-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:225 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ruby Date : December 6, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Another vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS). Updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6303 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: cf4eb0abe6d54c41a9b7e94adbd894ab 2006.0/i586/ruby-1.8.2-7.5.20060mdk.i586.rpm 42a501b32ad7f9c1140d2665a8c35bdf 2006.0/i586/ruby-devel-1.8.2-7.5.20060mdk.i586.rpm fadf1005a3cecb41da322d6472023562 2006.0/i586/ruby-doc-1.8.2-7.5.20060mdk.i586.rpm 6754c4c9f5047d032a15819820595fcb 2006.0/i586/ruby-tk-1.8.2-7.5.20060mdk.i586.rpm fb133b0d4f1b5eb27e67f0eb39772564 2006.0/SRPMS/ruby-1.8.2-7.5.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: a68db589ace220742904a49587e65087 2006.0/x86_64/ruby-1.8.2-7.5.20060mdk.x86_64.rpm 7f14ec97214b7f501c7bcd8963ad2b0a 2006.0/x86_64/ruby-devel-1.8.2-7.5.20060mdk.x86_64.rpm 5b6604fd9628a2312ee2b7f3b4371f45 2006.0/x86_64/ruby-doc-1.8.2-7.5.20060mdk.x86_64.rpm ba38430b90e8b454c7b2228073c4d3dd 2006.0/x86_64/ruby-tk-1.8.2-7.5.20060mdk.x86_64.rpm fb133b0d4f1b5eb27e67f0eb39772564 2006.0/SRPMS/ruby-1.8.2-7.5.20060mdk.src.rpm Mandriva Linux 2007.0: b126d91632869a7a659f7044cbca180c 2007.0/i586/ruby-1.8.5-2.2mdv2007.0.i586.rpm a1414e09dcb3d0c858e3fc5070608e47 2007.0/i586/ruby-devel-1.8.5-2.2mdv2007.0.i586.rpm d6bf66762039af18a6c5f0a8b27d2bfa 2007.0/i586/ruby-doc-1.8.5-2.2mdv2007.0.i586.rpm 017468bee38279e7f42adad194866cff 2007.0/i586/ruby-tk-1.8.5-2.2mdv2007.0.i586.rpm 45e958263f67f96797318621052f1e3f 2007.0/SRPMS/ruby-1.8.5-2.2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 2721a9103870075c0e64dd1a7c01b9a5 2007.0/x86_64/ruby-1.8.5-2.2mdv2007.0.x86_64.rpm 6b6bd12e97b4ddf070849603bea45623 2007.0/x86_64/ruby-devel-1.8.5-2.2mdv2007.0.x86_64.rpm 2e163941297e43e62d2f798a93efe960 2007.0/x86_64/ruby-doc-1.8.5-2.2mdv2007.0.x86_64.rpm d953012dc537a4f6e8343138d8f32f31 2007.0/x86_64/ruby-tk-1.8.5-2.2mdv2007.0.x86_64.rpm 45e958263f67f96797318621052f1e3f 2007.0/SRPMS/ruby-1.8.5-2.2mdv2007.0.src.rpm Corporate 3.0: 95abd86462f84450392cd41ab5946666 corporate/3.0/i586/ruby-1.8.1-1.8.C30mdk.i586.rpm 174fe6c12a1a6a7dbf03f755cf0a57cd corporate/3.0/i586/ruby-devel-1.8.1-1.8.C30mdk.i586.rpm 2d0e7d3f950e7040f6e6c19a921bdb78 corporate/3.0/i586/ruby-doc-1.8.1-1.8.C30mdk.i586.rpm 37fe39a689b25aa2caf193994a5dbf05 corporate/3.0/i586/ruby-tk-1.8.1-1.8.C30mdk.i586.rpm 71b024abd10b00f7e278e39492f98aa6 corporate/3.0/SRPMS/ruby-1.8.1-1.8.C30mdk.src.rpm Corporate 3.0/X86_64: 366a4003551813d500eec00996981abf corporate/3.0/x86_64/ruby-1.8.1-1.8.C30mdk.x86_64.rpm ef95e042be0f3a881ae6a66502c1c905 corporate/3.0/x86_64/ruby-devel-1.8.1-1.8.C30mdk.x86_64.rpm d72e56164f0a0fcb99b190dbb2ce7c2c corporate/3.0/x86_64/ruby-doc-1.8.1-1.8.C30mdk.x86_64.rpm 81c6c9a396d26dea3bd683c2207eb96b corporate/3.0/x86_64/ruby-tk-1.8.1-1.8.C30mdk.x86_64.rpm 71b024abd10b00f7e278e39492f98aa6 corporate/3.0/SRPMS/ruby-1.8.1-1.8.C30mdk.src.rpm Corporate 4.0: 9796f3458efc694c98ab821158a0599b corporate/4.0/i586/ruby-1.8.2-7.5.20060mlcs4.i586.rpm 3578dc2bd6735967f79f43b21b14f8b2 corporate/4.0/i586/ruby-devel-1.8.2-7.5.20060mlcs4.i586.rpm 4505b6152a025ecef599e48c4ef11763 corporate/4.0/i586/ruby-doc-1.8.2-7.5.20060mlcs4.i586.rpm 466b48eb68199179c044b8a0fe5f7a3f corporate/4.0/i586/ruby-tk-1.8.2-7.5.20060mlcs4.i586.rpm b7f41e2f4f5f71e3c2f214c041957533 corporate/4.0/SRPMS/ruby-1.8.2-7.5.20060mlcs4.src.rpm Corporate 4.0/X86_64: 2771fffe29e377ea0bcf594bb94a0f7b corporate/4.0/x86_64/ruby-1.8.2-7.5.20060mlcs4.x86_64.rpm 2d0b06a00590a0dfae303be8079f852a corporate/4.0/x86_64/ruby-devel-1.8.2-7.5.20060mlcs4.x86_64.rpm 87d597d03cc146b1b9ac89e29b7a2879 corporate/4.0/x86_64/ruby-doc-1.8.2-7.5.20060mlcs4.x86_64.rpm ec2d09506bfebab08d523fd258f8136b corporate/4.0/x86_64/ruby-tk-1.8.2-7.5.20060mlcs4.x86_64.rpm b7f41e2f4f5f71e3c2f214c041957533 corporate/4.0/SRPMS/ruby-1.8.2-7.5.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFduZamqjQ0CJFipgRAv9iAKDPZ8d8ORe8hjsnV+kvVFm9ZHsZZwCcD/PC 3qAszwS/61EmGp8G9xExGA8= =cEew -----END PGP SIGNATURE-----