server running the ruby xmlrpc
server.

The updated packages have been patched to address this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1992
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.1:
043863c657386a3854a0360efe400485 10.1/RPMS/ruby-1.8.1-4.3.101mdk.i586.rpm
2a8de5aaf553cae5ba5fc4ce64989c2a
10.1/RPMS/ruby-devel-1.8.1-4.3.101mdk.i586.rpm
b05c05c460299fb987781b1a7bcb76a3 10.1/RPMS/ruby-doc-1.8.1-4.3.101mdk.i586.rpm
a639754ad5ddec161d3e6310d2c8f597 10.1/RPMS/ruby-tk-1.8.1-4.3.101mdk.i586.rpm
6b8c255d78584b374868f68c0fba1f9a 10.1/SRPMS/ruby-1.8.1-4.3.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
422ce1ef49205b71ec46cba5b324596e
x86_64/10.1/RPMS/ruby-1.8.1-4.3.101mdk.x86_64.rpm
9cd8d758760b3a6f8e2d294b49974795
x86_64/10.1/RPMS/ruby-devel-1.8.1-4.3.101mdk.x86_64.rpm
d1f77bd35fec7be67c174d421004cc99
x86_64/10.1/RPMS/ruby-doc-1.8.1-4.3.101mdk.x86_64.rpm
ff201be467588f67119dac4c77d2451d
x86_64/10.1/RPMS/ruby-tk-1.8.1-4.3.101mdk.x86_64.rpm
6b8c255d78584b374868f68c0fba1f9a
x86_64/10.1/SRPMS/ruby-1.8.1-4.3.101mdk.src.rpm

Mandrakelinux 10.2:
1abe15ec37c10254da6f869a91f462d6 10.2/RPMS/ruby-1.8.2-6.1.102mdk.i586.rpm
69902e1e9f69fa0417de527b86b08129
10.2/RPMS/ruby-devel-1.8.2-6.1.102mdk.i586.rpm
79d13e6dc12446bf0d4ceba8f3891746 10.2/RPMS/ruby-doc-1.8.2-6.1.102mdk.i586.rpm
4d1bae45003f12c8f640354654d08c66 10.2/RPMS/ruby-tk-1.8.2-6.1.102mdk.i586.rpm
72470b9bdecc8085247dd3ea9bfd026e 10.2/SRPMS/ruby-1.8.2-6.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
6defbc537392fd90ca86512ec16f84ba
x86_64/10.2/RPMS/ruby-1.8.2-6.1.102mdk.x86_64.rpm
42f826518c7e2d7184409006156e85a1
x86_64/10.2/RPMS/ruby-devel-1.8.2-6.1.102mdk.x86_64.rpm
be826ba64425c2b6257ae2106311c4ba
x86_64/10.2/RPMS/ruby-doc-1.8.2-6.1.102mdk.x86_64.rpm
a229474a25b363f856dc73999e620409
x86_64/10.2/RPMS/ruby-tk-1.8.2-6.1.102mdk.x86_64.rpm
72470b9bdecc8085247dd3ea9bfd026e
x86_64/10.2/SRPMS/ruby-1.8.2-6.1.102mdk.src.rpm

Corporate 3.0:
ee7b55f434cddfabbb51ff7de4b4300a
corporate/3.0/RPMS/ruby-1.8.1-1.3.C30mdk.i586.rpm
8f30c891611ec8a94f2547ea9d6fc4f5
corporate/3.0/RPMS/ruby-devel-1.8.1-1.3.C30mdk.i586.rpm
82012434d3fe44cfd6d3f22643382134
corporate/3.0/RPMS/ruby-doc-1.8.1-1.3.C30mdk.i586.rpm
fac1f5244b97d58523ddf13afa550889
corporate/3.0/RPMS/ruby-tk-1.8.1-1.3.C30mdk.i586.rpm
7781778b81a36b85cfb60424337ab463
corporate/3.0/SRPMS/ruby-1.8.1-1.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
8dccd5b797263c2784a6159bdf1b4614
x86_64/corporate/3.0/RPMS/ruby-1.8.1-1.3.C30mdk.x86_64.rpm
89b25dcefd9e99b9b67255f1ed862946
x86_64/corporate/3.0/RPMS/ruby-devel-1.8.1-1.3.C30mdk.x86_64.rpm
24559489e7e1aebe6f7f788caa31d0c3
x86_64/corporate/3.0/RPMS/ruby-doc-1.8.1-1.3.C30mdk.x86_64.rpm
2737e9bdaafe436bcec1a367d4c80c82
x86_64/corporate/3.0/RPMS/ruby-tk-1.8.1-1.3.C30mdk.x86_64.rpm
7781778b81a36b85cfb60424337ab463
x86_64/corporate/3.0/SRPMS/ruby-1.8.1-1.3.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC1F6SmqjQ0CJFipgRApk6AKDYfxK9rSRXzCjoUrweytJnimPijQCeJa46
/RtageXCJm+dnkONlvjpd2Q=
=X4d+
-----END PGP SIGNATURE-----


To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung