Oval Definition:oval:com.redhat.rhsa:def:20040441
Revision Date:2004-09-30Version:502
Title:RHSA-2004:441: ruby security update (Low)
Description:Ruby is an interpreted scripting language for object-oriented programming.

Andres Salomon reported an insecure file permissions flaw in the CGI session management of Ruby. FileStore created world readable files that could allow a malicious local user the ability to read CGI session data. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0755 to this issue.

Users are advised to upgrade to this erratum package, which contains a backported patch to CGI::Session FileStore.
Family:unixClass:patch
Status:Reference(s):CVE-2004-0755
RHSA-2004:441-01
Platform(s):Red Hat Enterprise Linux 3
Product(s):
Definition Synopsis
  • Red Hat Enterprise Linux 3 is installed
  • AND Package Information
  • ruby-docs is earlier than 0:1.6.8-9.EL3.2
  • AND ruby-docs is signed with Red Hat master key
  • OR
  • irb is earlier than 0:1.6.8-9.EL3.2
  • AND irb is signed with Red Hat master key
  • OR
  • ruby-mode is earlier than 0:1.6.8-9.EL3.2
  • AND ruby-mode is signed with Red Hat master key
  • OR
  • ruby-tcltk is earlier than 0:1.6.8-9.EL3.2
  • AND ruby-tcltk is signed with Red Hat master key
  • OR
  • ruby-libs is earlier than 0:1.6.8-9.EL3.2
  • AND ruby-libs is signed with Red Hat master key
  • OR
  • ruby is earlier than 0:1.6.8-9.EL3.2
  • AND ruby is signed with Red Hat master key
  • OR
  • ruby-devel is earlier than 0:1.6.8-9.EL3.2
  • AND ruby-devel is signed with Red Hat master key
    • BACK