Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200409-08 (dev-lang/ruby)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.54665

Category: Gentoo Local Security Checks

Title: Gentoo Security Advisory GLSA 200409-08 (dev-lang/ruby)

Summary: Gentoo Security Advisory GLSA 200409-08 (dev-lang/ruby)

Description: The remote host is missing updates announced in
advisory GLSA 200409-08.

When used for CGI scripting, Ruby creates session files in /tmp with the
permissions of the default umask. Depending on that umask, local users may
be able to read sensitive data stored in session files.

Solution:
All Ruby users should upgrade to the latest version:

# emerge sync

# emerge -pv '>=dev-lang/ruby-your_version'
# emerge '>=dev-lang/ruby-your_version'

http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200409-08
http://bugs.gentoo.org/show_bug.cgi?id=60525

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0755
Debian Security Information: DSA-537 (Google Search)
http://www.debian.org/security/2004/dsa-537
http://www.gentoo.org/security/en/glsa/glsa-200409-08.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:128
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11128
http://secunia.com/advisories/12290/
XForce ISS Database: ruby-filestore-pstore-insecure-permission(16996)
http://xforce.iss.net/xforce/xfdb/16996

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.54665
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 200409-08 (dev-lang/ruby)
Summary:	Gentoo Security Advisory GLSA 200409-08 (dev-lang/ruby)
Description:	The remote host is missing updates announced in advisory GLSA 200409-08. When used for CGI scripting, Ruby creates session files in /tmp with the permissions of the default umask. Depending on that umask, local users may be able to read sensitive data stored in session files. Solution: All Ruby users should upgrade to the latest version: # emerge sync # emerge -pv '>=dev-lang/ruby-your_version' # emerge '>=dev-lang/ruby-your_version' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200409-08 http://bugs.gentoo.org/show_bug.cgi?id=60525
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0755 Debian Security Information: DSA-537 (Google Search) http://www.debian.org/security/2004/dsa-537 http://www.gentoo.org/security/en/glsa/glsa-200409-08.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:128 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11128 http://secunia.com/advisories/12290/ XForce ISS Database: ruby-filestore-pstore-insecure-permission(16996) http://xforce.iss.net/xforce/xfdb/16996
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com