Oval Definition:	oval:com.redhat.rhsa:def:20080896
Revision Date: 2008-10-21 Version: 635 Title: RHSA-2008:0896: ruby security update (Moderate) Description: Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655) A denial of service flaw was found in Ruby's regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite-loop and crash. (CVE-2008-3443) Users of ruby should upgrade to these updated packages, which contain backported patches to resolve these issues. Family: unix Class: patch Status: Reference(s): CVE-2008-3443 CVE-2008-3655 CVE-2008-3905 RHSA-2008:0896 RHSA-2008:0896-01 RHSA-2008:0896-01 Platform(s): Red Hat Enterprise Linux 3 Product(s): Definition Synopsis Red Hat Enterprise Linux must be installed OR Package Information Red Hat Enterprise Linux 3 is installed AND ruby-mode is earlier than 0:1.6.8-13.el3 AND ruby-mode is signed with Red Hat master key irb is earlier than 0:1.6.8-13.el3 AND irb is signed with Red Hat master key ruby-tcltk is earlier than 0:1.6.8-13.el3 AND ruby-tcltk is signed with Red Hat master key ruby is earlier than 0:1.6.8-13.el3 AND ruby is signed with Red Hat master key ruby-libs is earlier than 0:1.6.8-13.el3 AND ruby-libs is signed with Red Hat master key ruby-docs is earlier than 0:1.6.8-13.el3 AND ruby-docs is signed with Red Hat master key ruby-devel is earlier than 0:1.6.8-13.el3 AND ruby-devel is signed with Red Hat master key
BACK