MDVSA-2009:325
- Package name
- ruby
- Date
- 2009-12-07
- Advisory ID
- MDVSA-2009:325
- Affected versions
- 2008.0 i586 , 2008.0 x86_64
Problem description
Multiple vulnerabilities was discovered and corrected in ruby:
ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check
the return value from the OCSP_basic_verify function, which might allow
remote attackers to successfully present an invalid X.509 certificate,
possibly involving a revoked certificate (CVE-2009-0642).
The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before
p173 allows context-dependent attackers to cause a denial of service
(application crash) via a string argument that represents a large
number, as demonstrated by an attempted conversion to the Float data
type (CVE-2009-1904).
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
This update provides a solution to these vulnerabilities.
Updated packages
2008.0 i586
da96c62bd3ab386ef616907dfd0ba221 2008.0/i586/ruby-1.8.6-5.4mdv2008.0.i586.rpm bb1125b1c4f4c0f6826c8165a3fb859a 2008.0/i586/ruby-devel-1.8.6-5.4mdv2008.0.i586.rpm 56ce3c3c89fcc6415984f60ab4a83abe 2008.0/i586/ruby-doc-1.8.6-5.4mdv2008.0.i586.rpm f6b3298ee85967b4a74c2e0927cf65c6 2008.0/i586/ruby-tk-1.8.6-5.4mdv2008.0.i586.rpm d6adf0c63cf7772777df5761e529bfae 2008.0/SRPMS/ruby-1.8.6-5.4mdv2008.0.src.rpm
2008.0 x86_64
a0b48e643d5e798272f0c45a23bed6d1 2008.0/x86_64/ruby-1.8.6-5.4mdv2008.0.x86_64.rpm fb221add0434dfa8a06dbd53a3216b06 2008.0/x86_64/ruby-devel-1.8.6-5.4mdv2008.0.x86_64.rpm e0964e8cdef7d045e64b9968354082bd 2008.0/x86_64/ruby-doc-1.8.6-5.4mdv2008.0.x86_64.rpm c51bf69ad9cc8d93949a59d47f1724c8 2008.0/x86_64/ruby-tk-1.8.6-5.4mdv2008.0.x86_64.rpm d6adf0c63cf7772777df5761e529bfae 2008.0/SRPMS/ruby-1.8.6-5.4mdv2008.0.src.rpm