Package name
ruby
Date
2012-02-28
Advisory ID
MDVSA-2012:024
Affected versions
MES5 i586 , 2010.1 i586 , 2011 x86_64 , 2011 i586 , MES5 x86_64 , 2010.1 x86_64

Problem description

A vulnerability has been found and corrected in ruby:

Ruby (aka CRuby) before 1.8.7-p357 computes hash values without
restricting the ability to trigger hash collisions predictably,
which allows context-dependent attackers to cause a denial of service
(CPU consumption) via crafted input to an application that maintains
a hash table (CVE-2011-4815).

The updated packages have been patched to correct this issue.

Updated packages

MES5 i586

 a47208b885ec74f98d4a43a5f13385f5  mes5/i586/ruby-1.8.7-7p72.5mdvmes5.2.i586.rpm
 03a05dd52c6546d933661086b701685e  mes5/i586/ruby-devel-1.8.7-7p72.5mdvmes5.2.i586.rpm
 e02800af7193f3c78f56476487db465e  mes5/i586/ruby-doc-1.8.7-7p72.5mdvmes5.2.i586.rpm
 06e4c7c64a97130e7fc6123ca3092996  mes5/i586/ruby-tk-1.8.7-7p72.5mdvmes5.2.i586.rpm 
 d48a783d0f35e9efca549dbab228c3b6  mes5/SRPMS/ruby-1.8.7-7p72.5mdvmes5.2.src.rpm

2010.1 i586

 d211540ac03bde71c784b2fdd82f72ea  2010.1/i586/ruby-1.8.7.p249-4.2mdv2010.2.i586.rpm
 a34667198e32474af1629dffc7b36d66  2010.1/i586/ruby-devel-1.8.7.p249-4.2mdv2010.2.i586.rpm
 40ef4190846a3199cb69f3806d3d469d  2010.1/i586/ruby-doc-1.8.7.p249-4.2mdv2010.2.i586.rpm
 d278462b2f37f58340acf6a34012b9ae  2010.1/i586/ruby-tk-1.8.7.p249-4.2mdv2010.2.i586.rpm 
 056076e1e82cc6f014c3120299a88b8a  2010.1/SRPMS/ruby-1.8.7.p249-4.2mdv2010.2.src.rpm

2011 x86_64

 e3a681a43058a536bf9df669e8d5b0e6  2011/x86_64/ruby-1.8.7.p334-4.1-mdv2011.0.x86_64.rpm
 11d134855a82d2300f9672194362e7a2  2011/x86_64/ruby-devel-1.8.7.p334-4.1-mdv2011.0.x86_64.rpm
 6aafa6781c6f72ef3ce1efa841d4e5f2  2011/x86_64/ruby-doc-1.8.7.p334-4.1-mdv2011.0.x86_64.rpm
 02a7ca269fa62d4b350615536a4dcf1c  2011/x86_64/ruby-tk-1.8.7.p334-4.1-mdv2011.0.x86_64.rpm 
 710fdb48a26500548e89974da729e57e  2011/SRPMS/ruby-1.8.7.p334-4.1.src.rpm

2011 i586

 a82a3be0216b68a6085d48e61f1f9848  2011/i586/ruby-1.8.7.p334-4.1-mdv2011.0.i586.rpm
 ca47d01be7d3d07c576179dc4d808a05  2011/i586/ruby-devel-1.8.7.p334-4.1-mdv2011.0.i586.rpm
 3e663d8d3df13880806ee9ecd67896b9  2011/i586/ruby-doc-1.8.7.p334-4.1-mdv2011.0.i586.rpm
 779400961dc5a3b44cb7e6ea56aa9731  2011/i586/ruby-tk-1.8.7.p334-4.1-mdv2011.0.i586.rpm 
 710fdb48a26500548e89974da729e57e  2011/SRPMS/ruby-1.8.7.p334-4.1.src.rpm

MES5 x86_64

 2cdc9d75233f1330be0ea823506cbc88  mes5/x86_64/ruby-1.8.7-7p72.5mdvmes5.2.x86_64.rpm
 e5278f579466f0a74ffd3a14ec3239e8  mes5/x86_64/ruby-devel-1.8.7-7p72.5mdvmes5.2.x86_64.rpm
 f0769c7dd9fca081ae6bb9e8d4f0f205  mes5/x86_64/ruby-doc-1.8.7-7p72.5mdvmes5.2.x86_64.rpm
 794b375ad6b2f3b1a16f4cf4bb6b42d9  mes5/x86_64/ruby-tk-1.8.7-7p72.5mdvmes5.2.x86_64.rpm 
 d48a783d0f35e9efca549dbab228c3b6  mes5/SRPMS/ruby-1.8.7-7p72.5mdvmes5.2.src.rpm

2010.1 x86_64

 ff8b1d25b3b72fc882f73d30b3090058  2010.1/x86_64/ruby-1.8.7.p249-4.2mdv2010.2.x86_64.rpm
 93123ae15e933e222729f58c30c39253  2010.1/x86_64/ruby-devel-1.8.7.p249-4.2mdv2010.2.x86_64.rpm
 2b639d890904651018b6e516d422dfd7  2010.1/x86_64/ruby-doc-1.8.7.p249-4.2mdv2010.2.x86_64.rpm
 4427874ba57e9a85bee42cb665c23e69  2010.1/x86_64/ruby-tk-1.8.7.p249-4.2mdv2010.2.x86_64.rpm 
 056076e1e82cc6f014c3120299a88b8a  2010.1/SRPMS/ruby-1.8.7.p249-4.2mdv2010.2.src.rpm

References