English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: ruby security update
Advisory ID:       RHSA-2006:0427-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0427.html
Issue date:        2006-05-09
Updated on:        2006-05-09
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-1931 
- ---------------------------------------------------------------------

1. Summary:

Updated ruby packages that fix a denial of service issue are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Ruby is an interpreted scripting language for object-oriented programming. 

A bug was found in the way Ruby creates its xmlrpc and http servers. The
servers use a non blocking socket, which enables a remote user to cause a
denial of service condition if they are able to transmit a large volume of
information from the network server. (CVE-2006-1931)

Users of Ruby should update to these erratum packages, which contain a
backported patch and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

189539 - CVE-2006-1931 Ruby http/xmlrpc server DoS

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ruby-1.8.1-7.EL4.3.src.rpm
653a25c251b54bb0cdab2daa45f3f66e  ruby-1.8.1-7.EL4.3.src.rpm

i386:
965760c2d4e817bf3cee4613eae9b9be  irb-1.8.1-7.EL4.3.i386.rpm
4369042fbaf2a27666d098230c8f9f96  ruby-1.8.1-7.EL4.3.i386.rpm
f188f2387d9e63eb82b8028055d94f05  ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
3d0287f5e5565136d12d02c6744a31fe  ruby-devel-1.8.1-7.EL4.3.i386.rpm
1784aa362805586d55de06b042f123fd  ruby-docs-1.8.1-7.EL4.3.i386.rpm
ec380c0cbd972232ecf94554b31d026a  ruby-libs-1.8.1-7.EL4.3.i386.rpm
e5a5d4e524595e7e8d15fef85e88d4a8  ruby-mode-1.8.1-7.EL4.3.i386.rpm
d84e73c7299a19c13738b45e0ff80898  ruby-tcltk-1.8.1-7.EL4.3.i386.rpm

ia64:
c964f8b9e1ce1031788c1d1600a1a572  irb-1.8.1-7.EL4.3.ia64.rpm
a49f9116a26e5d81f2554a8116f5830b  ruby-1.8.1-7.EL4.3.ia64.rpm
f188f2387d9e63eb82b8028055d94f05  ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
e1de852e5017803d1b95c8b51bff5abf  ruby-debuginfo-1.8.1-7.EL4.3.ia64.rpm
9f6b30a53ad4938631b642e8e534a7e2  ruby-devel-1.8.1-7.EL4.3.ia64.rpm
3a3e0adb1589e8f5b8a0cbc90838b872  ruby-docs-1.8.1-7.EL4.3.ia64.rpm
ec380c0cbd972232ecf94554b31d026a  ruby-libs-1.8.1-7.EL4.3.i386.rpm
b67cbfcfb8224eb3e8c89087a6f0f0a3  ruby-libs-1.8.1-7.EL4.3.ia64.rpm
9dd5ff9e735d68d79af9a1e9934fd536  ruby-mode-1.8.1-7.EL4.3.ia64.rpm
9cf533ae16f4e82bffe48c9111debbe6  ruby-tcltk-1.8.1-7.EL4.3.ia64.rpm

ppc:
bea620261b0af06529cdf2d1124fc8a6  irb-1.8.1-7.EL4.3.ppc.rpm
5f5ee447b8d90a6bfa5b354ec8604d8c  ruby-1.8.1-7.EL4.3.ppc.rpm
553539f0498fb1727b5e5bd7f355b013  ruby-debuginfo-1.8.1-7.EL4.3.ppc.rpm
0c977fa3aad5ee71904842ab49614780  ruby-debuginfo-1.8.1-7.EL4.3.ppc64.rpm
73c2381e5ed944ef7339ffe84926008a  ruby-devel-1.8.1-7.EL4.3.ppc.rpm
4926c07e3bfc925099a4f96f1afb4f71  ruby-docs-1.8.1-7.EL4.3.ppc.rpm
592b474a7bf78c112ad1c414cb9ecd85  ruby-libs-1.8.1-7.EL4.3.ppc.rpm
321a623d248798d6121da50974c3593c  ruby-libs-1.8.1-7.EL4.3.ppc64.rpm
71b8adb69b5eaedc1e76cf3b9f50ed90  ruby-mode-1.8.1-7.EL4.3.ppc.rpm
a8ed517aecc2fcca259d60d7dd9ddaaa  ruby-tcltk-1.8.1-7.EL4.3.ppc.rpm

s390:
ce4768ffb0efbedebbc8faa82bb9a950  irb-1.8.1-7.EL4.3.s390.rpm
be0c3720fbd14665f8419641af6bf8f7  ruby-1.8.1-7.EL4.3.s390.rpm
1788a394d268747e0311a68dfc047a75  ruby-debuginfo-1.8.1-7.EL4.3.s390.rpm
2f9bd8f8619a4dbea43f7b0a40a3ddcb  ruby-devel-1.8.1-7.EL4.3.s390.rpm
93a5456a841377c92b1a62ef86acac30  ruby-docs-1.8.1-7.EL4.3.s390.rpm
7a9f928a01cbef840f94295fcca9c2f9  ruby-libs-1.8.1-7.EL4.3.s390.rpm
2ef87351b42fd0a87ebc76771ee98a13  ruby-mode-1.8.1-7.EL4.3.s390.rpm
f2959cd2f0ee556a05de8312be9bb4e1  ruby-tcltk-1.8.1-7.EL4.3.s390.rpm

s390x:
d6b4ebe6e7d64cf6aaf98ff139fe6443  irb-1.8.1-7.EL4.3.s390x.rpm
8c65a4fa6898aa183ca17cf4e0038156  ruby-1.8.1-7.EL4.3.s390x.rpm
1788a394d268747e0311a68dfc047a75  ruby-debuginfo-1.8.1-7.EL4.3.s390.rpm
9c7d46b40d71816723dc3c7c248b5a5c  ruby-debuginfo-1.8.1-7.EL4.3.s390x.rpm
8abb6ce53809a7b24aca56ffdd5506c3  ruby-devel-1.8.1-7.EL4.3.s390x.rpm
685e8ba0a0dd5a1f23d000c5529ed9a5  ruby-docs-1.8.1-7.EL4.3.s390x.rpm
7a9f928a01cbef840f94295fcca9c2f9  ruby-libs-1.8.1-7.EL4.3.s390.rpm
3d313397d89a8a2c8c53eaeb11289a44  ruby-libs-1.8.1-7.EL4.3.s390x.rpm
cd3a5c108175ecc83c0e818a7115d687  ruby-mode-1.8.1-7.EL4.3.s390x.rpm
a8e2519df238343b7994e7371ae39db4  ruby-tcltk-1.8.1-7.EL4.3.s390x.rpm

x86_64:
0db700aca9a5de3e603e2b2382c84b72  irb-1.8.1-7.EL4.3.x86_64.rpm
b671345549b1d43e01a0cd7bc521a5f9  ruby-1.8.1-7.EL4.3.x86_64.rpm
f188f2387d9e63eb82b8028055d94f05  ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
67f0ad7ae939a8eb46776361e581e379  ruby-debuginfo-1.8.1-7.EL4.3.x86_64.rpm
d9d6001d8e77eeab21e886bf498b17f4  ruby-devel-1.8.1-7.EL4.3.x86_64.rpm
3a17c58b912257a21268e04f980235aa  ruby-docs-1.8.1-7.EL4.3.x86_64.rpm
ec380c0cbd972232ecf94554b31d026a  ruby-libs-1.8.1-7.EL4.3.i386.rpm
9a8600d4d97ff9883d81b053d795819b  ruby-libs-1.8.1-7.EL4.3.x86_64.rpm
6d84bb6f10c1b398c248ec13e3d95ec8  ruby-mode-1.8.1-7.EL4.3.x86_64.rpm
2b8be83c1998dce62170cdf22c947dbf  ruby-tcltk-1.8.1-7.EL4.3.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ruby-1.8.1-7.EL4.3.src.rpm
653a25c251b54bb0cdab2daa45f3f66e  ruby-1.8.1-7.EL4.3.src.rpm

i386:
965760c2d4e817bf3cee4613eae9b9be  irb-1.8.1-7.EL4.3.i386.rpm
4369042fbaf2a27666d098230c8f9f96  ruby-1.8.1-7.EL4.3.i386.rpm
f188f2387d9e63eb82b8028055d94f05  ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
3d0287f5e5565136d12d02c6744a31fe  ruby-devel-1.8.1-7.EL4.3.i386.rpm
1784aa362805586d55de06b042f123fd  ruby-docs-1.8.1-7.EL4.3.i386.rpm
ec380c0cbd972232ecf94554b31d026a  ruby-libs-1.8.1-7.EL4.3.i386.rpm
e5a5d4e524595e7e8d15fef85e88d4a8  ruby-mode-1.8.1-7.EL4.3.i386.rpm
d84e73c7299a19c13738b45e0ff80898  ruby-tcltk-1.8.1-7.EL4.3.i386.rpm

x86_64:
0db700aca9a5de3e603e2b2382c84b72  irb-1.8.1-7.EL4.3.x86_64.rpm
b671345549b1d43e01a0cd7bc521a5f9  ruby-1.8.1-7.EL4.3.x86_64.rpm
f188f2387d9e63eb82b8028055d94f05  ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
67f0ad7ae939a8eb46776361e581e379  ruby-debuginfo-1.8.1-7.EL4.3.x86_64.rpm
d9d6001d8e77eeab21e886bf498b17f4  ruby-devel-1.8.1-7.EL4.3.x86_64.rpm
3a17c58b912257a21268e04f980235aa  ruby-docs-1.8.1-7.EL4.3.x86_64.rpm
ec380c0cbd972232ecf94554b31d026a  ruby-libs-1.8.1-7.EL4.3.i386.rpm
9a8600d4d97ff9883d81b053d795819b  ruby-libs-1.8.1-7.EL4.3.x86_64.rpm
6d84bb6f10c1b398c248ec13e3d95ec8  ruby-mode-1.8.1-7.EL4.3.x86_64.rpm
2b8be83c1998dce62170cdf22c947dbf  ruby-tcltk-1.8.1-7.EL4.3.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ruby-1.8.1-7.EL4.3.src.rpm
653a25c251b54bb0cdab2daa45f3f66e  ruby-1.8.1-7.EL4.3.src.rpm

i386:
965760c2d4e817bf3cee4613eae9b9be  irb-1.8.1-7.EL4.3.i386.rpm
4369042fbaf2a27666d098230c8f9f96  ruby-1.8.1-7.EL4.3.i386.rpm
f188f2387d9e63eb82b8028055d94f05  ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
3d0287f5e5565136d12d02c6744a31fe  ruby-devel-1.8.1-7.EL4.3.i386.rpm
1784aa362805586d55de06b042f123fd  ruby-docs-1.8.1-7.EL4.3.i386.rpm
ec380c0cbd972232ecf94554b31d026a  ruby-libs-1.8.1-7.EL4.3.i386.rpm
e5a5d4e524595e7e8d15fef85e88d4a8  ruby-mode-1.8.1-7.EL4.3.i386.rpm
d84e73c7299a19c13738b45e0ff80898  ruby-tcltk-1.8.1-7.EL4.3.i386.rpm

ia64:
c964f8b9e1ce1031788c1d1600a1a572  irb-1.8.1-7.EL4.3.ia64.rpm
a49f9116a26e5d81f2554a8116f5830b  ruby-1.8.1-7.EL4.3.ia64.rpm
f188f2387d9e63eb82b8028055d94f05  ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
e1de852e5017803d1b95c8b51bff5abf  ruby-debuginfo-1.8.1-7.EL4.3.ia64.rpm
9f6b30a53ad4938631b642e8e534a7e2  ruby-devel-1.8.1-7.EL4.3.ia64.rpm
3a3e0adb1589e8f5b8a0cbc90838b872  ruby-docs-1.8.1-7.EL4.3.ia64.rpm
ec380c0cbd972232ecf94554b31d026a  ruby-libs-1.8.1-7.EL4.3.i386.rpm
b67cbfcfb8224eb3e8c89087a6f0f0a3  ruby-libs-1.8.1-7.EL4.3.ia64.rpm
9dd5ff9e735d68d79af9a1e9934fd536  ruby-mode-1.8.1-7.EL4.3.ia64.rpm
9cf533ae16f4e82bffe48c9111debbe6  ruby-tcltk-1.8.1-7.EL4.3.ia64.rpm

x86_64:
0db700aca9a5de3e603e2b2382c84b72  irb-1.8.1-7.EL4.3.x86_64.rpm
b671345549b1d43e01a0cd7bc521a5f9  ruby-1.8.1-7.EL4.3.x86_64.rpm
f188f2387d9e63eb82b8028055d94f05  ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
67f0ad7ae939a8eb46776361e581e379  ruby-debuginfo-1.8.1-7.EL4.3.x86_64.rpm
d9d6001d8e77eeab21e886bf498b17f4  ruby-devel-1.8.1-7.EL4.3.x86_64.rpm
3a17c58b912257a21268e04f980235aa  ruby-docs-1.8.1-7.EL4.3.x86_64.rpm
ec380c0cbd972232ecf94554b31d026a  ruby-libs-1.8.1-7.EL4.3.i386.rpm
9a8600d4d97ff9883d81b053d795819b  ruby-libs-1.8.1-7.EL4.3.x86_64.rpm
6d84bb6f10c1b398c248ec13e3d95ec8  ruby-mode-1.8.1-7.EL4.3.x86_64.rpm
2b8be83c1998dce62170cdf22c947dbf  ruby-tcltk-1.8.1-7.EL4.3.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ruby-1.8.1-7.EL4.3.src.rpm
653a25c251b54bb0cdab2daa45f3f66e  ruby-1.8.1-7.EL4.3.src.rpm

i386:
965760c2d4e817bf3cee4613eae9b9be  irb-1.8.1-7.EL4.3.i386.rpm
4369042fbaf2a27666d098230c8f9f96  ruby-1.8.1-7.EL4.3.i386.rpm
f188f2387d9e63eb82b8028055d94f05  ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
3d0287f5e5565136d12d02c6744a31fe  ruby-devel-1.8.1-7.EL4.3.i386.rpm
1784aa362805586d55de06b042f123fd  ruby-docs-1.8.1-7.EL4.3.i386.rpm
ec380c0cbd972232ecf94554b31d026a  ruby-libs-1.8.1-7.EL4.3.i386.rpm
e5a5d4e524595e7e8d15fef85e88d4a8  ruby-mode-1.8.1-7.EL4.3.i386.rpm
d84e73c7299a19c13738b45e0ff80898  ruby-tcltk-1.8.1-7.EL4.3.i386.rpm

ia64:
c964f8b9e1ce1031788c1d1600a1a572  irb-1.8.1-7.EL4.3.ia64.rpm
a49f9116a26e5d81f2554a8116f5830b  ruby-1.8.1-7.EL4.3.ia64.rpm
f188f2387d9e63eb82b8028055d94f05  ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
e1de852e5017803d1b95c8b51bff5abf  ruby-debuginfo-1.8.1-7.EL4.3.ia64.rpm
9f6b30a53ad4938631b642e8e534a7e2  ruby-devel-1.8.1-7.EL4.3.ia64.rpm
3a3e0adb1589e8f5b8a0cbc90838b872  ruby-docs-1.8.1-7.EL4.3.ia64.rpm
ec380c0cbd972232ecf94554b31d026a  ruby-libs-1.8.1-7.EL4.3.i386.rpm
b67cbfcfb8224eb3e8c89087a6f0f0a3  ruby-libs-1.8.1-7.EL4.3.ia64.rpm
9dd5ff9e735d68d79af9a1e9934fd536  ruby-mode-1.8.1-7.EL4.3.ia64.rpm
9cf533ae16f4e82bffe48c9111debbe6  ruby-tcltk-1.8.1-7.EL4.3.ia64.rpm

x86_64:
0db700aca9a5de3e603e2b2382c84b72  irb-1.8.1-7.EL4.3.x86_64.rpm
b671345549b1d43e01a0cd7bc521a5f9  ruby-1.8.1-7.EL4.3.x86_64.rpm
f188f2387d9e63eb82b8028055d94f05  ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
67f0ad7ae939a8eb46776361e581e379  ruby-debuginfo-1.8.1-7.EL4.3.x86_64.rpm
d9d6001d8e77eeab21e886bf498b17f4  ruby-devel-1.8.1-7.EL4.3.x86_64.rpm
3a17c58b912257a21268e04f980235aa  ruby-docs-1.8.1-7.EL4.3.x86_64.rpm
ec380c0cbd972232ecf94554b31d026a  ruby-libs-1.8.1-7.EL4.3.i386.rpm
9a8600d4d97ff9883d81b053d795819b  ruby-libs-1.8.1-7.EL4.3.x86_64.rpm
6d84bb6f10c1b398c248ec13e3d95ec8  ruby-mode-1.8.1-7.EL4.3.x86_64.rpm
2b8be83c1998dce62170cdf22c947dbf  ruby-tcltk-1.8.1-7.EL4.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1931
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFEYIFgXlSAg2UNWIIRAvmYAJ40mLWPFcZfvcIDZnyRykvXoFuTRQCgoZbM
kOUx2zC/13mr+bGEtZvxpPI=
=mjCJ
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.