Privacy and Legal Notice

CIAC INFORMATION BULLETIN

S-344: Ruby Security Update

[Red Hat RHSA-2008:0561-7]

July 28, 2008 19:00 GMT
[REVISED 18 Aug 2008]
PROBLEM: Multiple interger overflows to a heap overflow were discovered in the array- and string-handling code used by Ruby.
PLATFORM: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS, ES, WS (v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Debian GNU/Linux 4.0 (etch)
DAMAGE: Execute arbitrary code or DoS.
SOLUTION: Upgrade to the appropriate version.
VULNERABILITY
ASSESSMENT:		 The risk is MEDIUM. An attacker could use these flaws to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using untrusted inputs in array or string operations.
CVSS 2 BASE SCORE:
   TEMPORAL SCORE:
   VECTOR:		 6.8
5.6
(AV:N/AC:M/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
LINKS:  
  CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/s-344.shtml
  ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2008-0561.html
  ADDITIONAL LINK: http://www.debian.org/security/2008/dsa-1618
  CVE: CVE-2008-2376 CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726 
REVISION HISTORY:
08/18/2008 - revised S-344 to add a link to Debian Security Advisory DSA-1618-1 for
             Debian GNU/Linux 4.0 (etch).



[***** Start Red Hat  RHSA-2008:0561-7 *****]

Moderate: ruby security update

Advisory: RHSA-2008:0561-7
Type: Security Advisory
Severity: Moderate
Issued on: 2008-07-14
Last updated on: 2008-07-14
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20080561.xml
CVEs (cve.mitre.org): CVE-2008-2376
CVE-2008-2662
CVE-2008-2663
CVE-2008-2664
CVE-2008-2725
CVE-2008-2726

Details

Updated ruby packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Ruby is an interpreted scripting language for quick and easy
object-oriented programming.

Multiple integer overflows leading to a heap overflow were discovered in
the array- and string-handling code used by Ruby. An attacker could use
these flaws to crash a Ruby application or, possibly, execute arbitrary
code with the privileges of the Ruby application using untrusted inputs in
array or string operations. (CVE-2008-2376, CVE-2008-2662, CVE-2008-2663,
CVE-2008-2725, CVE-2008-2726)

It was discovered that Ruby used the alloca() memory allocation function in
the format (%) method of the String class without properly restricting
maximum string length. An attacker could use this flaw to crash a Ruby
application or, possibly, execute arbitrary code with the privileges of the
Ruby application using long, untrusted strings as format strings.
(CVE-2008-2664)

Red Hat would like to thank Drew Yao of the Apple Product Security team for
reporting these issues.

Users of Ruby should upgrade to these updated packages, which contain a
backported patch to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
IA-32:
ruby-devel-1.8.5-5.el5_2.3.i386.rpm     f755c3511b6d9260efc6b5b5ae74ce91
ruby-mode-1.8.5-5.el5_2.3.i386.rpm     7ac882d65ae11560af873d5ef7b8f009
 
x86_64:
ruby-devel-1.8.5-5.el5_2.3.i386.rpm     f755c3511b6d9260efc6b5b5ae74ce91
ruby-devel-1.8.5-5.el5_2.3.x86_64.rpm     f5fea8aa7b42ab5d9ae98d01a21b348f
ruby-mode-1.8.5-5.el5_2.3.x86_64.rpm     5e0220e4cf82ba13744f795f9ebbdf77
 
Red Hat Desktop (v. 4)
SRPMS:
ruby-1.8.1-7.el4_6.1.src.rpm     ca521cd1d9dbb44d362ee4a7c42a9ca0
 
IA-32:
irb-1.8.1-7.el4_6.1.i386.rpm     aa476683831cebc503b965f8655e7fb8
ruby-1.8.1-7.el4_6.1.i386.rpm     1ced50e6baff2ae27dc610ade4652a77
ruby-devel-1.8.1-7.el4_6.1.i386.rpm     67d4ad9115fdc4c8ca9f8d2c3c10ba1f
ruby-docs-1.8.1-7.el4_6.1.i386.rpm     a49464629b3858035974473e234fe562
ruby-libs-1.8.1-7.el4_6.1.i386.rpm     0f1d526196630c209b1054e6965c5040
ruby-mode-1.8.1-7.el4_6.1.i386.rpm     ab352ca6f4b7e1ccaca8fbb6578e3c1e
ruby-tcltk-1.8.1-7.el4_6.1.i386.rpm     e51243c17dc14a7b0582dac1fdfdc619
 
x86_64:
irb-1.8.1-7.el4_6.1.x86_64.rpm     891038d9704c1dec627448642aae5dc2
ruby-1.8.1-7.el4_6.1.x86_64.rpm     be002ddaef2c09e6a927611b47c4e9a0
ruby-devel-1.8.1-7.el4_6.1.x86_64.rpm     f127c2d83f7b285f03c7dc1ac37e9968
ruby-docs-1.8.1-7.el4_6.1.x86_64.rpm     d3d184ebb508acf0a8b68b0179998fdf
ruby-libs-1.8.1-7.el4_6.1.i386.rpm     0f1d526196630c209b1054e6965c5040
ruby-libs-1.8.1-7.el4_6.1.x86_64.rpm     eed2737b95dc6b0da160436f0b3d73a0
ruby-mode-1.8.1-7.el4_6.1.x86_64.rpm     4035c0574ee29b94aac8f8b25255bc17
ruby-tcltk-1.8.1-7.el4_6.1.x86_64.rpm     d473d4f32bc5d4ce424dea86f0734b57
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
ruby-1.8.5-5.el5_2.3.src.rpm     1aea1d9659f762a318d05e69846b19f5
 
IA-32:
ruby-1.8.5-5.el5_2.3.i386.rpm     3f4d1ec07954f30708e036f2fcc40742
ruby-devel-1.8.5-5.el5_2.3.i386.rpm     f755c3511b6d9260efc6b5b5ae74ce91
ruby-docs-1.8.5-5.el5_2.3.i386.rpm     08b612fa7cd2157967862d41c074234e
ruby-irb-1.8.5-5.el5_2.3.i386.rpm     6655f4c0ee60d0237a5ff6a80edba27d
ruby-libs-1.8.5-5.el5_2.3.i386.rpm     97e7ffb1bc261f9cd8547a583f417c5c
ruby-mode-1.8.5-5.el5_2.3.i386.rpm     7ac882d65ae11560af873d5ef7b8f009
ruby-rdoc-1.8.5-5.el5_2.3.i386.rpm     dcb170a72fce8b71da59577673a6b6d5
ruby-ri-1.8.5-5.el5_2.3.i386.rpm     2de72f66ceea3706b00de351c611b6c6
ruby-tcltk-1.8.5-5.el5_2.3.i386.rpm     3cbcfe1c4d688714cf313c678e3de4b0
 
IA-64:
ruby-1.8.5-5.el5_2.3.ia64.rpm     ceba63010a7429db5548062d1a471d1d
ruby-devel-1.8.5-5.el5_2.3.ia64.rpm     d49ad8fcb73d76bdf8b8ddf74ddda46f
ruby-docs-1.8.5-5.el5_2.3.ia64.rpm     83e71ca80d79057a6a5b6bfbd218ea33
ruby-irb-1.8.5-5.el5_2.3.ia64.rpm     f3f13a542210cff709e66aab6c0e9798
ruby-libs-1.8.5-5.el5_2.3.ia64.rpm     80473f5178af56715bb9f952623466bc
ruby-mode-1.8.5-5.el5_2.3.ia64.rpm     3267562064bf3a1fdf255058efa911db
ruby-rdoc-1.8.5-5.el5_2.3.ia64.rpm     65904dfdfa6957dc4402ee508544a80a
ruby-ri-1.8.5-5.el5_2.3.ia64.rpm     0bdc2efbd26b1073b7cb7e272ab315f5
ruby-tcltk-1.8.5-5.el5_2.3.ia64.rpm     1efa9b7a24bc6b65df7b7d0e2fc57f51
 
PPC:
ruby-1.8.5-5.el5_2.3.ppc.rpm     a6f6fd4db8627c29b093a57859eecefe
ruby-devel-1.8.5-5.el5_2.3.ppc.rpm     66518cfb8c16229e572af75817df2d40
ruby-devel-1.8.5-5.el5_2.3.ppc64.rpm     8b7856183240bc7f3650d6e930fac2ad
ruby-docs-1.8.5-5.el5_2.3.ppc.rpm     a29d3e0457b150effdee6af20bc02d82
ruby-irb-1.8.5-5.el5_2.3.ppc.rpm     277a36e4483713d2792bcf2214fdd9b2
ruby-libs-1.8.5-5.el5_2.3.ppc.rpm     fb8b77fd2b4760fc24721d9036e60969
ruby-libs-1.8.5-5.el5_2.3.ppc64.rpm     8049b9f716a616e1d694a0d7acf7efb0
ruby-mode-1.8.5-5.el5_2.3.ppc.rpm     7372eb24e94fdce3ba07d80fc3c561ef
ruby-rdoc-1.8.5-5.el5_2.3.ppc.rpm     d14d444169a98b40cfb0d2aac119600c
ruby-ri-1.8.5-5.el5_2.3.ppc.rpm     c25b2deddc6fef55d2f3f6b6d8bd35d9
ruby-tcltk-1.8.5-5.el5_2.3.ppc.rpm     b22ed04270dbebfd9b4047106f095f13
 
s390x:
ruby-1.8.5-5.el5_2.3.s390x.rpm     23ee9255f21ff237232da2aad797ace2
ruby-devel-1.8.5-5.el5_2.3.s390.rpm     7d89c524ba8db732282fa88d92453329
ruby-devel-1.8.5-5.el5_2.3.s390x.rpm     c02577c1120a4dae54aed16c7edb455b
ruby-docs-1.8.5-5.el5_2.3.s390x.rpm     662e7769b7d5ab6be955c5d3a8a38198
ruby-irb-1.8.5-5.el5_2.3.s390x.rpm     4d74cb2716b7e6d6f6e9b8f09bf5862a
ruby-libs-1.8.5-5.el5_2.3.s390.rpm     d324ea547da0b29a029fd5e4d20d7a2e
ruby-libs-1.8.5-5.el5_2.3.s390x.rpm     969f79b9e818fd40a75f2182fed3975f
ruby-mode-1.8.5-5.el5_2.3.s390x.rpm     952740d9606b387ba948a7aac1e5781c
ruby-rdoc-1.8.5-5.el5_2.3.s390x.rpm     dd5aeb00a63712ea066b1853df9acda7
ruby-ri-1.8.5-5.el5_2.3.s390x.rpm     85f8c2361a1ece08c668bf2fffbbcdfe
ruby-tcltk-1.8.5-5.el5_2.3.s390x.rpm     ef98e6065ea95c2284372d96b4c4fbc4
 
x86_64:
ruby-1.8.5-5.el5_2.3.x86_64.rpm     15a7695b7c6b0faf194a7e0ee45007ca
ruby-devel-1.8.5-5.el5_2.3.i386.rpm     f755c3511b6d9260efc6b5b5ae74ce91
ruby-devel-1.8.5-5.el5_2.3.x86_64.rpm     f5fea8aa7b42ab5d9ae98d01a21b348f
ruby-docs-1.8.5-5.el5_2.3.x86_64.rpm     d127b0e74a3e7ca6ed82e35c9b2698b5
ruby-irb-1.8.5-5.el5_2.3.x86_64.rpm     4dc22a0766606957fd05a062a2a65afd
ruby-libs-1.8.5-5.el5_2.3.i386.rpm     97e7ffb1bc261f9cd8547a583f417c5c
ruby-libs-1.8.5-5.el5_2.3.x86_64.rpm     3bf1b77fce965f0488db9fc121dc4a1e
ruby-mode-1.8.5-5.el5_2.3.x86_64.rpm     5e0220e4cf82ba13744f795f9ebbdf77
ruby-rdoc-1.8.5-5.el5_2.3.x86_64.rpm     bccf280e775e7f247925a7bcc5aedcae
ruby-ri-1.8.5-5.el5_2.3.x86_64.rpm     c7a1d910ec1bb4c7a3e507caa8d7d768
ruby-tcltk-1.8.5-5.el5_2.3.x86_64.rpm     b08fc3f477329b8c09ebfa2aec4eae40
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
ruby-1.8.1-7.el4_6.1.src.rpm     ca521cd1d9dbb44d362ee4a7c42a9ca0
 
IA-32:
irb-1.8.1-7.el4_6.1.i386.rpm     aa476683831cebc503b965f8655e7fb8
ruby-1.8.1-7.el4_6.1.i386.rpm     1ced50e6baff2ae27dc610ade4652a77
ruby-devel-1.8.1-7.el4_6.1.i386.rpm     67d4ad9115fdc4c8ca9f8d2c3c10ba1f
ruby-docs-1.8.1-7.el4_6.1.i386.rpm     a49464629b3858035974473e234fe562
ruby-libs-1.8.1-7.el4_6.1.i386.rpm     0f1d526196630c209b1054e6965c5040
ruby-mode-1.8.1-7.el4_6.1.i386.rpm     ab352ca6f4b7e1ccaca8fbb6578e3c1e
ruby-tcltk-1.8.1-7.el4_6.1.i386.rpm     e51243c17dc14a7b0582dac1fdfdc619
 
IA-64:
irb-1.8.1-7.el4_6.1.ia64.rpm     0f9097fc8cf06f306bec177e861cef88
ruby-1.8.1-7.el4_6.1.ia64.rpm     aa9bf93dcdfcd55a031c98e81227308c
ruby-devel-1.8.1-7.el4_6.1.ia64.rpm     8925cfe0ced5322a7a0fe78e7ab0e2fc
ruby-docs-1.8.1-7.el4_6.1.ia64.rpm     168343a0020547ddec90ce093e6d7b8f
ruby-libs-1.8.1-7.el4_6.1.i386.rpm     0f1d526196630c209b1054e6965c5040
ruby-libs-1.8.1-7.el4_6.1.ia64.rpm     1102a72d595548dcc35a2d91954fb624
ruby-mode-1.8.1-7.el4_6.1.ia64.rpm     8c09034116bc91415d97086f3bd5f344
ruby-tcltk-1.8.1-7.el4_6.1.ia64.rpm     c476180837f80a52418c45e3eee887df
 
PPC:
irb-1.8.1-7.el4_6.1.ppc.rpm     d1cc6f7c0e2c297147ec6fc97c3e10b5
ruby-1.8.1-7.el4_6.1.ppc.rpm     20a7de9c06b2d12342ed807b1d3a6483
ruby-devel-1.8.1-7.el4_6.1.ppc.rpm     e8514d1326d84fa378f22d11309c8116
ruby-docs-1.8.1-7.el4_6.1.ppc.rpm     6d10d607e184903543261196a98745a4
ruby-libs-1.8.1-7.el4_6.1.ppc.rpm     93202d216222bcc5621e1b52d8b72b2e
ruby-libs-1.8.1-7.el4_6.1.ppc64.rpm     78cb7a08fa092df326ee87f3cd63cfdd
ruby-mode-1.8.1-7.el4_6.1.ppc.rpm     913f0a6414bfafc4b7f50d338f980643
ruby-tcltk-1.8.1-7.el4_6.1.ppc.rpm     bef5a01c0fa40d3e1e574d5b0d5c711d
 
s390:
irb-1.8.1-7.el4_6.1.s390.rpm     33b8f5b3c56a3803b7899d8cff6d6bdb
ruby-1.8.1-7.el4_6.1.s390.rpm     0ebaaf2dcbfed074c93fbef2fbf4088c
ruby-devel-1.8.1-7.el4_6.1.s390.rpm     f88a9f7ea44a9f4df0fd7c28ba93667f
ruby-docs-1.8.1-7.el4_6.1.s390.rpm     a118bfef31391c6a6c770f1475aa1811
ruby-libs-1.8.1-7.el4_6.1.s390.rpm     9f526a7cd0236c95a61a64cf16082309
ruby-mode-1.8.1-7.el4_6.1.s390.rpm     cc2de73e40faf21cd069c4e50e3d33e3
ruby-tcltk-1.8.1-7.el4_6.1.s390.rpm     4538c6c01b07ea0467cb43b62c6701d8
 
s390x:
irb-1.8.1-7.el4_6.1.s390x.rpm     a85405b2b78a0c59c4210427d2bf9d19
ruby-1.8.1-7.el4_6.1.s390x.rpm     2292804a32303179f77c7ee75038bb30
ruby-devel-1.8.1-7.el4_6.1.s390x.rpm     845f1eaa2c0320059b88ec11051db725
ruby-docs-1.8.1-7.el4_6.1.s390x.rpm     855c2648824de297804f1f61f6081bf6
ruby-libs-1.8.1-7.el4_6.1.s390.rpm     9f526a7cd0236c95a61a64cf16082309
ruby-libs-1.8.1-7.el4_6.1.s390x.rpm     0579a11fe2375925e81fe42a6bc4d6ae
ruby-mode-1.8.1-7.el4_6.1.s390x.rpm     1be35f835c23636c844a125a807fbdab
ruby-tcltk-1.8.1-7.el4_6.1.s390x.rpm     3d74975799921a4f1a7002113a6ccea6
 
x86_64:
irb-1.8.1-7.el4_6.1.x86_64.rpm     891038d9704c1dec627448642aae5dc2
ruby-1.8.1-7.el4_6.1.x86_64.rpm     be002ddaef2c09e6a927611b47c4e9a0
ruby-devel-1.8.1-7.el4_6.1.x86_64.rpm     f127c2d83f7b285f03c7dc1ac37e9968
ruby-docs-1.8.1-7.el4_6.1.x86_64.rpm     d3d184ebb508acf0a8b68b0179998fdf
ruby-libs-1.8.1-7.el4_6.1.i386.rpm     0f1d526196630c209b1054e6965c5040
ruby-libs-1.8.1-7.el4_6.1.x86_64.rpm     eed2737b95dc6b0da160436f0b3d73a0
ruby-mode-1.8.1-7.el4_6.1.x86_64.rpm     4035c0574ee29b94aac8f8b25255bc17
ruby-tcltk-1.8.1-7.el4_6.1.x86_64.rpm     d473d4f32bc5d4ce424dea86f0734b57
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
ruby-1.8.5-5.el5_2.3.src.rpm     1aea1d9659f762a318d05e69846b19f5
 
IA-32:
ruby-1.8.5-5.el5_2.3.i386.rpm     3f4d1ec07954f30708e036f2fcc40742
ruby-docs-1.8.5-5.el5_2.3.i386.rpm     08b612fa7cd2157967862d41c074234e
ruby-irb-1.8.5-5.el5_2.3.i386.rpm     6655f4c0ee60d0237a5ff6a80edba27d
ruby-libs-1.8.5-5.el5_2.3.i386.rpm     97e7ffb1bc261f9cd8547a583f417c5c
ruby-rdoc-1.8.5-5.el5_2.3.i386.rpm     dcb170a72fce8b71da59577673a6b6d5
ruby-ri-1.8.5-5.el5_2.3.i386.rpm     2de72f66ceea3706b00de351c611b6c6
ruby-tcltk-1.8.5-5.el5_2.3.i386.rpm     3cbcfe1c4d688714cf313c678e3de4b0
 
x86_64:
ruby-1.8.5-5.el5_2.3.x86_64.rpm     15a7695b7c6b0faf194a7e0ee45007ca
ruby-docs-1.8.5-5.el5_2.3.x86_64.rpm     d127b0e74a3e7ca6ed82e35c9b2698b5
ruby-irb-1.8.5-5.el5_2.3.x86_64.rpm     4dc22a0766606957fd05a062a2a65afd
ruby-libs-1.8.5-5.el5_2.3.i386.rpm     97e7ffb1bc261f9cd8547a583f417c5c
ruby-libs-1.8.5-5.el5_2.3.x86_64.rpm     3bf1b77fce965f0488db9fc121dc4a1e
ruby-rdoc-1.8.5-5.el5_2.3.x86_64.rpm     bccf280e775e7f247925a7bcc5aedcae
ruby-ri-1.8.5-5.el5_2.3.x86_64.rpm     c7a1d910ec1bb4c7a3e507caa8d7d768
ruby-tcltk-1.8.5-5.el5_2.3.x86_64.rpm     b08fc3f477329b8c09ebfa2aec4eae40
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
ruby-1.8.1-7.el4_6.1.src.rpm     ca521cd1d9dbb44d362ee4a7c42a9ca0
 
IA-32:
irb-1.8.1-7.el4_6.1.i386.rpm     aa476683831cebc503b965f8655e7fb8
ruby-1.8.1-7.el4_6.1.i386.rpm     1ced50e6baff2ae27dc610ade4652a77
ruby-devel-1.8.1-7.el4_6.1.i386.rpm     67d4ad9115fdc4c8ca9f8d2c3c10ba1f
ruby-docs-1.8.1-7.el4_6.1.i386.rpm     a49464629b3858035974473e234fe562
ruby-libs-1.8.1-7.el4_6.1.i386.rpm     0f1d526196630c209b1054e6965c5040
ruby-mode-1.8.1-7.el4_6.1.i386.rpm     ab352ca6f4b7e1ccaca8fbb6578e3c1e
ruby-tcltk-1.8.1-7.el4_6.1.i386.rpm     e51243c17dc14a7b0582dac1fdfdc619
 
IA-64:
irb-1.8.1-7.el4_6.1.ia64.rpm     0f9097fc8cf06f306bec177e861cef88
ruby-1.8.1-7.el4_6.1.ia64.rpm     aa9bf93dcdfcd55a031c98e81227308c
ruby-devel-1.8.1-7.el4_6.1.ia64.rpm     8925cfe0ced5322a7a0fe78e7ab0e2fc
ruby-docs-1.8.1-7.el4_6.1.ia64.rpm     168343a0020547ddec90ce093e6d7b8f
ruby-libs-1.8.1-7.el4_6.1.i386.rpm     0f1d526196630c209b1054e6965c5040
ruby-libs-1.8.1-7.el4_6.1.ia64.rpm     1102a72d595548dcc35a2d91954fb624
ruby-mode-1.8.1-7.el4_6.1.ia64.rpm     8c09034116bc91415d97086f3bd5f344
ruby-tcltk-1.8.1-7.el4_6.1.ia64.rpm     c476180837f80a52418c45e3eee887df
 
x86_64:
irb-1.8.1-7.el4_6.1.x86_64.rpm     891038d9704c1dec627448642aae5dc2
ruby-1.8.1-7.el4_6.1.x86_64.rpm     be002ddaef2c09e6a927611b47c4e9a0
ruby-devel-1.8.1-7.el4_6.1.x86_64.rpm     f127c2d83f7b285f03c7dc1ac37e9968
ruby-docs-1.8.1-7.el4_6.1.x86_64.rpm     d3d184ebb508acf0a8b68b0179998fdf
ruby-libs-1.8.1-7.el4_6.1.i386.rpm     0f1d526196630c209b1054e6965c5040
ruby-libs-1.8.1-7.el4_6.1.x86_64.rpm     eed2737b95dc6b0da160436f0b3d73a0
ruby-mode-1.8.1-7.el4_6.1.x86_64.rpm     4035c0574ee29b94aac8f8b25255bc17
ruby-tcltk-1.8.1-7.el4_6.1.x86_64.rpm     d473d4f32bc5d4ce424dea86f0734b57
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
ruby-1.8.1-7.el4_6.1.src.rpm     ca521cd1d9dbb44d362ee4a7c42a9ca0
 
IA-32:
irb-1.8.1-7.el4_6.1.i386.rpm     aa476683831cebc503b965f8655e7fb8
ruby-1.8.1-7.el4_6.1.i386.rpm     1ced50e6baff2ae27dc610ade4652a77
ruby-devel-1.8.1-7.el4_6.1.i386.rpm     67d4ad9115fdc4c8ca9f8d2c3c10ba1f
ruby-docs-1.8.1-7.el4_6.1.i386.rpm     a49464629b3858035974473e234fe562
ruby-libs-1.8.1-7.el4_6.1.i386.rpm     0f1d526196630c209b1054e6965c5040
ruby-mode-1.8.1-7.el4_6.1.i386.rpm     ab352ca6f4b7e1ccaca8fbb6578e3c1e
ruby-tcltk-1.8.1-7.el4_6.1.i386.rpm     e51243c17dc14a7b0582dac1fdfdc619
 
IA-64:
irb-1.8.1-7.el4_6.1.ia64.rpm     0f9097fc8cf06f306bec177e861cef88
ruby-1.8.1-7.el4_6.1.ia64.rpm     aa9bf93dcdfcd55a031c98e81227308c
ruby-devel-1.8.1-7.el4_6.1.ia64.rpm     8925cfe0ced5322a7a0fe78e7ab0e2fc
ruby-docs-1.8.1-7.el4_6.1.ia64.rpm     168343a0020547ddec90ce093e6d7b8f
ruby-libs-1.8.1-7.el4_6.1.i386.rpm     0f1d526196630c209b1054e6965c5040
ruby-libs-1.8.1-7.el4_6.1.ia64.rpm     1102a72d595548dcc35a2d91954fb624
ruby-mode-1.8.1-7.el4_6.1.ia64.rpm     8c09034116bc91415d97086f3bd5f344
ruby-tcltk-1.8.1-7.el4_6.1.ia64.rpm     c476180837f80a52418c45e3eee887df
 
x86_64:
irb-1.8.1-7.el4_6.1.x86_64.rpm     891038d9704c1dec627448642aae5dc2
ruby-1.8.1-7.el4_6.1.x86_64.rpm     be002ddaef2c09e6a927611b47c4e9a0
ruby-devel-1.8.1-7.el4_6.1.x86_64.rpm     f127c2d83f7b285f03c7dc1ac37e9968
ruby-docs-1.8.1-7.el4_6.1.x86_64.rpm     d3d184ebb508acf0a8b68b0179998fdf
ruby-libs-1.8.1-7.el4_6.1.i386.rpm     0f1d526196630c209b1054e6965c5040
ruby-libs-1.8.1-7.el4_6.1.x86_64.rpm     eed2737b95dc6b0da160436f0b3d73a0
ruby-mode-1.8.1-7.el4_6.1.x86_64.rpm     4035c0574ee29b94aac8f8b25255bc17
ruby-tcltk-1.8.1-7.el4_6.1.x86_64.rpm     d473d4f32bc5d4ce424dea86f0734b57
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

450821 - CVE-2008-2662 ruby: Integer overflows in rb_str_buf_append()
450825 - CVE-2008-2663 ruby: Integer overflows in rb_ary_store()
450834 - CVE-2008-2664 ruby: Unsafe use of alloca in rb_str_format()
451821 - CVE-2008-2725 ruby: integer overflow in rb_ary_splice/update/replace() - REALLOC_N
451828 - CVE-2008-2726 ruby: integer overflow in rb_ary_splice/update/replace() - beg + rlen
453589 - CVE-2008-2376 ruby: integer overflows in rb_ary_fill() / Array#fill


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/


[***** End Red Hat  RHSA-2008:0561-7 *****]
CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin.
CIAC services are available to DOE, DOE Contractors, and the NIH. CIAC can be contacted at: 
    Voice:          +1 925-422-8193 (7 x 24)
    FAX:            +1 925-423-8002
    STU-III:        +1 925-423-2604
    E-mail:          ciac@ciac.org
    World Wide Web:  http://www.ciac.org/
    Anonymous FTP:   ftp.ciac.org
This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes.
UCRL-MI-119788
[Privacy and Legal Notice]