Nom du paquet
ruby
Date
2009-12-07
Advisory ID
MDVSA-2009:325
Affected versions
2008.0 i586 , 2008.0 x86_64

Problem description

Multiple vulnerabilities was discovered and corrected in ruby:

ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check
the return value from the OCSP_basic_verify function, which might allow
remote attackers to successfully present an invalid X.509 certificate,
possibly involving a revoked certificate (CVE-2009-0642).

The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before
p173 allows context-dependent attackers to cause a denial of service
(application crash) via a string argument that represents a large
number, as demonstrated by an attempted conversion to the Float data
type (CVE-2009-1904).

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

This update provides a solution to these vulnerabilities.

Updated packages

2008.0 i586

 da96c62bd3ab386ef616907dfd0ba221  2008.0/i586/ruby-1.8.6-5.4mdv2008.0.i586.rpm
 bb1125b1c4f4c0f6826c8165a3fb859a  2008.0/i586/ruby-devel-1.8.6-5.4mdv2008.0.i586.rpm
 56ce3c3c89fcc6415984f60ab4a83abe  2008.0/i586/ruby-doc-1.8.6-5.4mdv2008.0.i586.rpm
 f6b3298ee85967b4a74c2e0927cf65c6  2008.0/i586/ruby-tk-1.8.6-5.4mdv2008.0.i586.rpm 
 d6adf0c63cf7772777df5761e529bfae  2008.0/SRPMS/ruby-1.8.6-5.4mdv2008.0.src.rpm

2008.0 x86_64

 a0b48e643d5e798272f0c45a23bed6d1  2008.0/x86_64/ruby-1.8.6-5.4mdv2008.0.x86_64.rpm
 fb221add0434dfa8a06dbd53a3216b06  2008.0/x86_64/ruby-devel-1.8.6-5.4mdv2008.0.x86_64.rpm
 e0964e8cdef7d045e64b9968354082bd  2008.0/x86_64/ruby-doc-1.8.6-5.4mdv2008.0.x86_64.rpm
 c51bf69ad9cc8d93949a59d47f1724c8  2008.0/x86_64/ruby-tk-1.8.6-5.4mdv2008.0.x86_64.rpm 
 d6adf0c63cf7772777df5761e529bfae  2008.0/SRPMS/ruby-1.8.6-5.4mdv2008.0.src.rpm

References