Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Fedora Local Security Checks
Title:Fedora Core 5 FEDORA-2006-849 (ruby)

The remote host is missing an update to ruby
announced via advisory FEDORA-2006-849.

Ruby is the interpreted scripting language for quick and easy
object-oriented programming. It has many features to process text
files and to do system management tasks (as in Perl). It is simple,
straight-forward, and extensible.

* Thu Jul 20 2006 Akira TAGOH - 1.8.4-8
- security fixes [CVE-2006-3694]
- ruby-1.8.4-fix-insecure-dir-operation.patch:
- ruby-1.8.4-fix-insecure-regexp-modification.patch: fixed the insecure
operations in the certain safe-level restrictions. (#199538)
- ruby-1.8.4-fix-alias-safe-level.patch: fixed to not bypass the certain
safe-level restrictions. (#199543)
* Mon Jun 19 2006 Akira TAGOH - 1.8.4-7.fc5
- fixed the wrong file list again. moved tcltk library into ruby-tcltk.
* Thu Jun 8 2006 Akira TAGOH - 1.8.4-5.fc5
- ruby-deprecated-search-path.patch: applied to add more search path
for backward compatibility.
- added byacc to BuildReq.
- exclude ppc64 to make ruby-mode package. right now emacs.ppc64 isn't provided
and buildsys became much stricter.
* Wed May 17 2006 Akira TAGOH - 1.8.4-4.fc5
- correct sitelibdir. (#184198)
- ruby-rubyprefix.patch: moved all arch-independent modules under /usr/lib/ruby
and keep arch-dependent modules under /usr/lib64/ruby for 64bit archs.
so 'rubylibdir', 'sitelibdir' and 'sitedir' in Config::CONFIG points to
the kind of /usr/lib/ruby now. (#184199)
- ruby-deprecated-search-path.patch: added the deprecated installation paths
to the search path for the backward compatibility.
- added a Provides: ruby(abi) to ruby-libs.
- ruby-1.8.4-64bit-pack.patch: backport patch from upstream to fix unpack(l)
not working on 64bit arch and integer overflow on template w. (#189350)
- updated License tag to be more comfortable, and with a pointer to get more
details, like Python package does. (#179933)
- clean up.

Solution: Apply the appropriate updates.

This update can be downloaded from:

This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at

Risk factor : High

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-3694
BugTraq ID: 18944
Debian Security Information: DSA-1139 (Google Search)
Debian Security Information: DSA-1157 (Google Search)
SGI Security Advisory: 20060801-01-P
SuSE Security Announcement: SUSE-SR:2006:021 (Google Search)
XForce ISS Database: ruby-alias-directory-security-bypass(27725)
CopyrightCopyright (c) 2007 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.