Support / Sécurité / Annonces de sécurité / Mandriva Linux 2009.1 / MDVSA-2009:160

Nom du paquet: ruby
Date: 2009-07-27
Advisory ID: MDVSA-2009:160
Affected versions: 2009.0 x86_64 , CS4.0 x86_64 , 2009.1 i586 , 2009.0 i586 , 2008.1 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2008.1 x86_64 , 2009.1 x86_64

Problem description

The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before
p173 allows context-dependent attackers to cause a denial of service
(application crash) via a string argument that represents a large
number, as demonstrated by an attempted conversion to the Float
data type.

This update corrects the problem.

Updated packages

2009.0 x86_64

 f301015f7363b5956378dd5987acd747  2009.0/x86_64/ruby-1.8.7-7p72.1mdv2009.0.x86_64.rpm
 6e4f8ef15c3e675044ff715a2ba5b953  2009.0/x86_64/ruby-devel-1.8.7-7p72.1mdv2009.0.x86_64.rpm
 0c7ea2ff4e407088182040eac48a296e  2009.0/x86_64/ruby-doc-1.8.7-7p72.1mdv2009.0.x86_64.rpm
 1ad365ce9723434a4975e59950c35e91  2009.0/x86_64/ruby-tk-1.8.7-7p72.1mdv2009.0.x86_64.rpm 
 992cfbd92c67db3f76e18f4aef57b495  2009.0/SRPMS/ruby-1.8.7-7p72.1mdv2009.0.src.rpm

CS4.0 x86_64

 02d54f82e346b17faf032e7af31b6a5c  corporate/4.0/x86_64/ruby-1.8.2-7.9.20060mlcs4.x86_64.rpm
 25b84b1233734f1659902422897a6d95  corporate/4.0/x86_64/ruby-devel-1.8.2-7.9.20060mlcs4.x86_64.rpm
 1d76ad5f96eb0d98639915b9d20ad293  corporate/4.0/x86_64/ruby-doc-1.8.2-7.9.20060mlcs4.x86_64.rpm
 c8d6a19d6eb45c45ab1cfc3aca93d44c  corporate/4.0/x86_64/ruby-tk-1.8.2-7.9.20060mlcs4.x86_64.rpm 
 2f4d6065fc086f6951e86803584bda47  corporate/4.0/SRPMS/ruby-1.8.2-7.9.20060mlcs4.src.rpm

2009.1 i586

 569f8d2203a5c676548b1b9795d703ab  2009.1/i586/ruby-1.8.7-9p72.1mdv2009.1.i586.rpm
 df2b8d16b9d0fa0b4dab3c806bc3643e  2009.1/i586/ruby-devel-1.8.7-9p72.1mdv2009.1.i586.rpm
 69413d3a3b22f6039be86376cf11c271  2009.1/i586/ruby-doc-1.8.7-9p72.1mdv2009.1.i586.rpm
 7d2ee3b518a38c12ac48377c50a513c9  2009.1/i586/ruby-tk-1.8.7-9p72.1mdv2009.1.i586.rpm 
 3808ba088fcc965ec8fa0a866a3263b5  2009.1/SRPMS/ruby-1.8.7-9p72.1mdv2009.1.src.rpm

2009.0 i586

 70686e958527580cdd6170e4c69c1b79  2009.0/i586/ruby-1.8.7-7p72.1mdv2009.0.i586.rpm
 f4163392e6383729b356b00a401f1065  2009.0/i586/ruby-devel-1.8.7-7p72.1mdv2009.0.i586.rpm
 fb737159f3c8ec9604c75e9ca1b30b2f  2009.0/i586/ruby-doc-1.8.7-7p72.1mdv2009.0.i586.rpm
 0677b6803841bb4a6a3058c92a77b97d  2009.0/i586/ruby-tk-1.8.7-7p72.1mdv2009.0.i586.rpm 
 992cfbd92c67db3f76e18f4aef57b495  2009.0/SRPMS/ruby-1.8.7-7p72.1mdv2009.0.src.rpm

2008.1 i586

 023e157e46bd5bd7459e965fa09c3648  2008.1/i586/ruby-1.8.6-9p114.3mdv2008.1.i586.rpm
 a21992cd7008cd9aef8387181b94d67d  2008.1/i586/ruby-devel-1.8.6-9p114.3mdv2008.1.i586.rpm
 0a85f97c48fb3be6aab45e03318b7ab3  2008.1/i586/ruby-doc-1.8.6-9p114.3mdv2008.1.i586.rpm
 b3af576494298b07e2c7b9c216c06d9f  2008.1/i586/ruby-tk-1.8.6-9p114.3mdv2008.1.i586.rpm 
 fb5a1433a4d764a8e74782bf000f3b5d  2008.1/SRPMS/ruby-1.8.6-9p114.3mdv2008.1.src.rpm

CS3.0 x86_64

 88ff118792ab4b5d63e7029d6092e278  corporate/3.0/x86_64/ruby-1.8.1-1.12.C30mdk.x86_64.rpm
 0c650d9ef35da1b3e737da192a7c1880  corporate/3.0/x86_64/ruby-devel-1.8.1-1.12.C30mdk.x86_64.rpm
 5250acbab6ac96ff609058b21b2b4d4f  corporate/3.0/x86_64/ruby-doc-1.8.1-1.12.C30mdk.x86_64.rpm
 2a3b9bc75e1e87dc7f9efab7e5917394  corporate/3.0/x86_64/ruby-tk-1.8.1-1.12.C30mdk.x86_64.rpm 
 55165fb24dbe048b23e42f43626c2baa  corporate/3.0/SRPMS/ruby-1.8.1-1.12.C30mdk.src.rpm

CS4.0 i586

 73d52e81686a8b66aa3d2a086c7a3026  corporate/4.0/i586/ruby-1.8.2-7.9.20060mlcs4.i586.rpm
 611ce2ab1531b68eee6e8c6e74dcfdd2  corporate/4.0/i586/ruby-devel-1.8.2-7.9.20060mlcs4.i586.rpm
 edd29ede767cf6f1d86b464178f29eb7  corporate/4.0/i586/ruby-doc-1.8.2-7.9.20060mlcs4.i586.rpm
 206e45ae9a72010f804079036d2a4ab5  corporate/4.0/i586/ruby-tk-1.8.2-7.9.20060mlcs4.i586.rpm 
 2f4d6065fc086f6951e86803584bda47  corporate/4.0/SRPMS/ruby-1.8.2-7.9.20060mlcs4.src.rpm

CS3.0 i586

 08537459d909f238d66290d38c852cdc  corporate/3.0/i586/ruby-1.8.1-1.12.C30mdk.i586.rpm
 7fe8a837dd45a10f653c68e50f4fcc19  corporate/3.0/i586/ruby-devel-1.8.1-1.12.C30mdk.i586.rpm
 517345ca6ad8b44da9b377bbc147ae28  corporate/3.0/i586/ruby-doc-1.8.1-1.12.C30mdk.i586.rpm
 ee288e4ba1de7c3ee07217485e13a653  corporate/3.0/i586/ruby-tk-1.8.1-1.12.C30mdk.i586.rpm 
 55165fb24dbe048b23e42f43626c2baa  corporate/3.0/SRPMS/ruby-1.8.1-1.12.C30mdk.src.rpm

2008.1 x86_64

 b7a23f5b04ce3f274e414ab97578fc6a  2008.1/x86_64/ruby-1.8.6-9p114.3mdv2008.1.x86_64.rpm
 8a76ef7557b8e30393edbc5e7d85a826  2008.1/x86_64/ruby-devel-1.8.6-9p114.3mdv2008.1.x86_64.rpm
 a578aa2ec9a865778ea40c3162f87d18  2008.1/x86_64/ruby-doc-1.8.6-9p114.3mdv2008.1.x86_64.rpm
 37cc5a1f43a81db852642d74a0722dc1  2008.1/x86_64/ruby-tk-1.8.6-9p114.3mdv2008.1.x86_64.rpm 
 fb5a1433a4d764a8e74782bf000f3b5d  2008.1/SRPMS/ruby-1.8.6-9p114.3mdv2008.1.src.rpm

2009.1 x86_64

 4ccd63e8cb926629a1c308431b29a11b  2009.1/x86_64/ruby-1.8.7-9p72.1mdv2009.1.x86_64.rpm
 589238b971d9b619209abaace4748d23  2009.1/x86_64/ruby-devel-1.8.7-9p72.1mdv2009.1.x86_64.rpm
 f5d5dfb99dd43d8549d45cfb343efcf0  2009.1/x86_64/ruby-doc-1.8.7-9p72.1mdv2009.1.x86_64.rpm
 76626abab2f83c83251bb1f0ec66b657  2009.1/x86_64/ruby-tk-1.8.7-9p72.1mdv2009.1.x86_64.rpm 
 3808ba088fcc965ec8fa0a866a3263b5  2009.1/SRPMS/ruby-1.8.7-9p72.1mdv2009.1.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1904