LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Moderate: ruby security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated ruby packages that fix an arbitrary command execution issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: ruby security update
Advisory ID:       RHSA-2005:543-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-543.html
Issue date:        2005-08-05
Updated on:        2005-08-05
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-1992
- ---------------------------------------------------------------------

1. Summary:

Updated ruby packages that fix an arbitrary command execution issue are now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Ruby is an interpreted scripting language for object-oriented programming.

A bug was found in the way Ruby launched an XMLRPC server. If an XMLRPC
server is launched in a certain way, it becomes possible for a remote
attacker to execute arbitrary commands within the XMLRPC server. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-1992 to this issue. 

Users of Ruby should update to these erratum packages, which contain a
backported patch and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

161095 - CAN-2005-1992 ruby arbitrary command execution on XMLRPC server


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ruby-1.8.1-7.EL4.1.src.rpm
31372062f0d881ce2c91e2d187b029d5  ruby-1.8.1-7.EL4.1.src.rpm

i386:
b9ab29ce32e70dd5471de91560bdd4f6  irb-1.8.1-7.EL4.1.i386.rpm
eba2cc72188020b2b9bbc5bbde939bb8  ruby-1.8.1-7.EL4.1.i386.rpm
4257ac1ab4709dfa464f81054bd12c39  ruby-devel-1.8.1-7.EL4.1.i386.rpm
dedecf5621f2859495d52f0b02282841  ruby-docs-1.8.1-7.EL4.1.i386.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7  ruby-libs-1.8.1-7.EL4.1.i386.rpm
c380cbac78da65fbb897c646cb3b5459  ruby-mode-1.8.1-7.EL4.1.i386.rpm
e9e56dd4415929b52a4c90d6839659b9  ruby-tcltk-1.8.1-7.EL4.1.i386.rpm

ia64:
ed8843b0bfe19091e0c533d8db33196c  irb-1.8.1-7.EL4.1.ia64.rpm
4c5ce3e8cbb7c57cee6f66849fc763cc  ruby-1.8.1-7.EL4.1.ia64.rpm
34e76823bfaeda823383bde64d0df4e0  ruby-devel-1.8.1-7.EL4.1.ia64.rpm
21647391f11e72744b0be03dc8028602  ruby-docs-1.8.1-7.EL4.1.ia64.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7  ruby-libs-1.8.1-7.EL4.1.i386.rpm
b4073db97e76467866f7d85a45765595  ruby-libs-1.8.1-7.EL4.1.ia64.rpm
fa21b028a1b2a5799def731cb846b344  ruby-mode-1.8.1-7.EL4.1.ia64.rpm
193f81cc54cf1227b139a6e5ac119ea6  ruby-tcltk-1.8.1-7.EL4.1.ia64.rpm

ppc:
beb4d0fdf8d2f5f38651eba62dd6ba9e  irb-1.8.1-7.EL4.1.ppc.rpm
d8ed91625d984f15bd6c9b352e54aaec  ruby-1.8.1-7.EL4.1.ppc.rpm
cc105ec506abbd823bf8dc80fb7cec08  ruby-devel-1.8.1-7.EL4.1.ppc.rpm
51920db16a6ee64764898987d2026448  ruby-docs-1.8.1-7.EL4.1.ppc.rpm
b0c61ce2d92fc642e9b6d52c66e8040e  ruby-libs-1.8.1-7.EL4.1.ppc.rpm
a46badf51f3138a6620391f246729b0f  ruby-libs-1.8.1-7.EL4.1.ppc64.rpm
25c298da4b472459db1fc2b40c8db701  ruby-mode-1.8.1-7.EL4.1.ppc.rpm
60271fc79cbdff10cf5cb1ef722a39bd  ruby-tcltk-1.8.1-7.EL4.1.ppc.rpm

s390:
04aa2db064a7a762e5389b235b5daa91  irb-1.8.1-7.EL4.1.s390.rpm
f72f12eed8b173cb92bb511b1dbf3302  ruby-1.8.1-7.EL4.1.s390.rpm
6f86c9e7b69193900f580ede127b60b2  ruby-devel-1.8.1-7.EL4.1.s390.rpm
0b7143547b88db11492d4864cb701880  ruby-docs-1.8.1-7.EL4.1.s390.rpm
243c6aaea67f84a658fab8b8c31244db  ruby-libs-1.8.1-7.EL4.1.s390.rpm
40cdfa4be97de9aad1a6a9da689c059a  ruby-mode-1.8.1-7.EL4.1.s390.rpm
f2e934e2ebfdf5a6191106aec522a892  ruby-tcltk-1.8.1-7.EL4.1.s390.rpm

s390x:
11a8a4d354b51334138a0ea477bb4fd7  irb-1.8.1-7.EL4.1.s390x.rpm
f02bb4e23c656ab468d1537c1190a61c  ruby-1.8.1-7.EL4.1.s390x.rpm
63139e897479ddaf3e054e59fcd08526  ruby-devel-1.8.1-7.EL4.1.s390x.rpm
3e6448faa84b800efa597db361263727  ruby-docs-1.8.1-7.EL4.1.s390x.rpm
243c6aaea67f84a658fab8b8c31244db  ruby-libs-1.8.1-7.EL4.1.s390.rpm
cc7f3c4f5c0435cc6120a12781b2d5d4  ruby-libs-1.8.1-7.EL4.1.s390x.rpm
c9ea680fbc08965381d30fe5bb471da0  ruby-mode-1.8.1-7.EL4.1.s390x.rpm
295e384de3ce95eb0f0bcdaeda286d8d  ruby-tcltk-1.8.1-7.EL4.1.s390x.rpm

x86_64:
bc12397f3bb00edddf14f64f74ab67ba  irb-1.8.1-7.EL4.1.x86_64.rpm
b26063e6a2aa63710e6944d5bb79b453  ruby-1.8.1-7.EL4.1.x86_64.rpm
427f4782a84142f57a1af1b7c61cdf9d  ruby-devel-1.8.1-7.EL4.1.x86_64.rpm
f0c0d0ea9a30b3d3f66dfd8373e9b499  ruby-docs-1.8.1-7.EL4.1.x86_64.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7  ruby-libs-1.8.1-7.EL4.1.i386.rpm
1725ca62b635102dfcbb093227acb20c  ruby-libs-1.8.1-7.EL4.1.x86_64.rpm
8cc745ce2f953090fb82ba0b85a0b63c  ruby-mode-1.8.1-7.EL4.1.x86_64.rpm
4bb79c1c55987a45937382465bc4522f  ruby-tcltk-1.8.1-7.EL4.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ruby-1.8.1-7.EL4.1.src.rpm
31372062f0d881ce2c91e2d187b029d5  ruby-1.8.1-7.EL4.1.src.rpm

i386:
b9ab29ce32e70dd5471de91560bdd4f6  irb-1.8.1-7.EL4.1.i386.rpm
eba2cc72188020b2b9bbc5bbde939bb8  ruby-1.8.1-7.EL4.1.i386.rpm
4257ac1ab4709dfa464f81054bd12c39  ruby-devel-1.8.1-7.EL4.1.i386.rpm
dedecf5621f2859495d52f0b02282841  ruby-docs-1.8.1-7.EL4.1.i386.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7  ruby-libs-1.8.1-7.EL4.1.i386.rpm
c380cbac78da65fbb897c646cb3b5459  ruby-mode-1.8.1-7.EL4.1.i386.rpm
e9e56dd4415929b52a4c90d6839659b9  ruby-tcltk-1.8.1-7.EL4.1.i386.rpm

x86_64:
bc12397f3bb00edddf14f64f74ab67ba  irb-1.8.1-7.EL4.1.x86_64.rpm
b26063e6a2aa63710e6944d5bb79b453  ruby-1.8.1-7.EL4.1.x86_64.rpm
427f4782a84142f57a1af1b7c61cdf9d  ruby-devel-1.8.1-7.EL4.1.x86_64.rpm
f0c0d0ea9a30b3d3f66dfd8373e9b499  ruby-docs-1.8.1-7.EL4.1.x86_64.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7  ruby-libs-1.8.1-7.EL4.1.i386.rpm
1725ca62b635102dfcbb093227acb20c  ruby-libs-1.8.1-7.EL4.1.x86_64.rpm
8cc745ce2f953090fb82ba0b85a0b63c  ruby-mode-1.8.1-7.EL4.1.x86_64.rpm
4bb79c1c55987a45937382465bc4522f  ruby-tcltk-1.8.1-7.EL4.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ruby-1.8.1-7.EL4.1.src.rpm
31372062f0d881ce2c91e2d187b029d5  ruby-1.8.1-7.EL4.1.src.rpm

i386:
b9ab29ce32e70dd5471de91560bdd4f6  irb-1.8.1-7.EL4.1.i386.rpm
eba2cc72188020b2b9bbc5bbde939bb8  ruby-1.8.1-7.EL4.1.i386.rpm
4257ac1ab4709dfa464f81054bd12c39  ruby-devel-1.8.1-7.EL4.1.i386.rpm
dedecf5621f2859495d52f0b02282841  ruby-docs-1.8.1-7.EL4.1.i386.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7  ruby-libs-1.8.1-7.EL4.1.i386.rpm
c380cbac78da65fbb897c646cb3b5459  ruby-mode-1.8.1-7.EL4.1.i386.rpm
e9e56dd4415929b52a4c90d6839659b9  ruby-tcltk-1.8.1-7.EL4.1.i386.rpm

ia64:
ed8843b0bfe19091e0c533d8db33196c  irb-1.8.1-7.EL4.1.ia64.rpm
4c5ce3e8cbb7c57cee6f66849fc763cc  ruby-1.8.1-7.EL4.1.ia64.rpm
34e76823bfaeda823383bde64d0df4e0  ruby-devel-1.8.1-7.EL4.1.ia64.rpm
21647391f11e72744b0be03dc8028602  ruby-docs-1.8.1-7.EL4.1.ia64.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7  ruby-libs-1.8.1-7.EL4.1.i386.rpm
b4073db97e76467866f7d85a45765595  ruby-libs-1.8.1-7.EL4.1.ia64.rpm
fa21b028a1b2a5799def731cb846b344  ruby-mode-1.8.1-7.EL4.1.ia64.rpm
193f81cc54cf1227b139a6e5ac119ea6  ruby-tcltk-1.8.1-7.EL4.1.ia64.rpm

x86_64:
bc12397f3bb00edddf14f64f74ab67ba  irb-1.8.1-7.EL4.1.x86_64.rpm
b26063e6a2aa63710e6944d5bb79b453  ruby-1.8.1-7.EL4.1.x86_64.rpm
427f4782a84142f57a1af1b7c61cdf9d  ruby-devel-1.8.1-7.EL4.1.x86_64.rpm
f0c0d0ea9a30b3d3f66dfd8373e9b499  ruby-docs-1.8.1-7.EL4.1.x86_64.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7  ruby-libs-1.8.1-7.EL4.1.i386.rpm
1725ca62b635102dfcbb093227acb20c  ruby-libs-1.8.1-7.EL4.1.x86_64.rpm
8cc745ce2f953090fb82ba0b85a0b63c  ruby-mode-1.8.1-7.EL4.1.x86_64.rpm
4bb79c1c55987a45937382465bc4522f  ruby-tcltk-1.8.1-7.EL4.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ruby-1.8.1-7.EL4.1.src.rpm
31372062f0d881ce2c91e2d187b029d5  ruby-1.8.1-7.EL4.1.src.rpm

i386:
b9ab29ce32e70dd5471de91560bdd4f6  irb-1.8.1-7.EL4.1.i386.rpm
eba2cc72188020b2b9bbc5bbde939bb8  ruby-1.8.1-7.EL4.1.i386.rpm
4257ac1ab4709dfa464f81054bd12c39  ruby-devel-1.8.1-7.EL4.1.i386.rpm
dedecf5621f2859495d52f0b02282841  ruby-docs-1.8.1-7.EL4.1.i386.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7  ruby-libs-1.8.1-7.EL4.1.i386.rpm
c380cbac78da65fbb897c646cb3b5459  ruby-mode-1.8.1-7.EL4.1.i386.rpm
e9e56dd4415929b52a4c90d6839659b9  ruby-tcltk-1.8.1-7.EL4.1.i386.rpm

ia64:
ed8843b0bfe19091e0c533d8db33196c  irb-1.8.1-7.EL4.1.ia64.rpm
4c5ce3e8cbb7c57cee6f66849fc763cc  ruby-1.8.1-7.EL4.1.ia64.rpm
34e76823bfaeda823383bde64d0df4e0  ruby-devel-1.8.1-7.EL4.1.ia64.rpm
21647391f11e72744b0be03dc8028602  ruby-docs-1.8.1-7.EL4.1.ia64.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7  ruby-libs-1.8.1-7.EL4.1.i386.rpm
b4073db97e76467866f7d85a45765595  ruby-libs-1.8.1-7.EL4.1.ia64.rpm
fa21b028a1b2a5799def731cb846b344  ruby-mode-1.8.1-7.EL4.1.ia64.rpm
193f81cc54cf1227b139a6e5ac119ea6  ruby-tcltk-1.8.1-7.EL4.1.ia64.rpm

x86_64:
bc12397f3bb00edddf14f64f74ab67ba  irb-1.8.1-7.EL4.1.x86_64.rpm
b26063e6a2aa63710e6944d5bb79b453  ruby-1.8.1-7.EL4.1.x86_64.rpm
427f4782a84142f57a1af1b7c61cdf9d  ruby-devel-1.8.1-7.EL4.1.x86_64.rpm
f0c0d0ea9a30b3d3f66dfd8373e9b499  ruby-docs-1.8.1-7.EL4.1.x86_64.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7  ruby-libs-1.8.1-7.EL4.1.i386.rpm
1725ca62b635102dfcbb093227acb20c  ruby-libs-1.8.1-7.EL4.1.x86_64.rpm
8cc745ce2f953090fb82ba0b85a0b63c  ruby-mode-1.8.1-7.EL4.1.x86_64.rpm
4bb79c1c55987a45937382465bc4522f  ruby-tcltk-1.8.1-7.EL4.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1992

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.