Oval Definition:oval:com.redhat.rhsa:def:20070961
Revision Date:2007-11-13Version:637
Title:RHSA-2007:0961: ruby security update (Moderate)
Description:Ruby is an interpreted scripting language for object-oriented programming.

  • A flaw was discovered in the way Ruby's CGI module handles certain HTTP requests. If a remote attacker sends a specially crafted request, it is possible to cause the ruby CGI script to enter an infinite loop, possibly causing a denial of service. (CVE-2006-6303)

  • An SSL certificate validation flaw was discovered in several Ruby Net modules. The libraries were not checking the requested host name against the common name (CN) in the SSL server certificate, possibly allowing a man in the middle attack. (CVE-2007-5162, CVE-2007-5770)

    Users of Ruby should upgrade to these updated packages, which contain backported patches to resolve these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2006-6303
    CVE-2007-5162
    CVE-2007-5770
    RHSA-2007:0961
    RHSA-2007:0961-01
    RHSA-2007:0961-01
    Platform(s):Red Hat Enterprise Linux 4
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • irb is earlier than 0:1.8.1-7.EL4.8.1
  • AND irb is signed with Red Hat redhatrelease2 key
  • ruby is earlier than 0:1.8.1-7.EL4.8.1
  • AND ruby is signed with Red Hat redhatrelease2 key
  • ruby-devel is earlier than 0:1.8.1-7.EL4.8.1
  • AND ruby-devel is signed with Red Hat redhatrelease2 key
  • ruby-docs is earlier than 0:1.8.1-7.EL4.8.1
  • AND ruby-docs is signed with Red Hat redhatrelease2 key
  • ruby-libs is earlier than 0:1.8.1-7.EL4.8.1
  • AND ruby-libs is signed with Red Hat redhatrelease2 key
  • ruby-mode is earlier than 0:1.8.1-7.EL4.8.1
  • AND ruby-mode is signed with Red Hat redhatrelease2 key
  • ruby-tcltk is earlier than 0:1.8.1-7.EL4.8.1
  • AND ruby-tcltk is signed with Red Hat redhatrelease2 key
    • BACK