Nom du paquet
ruby
Date
2009-07-29
Advisory ID
MDVSA-2009:177
Affected versions
MES5 i586 , MES5 x86_64

Problem description

The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before
p173 allows context-dependent attackers to cause a denial of service
(application crash) via a string argument that represents a large
number, as demonstrated by an attempted conversion to the Float
data type.

This update corrects the problem.

Updated packages

MES5 i586

 d522ab4a96f29c8ae4cb60c73e750457  mes5/i586/ruby-1.8.7-7p72.1mdvmes5.i586.rpm
 9aa6efe7e8ee13bf9c718579e9248e55  mes5/i586/ruby-devel-1.8.7-7p72.1mdvmes5.i586.rpm
 c64ccd9e38432c5f035752d4b60acbf3  mes5/i586/ruby-doc-1.8.7-7p72.1mdvmes5.i586.rpm
 670b08d1f4e72978ed94aaa8817f94a8  mes5/i586/ruby-tk-1.8.7-7p72.1mdvmes5.i586.rpm 
 81fa60b8e779527ab38e1f1e29fbbab7  mes5/SRPMS/ruby-1.8.7-7p72.1mdvmes5.src.rpm

MES5 x86_64

 0956bc7cc93aa4e5d0f91b9b24932f64  mes5/x86_64/ruby-1.8.7-7p72.1mdvmes5.x86_64.rpm
 0dd370e2bf7e06c17080c9c952a1b691  mes5/x86_64/ruby-devel-1.8.7-7p72.1mdvmes5.x86_64.rpm
 a43cd3b48a9c25d7e0263885034cf6a0  mes5/x86_64/ruby-doc-1.8.7-7p72.1mdvmes5.x86_64.rpm
 033e65a325fe239f5ea24fa04fcbdf5e  mes5/x86_64/ruby-tk-1.8.7-7p72.1mdvmes5.x86_64.rpm 
 81fa60b8e779527ab38e1f1e29fbbab7  mes5/SRPMS/ruby-1.8.7-7p72.1mdvmes5.src.rpm

References