Oval Definition:oval:com.redhat.rhsa:def:20050543
Revision Date:2005-08-05Version:502
Title:RHSA-2005:543: ruby security update (Moderate)
Description:Ruby is an interpreted scripting language for object-oriented programming.

A bug was found in the way Ruby launched an XMLRPC server. If an XMLRPC server is launched in a certain way, it becomes possible for a remote attacker to execute arbitrary commands within the XMLRPC server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1992 to this issue.

Users of Ruby should update to these erratum packages, which contain a backported patch and are not vulnerable to this issue.
Family:unixClass:patch
Status:Reference(s):CVE-2005-1992
RHSA-2005:543-01
Platform(s):Red Hat Enterprise Linux 4
Product(s):
Definition Synopsis
  • Red Hat Enterprise Linux 4 is installed
  • AND Package Information
  • ruby-docs is earlier than 0:1.8.1-7.EL4.1
  • AND ruby-docs is signed with Red Hat master key
  • OR
  • irb is earlier than 0:1.8.1-7.EL4.1
  • AND irb is signed with Red Hat master key
  • OR
  • ruby-mode is earlier than 0:1.8.1-7.EL4.1
  • AND ruby-mode is signed with Red Hat master key
  • OR
  • ruby-tcltk is earlier than 0:1.8.1-7.EL4.1
  • AND ruby-tcltk is signed with Red Hat master key
  • OR
  • ruby-libs is earlier than 0:1.8.1-7.EL4.1
  • AND ruby-libs is signed with Red Hat master key
  • OR
  • ruby is earlier than 0:1.8.1-7.EL4.1
  • AND ruby is signed with Red Hat master key
  • OR
  • ruby-devel is earlier than 0:1.8.1-7.EL4.1
  • AND ruby-devel is signed with Red Hat master key
    • BACK