Nom du paquet
ruby
Date
2010-01-19
Advisory ID
MDVSA-2010:017
Affected versions
2009.0 x86_64 , MES5 i586 , 2010.0 x86_64 , 2010.0 i586 , 2009.1 i586 , 2009.0 i586 , CS4.0 i586 , 2008.0 x86_64 , CS4.0 x86_64 , 2008.0 i586 , 2009.1 x86_64 , MES5 x86_64

Problem description

A vulnerability has been found and corrected in ruby:

WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through
patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev
writes data to a log file without sanitizing non-printable characters,
which might allow remote attackers to modify a window's title,
or possibly execute arbitrary commands or overwrite files, via an
HTTP request containing an escape sequence for a terminal emulator
(CVE-2009-4492).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct this issue.

Updated packages

2009.0 x86_64

 5fcb69fd1908cf385712fe8f0c7197ad  2009.0/x86_64/ruby-1.8.7-7p72.3mdv2009.0.x86_64.rpm
 24e163680c8ab0c33599954482d66c8a  2009.0/x86_64/ruby-devel-1.8.7-7p72.3mdv2009.0.x86_64.rpm
 a7ca58b52fe54fc71b84a5bf13db878c  2009.0/x86_64/ruby-doc-1.8.7-7p72.3mdv2009.0.x86_64.rpm
 f59a9ebd06d9447729f86816849f2829  2009.0/x86_64/ruby-tk-1.8.7-7p72.3mdv2009.0.x86_64.rpm 
 4d73e6540dd45a75948aae15c227180c  2009.0/SRPMS/ruby-1.8.7-7p72.3mdv2009.0.src.rpm

MES5 i586

 79c8d1db00e6939832a482cd56deb332  mes5/i586/ruby-1.8.7-7p72.3mdvmes5.i586.rpm
 104fc5981f5c66832963b09daf9a6e3f  mes5/i586/ruby-devel-1.8.7-7p72.3mdvmes5.i586.rpm
 829ed2328066244e3c093e3779b79d82  mes5/i586/ruby-doc-1.8.7-7p72.3mdvmes5.i586.rpm
 39acd4fa454c8d2598400268999b9ffa  mes5/i586/ruby-tk-1.8.7-7p72.3mdvmes5.i586.rpm 
 29b5d57995f9c40e6e9e2bb8d6122dbd  mes5/SRPMS/ruby-1.8.7-7p72.3mdvmes5.src.rpm

2010.0 x86_64

 75230d955e7f28d6fbbe0efb5069b2d2  2010.0/x86_64/ruby-1.8.7-9p174.1mdv2010.0.x86_64.rpm
 085cb4af83feef546a9cf6a3929c5c51  2010.0/x86_64/ruby-devel-1.8.7-9p174.1mdv2010.0.x86_64.rpm
 9e35d282e30588fa843b4edc36808068  2010.0/x86_64/ruby-doc-1.8.7-9p174.1mdv2010.0.x86_64.rpm
 2e4b95c6c1d025b2f79eb7bdc238a71e  2010.0/x86_64/ruby-tk-1.8.7-9p174.1mdv2010.0.x86_64.rpm 
 bb56bb35355c556f4be4e11bcf53cc93  2010.0/SRPMS/ruby-1.8.7-9p174.1mdv2010.0.src.rpm

2010.0 i586

 2c0a2f50cb64ce9c8db446c7c43a3ad5  2010.0/i586/ruby-1.8.7-9p174.1mdv2010.0.i586.rpm
 1d3b0284cefce641ae3a9e0acad3eb31  2010.0/i586/ruby-devel-1.8.7-9p174.1mdv2010.0.i586.rpm
 a5889305c1e1efe0306e87e0e0584905  2010.0/i586/ruby-doc-1.8.7-9p174.1mdv2010.0.i586.rpm
 e04504a888df5b80242b430253d01ebe  2010.0/i586/ruby-tk-1.8.7-9p174.1mdv2010.0.i586.rpm 
 bb56bb35355c556f4be4e11bcf53cc93  2010.0/SRPMS/ruby-1.8.7-9p174.1mdv2010.0.src.rpm

2009.1 i586

 88cfd59b0e447ce2fc3e555bd8cc8c05  2009.1/i586/ruby-1.8.7-9p72.3mdv2009.1.i586.rpm
 b26875792b8dd1450acf22e1cd5e7125  2009.1/i586/ruby-devel-1.8.7-9p72.3mdv2009.1.i586.rpm
 ae27cb9ea848800dd24eed2622c863a5  2009.1/i586/ruby-doc-1.8.7-9p72.3mdv2009.1.i586.rpm
 80d7ae68c8318b4544c3c15605baf376  2009.1/i586/ruby-tk-1.8.7-9p72.3mdv2009.1.i586.rpm 
 158e9c9ea053a470c964e0bc3ce03a00  2009.1/SRPMS/ruby-1.8.7-9p72.3mdv2009.1.src.rpm

2009.0 i586

 b2fd3ee6542e4cd9631b91acf9dea020  2009.0/i586/ruby-1.8.7-7p72.3mdv2009.0.i586.rpm
 dbdd2531cc1fa4e0b7f36231da1ff758  2009.0/i586/ruby-devel-1.8.7-7p72.3mdv2009.0.i586.rpm
 cacf5f1c157efdb1d34c487c5981c743  2009.0/i586/ruby-doc-1.8.7-7p72.3mdv2009.0.i586.rpm
 21e92249cbfd8be58fb0f4e7fb179b8f  2009.0/i586/ruby-tk-1.8.7-7p72.3mdv2009.0.i586.rpm 
 4d73e6540dd45a75948aae15c227180c  2009.0/SRPMS/ruby-1.8.7-7p72.3mdv2009.0.src.rpm

CS4.0 i586

 98e84ca9925a882b8e1066c04908abca  corporate/4.0/i586/ruby-1.8.2-7.11.20060mlcs4.i586.rpm
 105a34d3d939962a47ce98f241f60686  corporate/4.0/i586/ruby-devel-1.8.2-7.11.20060mlcs4.i586.rpm
 a381e8a59417a80959889a672468cd3a  corporate/4.0/i586/ruby-doc-1.8.2-7.11.20060mlcs4.i586.rpm
 60c661ae3c3b064e345132df059f1372  corporate/4.0/i586/ruby-tk-1.8.2-7.11.20060mlcs4.i586.rpm 
 da4e4f78d71d8fe3cb5aca3d3ad425f6  corporate/4.0/SRPMS/ruby-1.8.2-7.11.20060mlcs4.src.rpm

2008.0 x86_64

 f02c68cceb01dc048f5b056d61672346  2008.0/x86_64/ruby-1.8.6-5.5mdv2008.0.x86_64.rpm
 2c1242265445600bd8ee386766f4bd22  2008.0/x86_64/ruby-devel-1.8.6-5.5mdv2008.0.x86_64.rpm
 0f70cc7a2b8ec3c4d7b56ff4ce21e703  2008.0/x86_64/ruby-doc-1.8.6-5.5mdv2008.0.x86_64.rpm
 2c8c2aad4db092fa7afc86ab6081862b  2008.0/x86_64/ruby-tk-1.8.6-5.5mdv2008.0.x86_64.rpm 
 744a650335e29123f403d35cf366e5b6  2008.0/SRPMS/ruby-1.8.6-5.5mdv2008.0.src.rpm

CS4.0 x86_64

 dfa4f7f7bf69e3554b5218562ecbb75d  corporate/4.0/x86_64/ruby-1.8.2-7.11.20060mlcs4.x86_64.rpm
 639d9a74cab0dbffab9b9d8219484a7d  corporate/4.0/x86_64/ruby-devel-1.8.2-7.11.20060mlcs4.x86_64.rpm
 ad2a1ed0795737b949e100b5aa8aa4bd  corporate/4.0/x86_64/ruby-doc-1.8.2-7.11.20060mlcs4.x86_64.rpm
 0b17648baae8bed85c805ccf525e5d72  corporate/4.0/x86_64/ruby-tk-1.8.2-7.11.20060mlcs4.x86_64.rpm 
 da4e4f78d71d8fe3cb5aca3d3ad425f6  corporate/4.0/SRPMS/ruby-1.8.2-7.11.20060mlcs4.src.rpm

2008.0 i586

 81ffde889fff5e736c7fc8ff4caed3af  2008.0/i586/ruby-1.8.6-5.5mdv2008.0.i586.rpm
 5cc1e869a22fc16936eedfd34005a683  2008.0/i586/ruby-devel-1.8.6-5.5mdv2008.0.i586.rpm
 6d1f7748edeb1aba0051cc11560a071b  2008.0/i586/ruby-doc-1.8.6-5.5mdv2008.0.i586.rpm
 39bc1acbe49a9453acab67b49b084b80  2008.0/i586/ruby-tk-1.8.6-5.5mdv2008.0.i586.rpm 
 744a650335e29123f403d35cf366e5b6  2008.0/SRPMS/ruby-1.8.6-5.5mdv2008.0.src.rpm

2009.1 x86_64

 dacfa4833a9dfd882c93bf87b671fe90  2009.1/x86_64/ruby-1.8.7-9p72.3mdv2009.1.x86_64.rpm
 8409d1abd0192d2bfa7426049ffaaf8b  2009.1/x86_64/ruby-devel-1.8.7-9p72.3mdv2009.1.x86_64.rpm
 0cc95c768f986b0bb168ae821b04c370  2009.1/x86_64/ruby-doc-1.8.7-9p72.3mdv2009.1.x86_64.rpm
 1088ecc3fa689f1d41346880f7a71427  2009.1/x86_64/ruby-tk-1.8.7-9p72.3mdv2009.1.x86_64.rpm 
 158e9c9ea053a470c964e0bc3ce03a00  2009.1/SRPMS/ruby-1.8.7-9p72.3mdv2009.1.src.rpm

MES5 x86_64

 6b48873043c691eea6b3144d1172e326  mes5/x86_64/ruby-1.8.7-7p72.3mdvmes5.x86_64.rpm
 9ce68537d8c0e8c691b7c55aa0aac974  mes5/x86_64/ruby-devel-1.8.7-7p72.3mdvmes5.x86_64.rpm
 9ab66ce856dff1f387e9c5af7eed1ba3  mes5/x86_64/ruby-doc-1.8.7-7p72.3mdvmes5.x86_64.rpm
 4f521606bafcd7f799dfd60cace1e7ec  mes5/x86_64/ruby-tk-1.8.7-7p72.3mdvmes5.x86_64.rpm 
 29b5d57995f9c40e6e9e2bb8d6122dbd  mes5/SRPMS/ruby-1.8.7-7p72.3mdvmes5.src.rpm

References