SciLinux: CVE-2006-6303 ruby SL5.x, SL4.x i386/x86

Date:         Tue, 13 Nov 2007 17:11:56 -0600
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA for ruby on SL5.x, SL4.x i386/x86_64
Comments: To: scientific-linux-errata@fnal.gov

Synopsis:	Moderate: ruby security update
Issue date:	2007-11-13
CVE Names:	CVE-2006-6303 CVE-2007-5162 CVE-2007-5770

A flaw was discovered in the way Ruby's CGI module handles certain HTTP
requests. If a remote attacker sends a specially crafted request, it is
possible to cause the ruby CGI script to enter an infinite loop, 
possibly causing a denial of service. (CVE-2006-6303)

An SSL certificate validation flaw was discovered in several Ruby Net
modules. The libraries were not checking the requested host name against
the common name (CN) in the SSL server certificate, possibly allowing a 
man in the middle attack. (CVE-2007-5162, CVE-2007-5770)

SL 4.x

   SRPMS:
ruby-1.8.1-7.EL4.8.1.src.rpm
   i386:
irb-1.8.1-7.EL4.8.1.i386.rpm
ruby-1.8.1-7.EL4.8.1.i386.rpm
ruby-devel-1.8.1-7.EL4.8.1.i386.rpm
ruby-docs-1.8.1-7.EL4.8.1.i386.rpm
ruby-libs-1.8.1-7.EL4.8.1.i386.rpm
ruby-mode-1.8.1-7.EL4.8.1.i386.rpm
ruby-tcltk-1.8.1-7.EL4.8.1.i386.rpm
   x86_64:
irb-1.8.1-7.EL4.8.1.x86_64.rpm
ruby-1.8.1-7.EL4.8.1.x86_64.rpm
ruby-devel-1.8.1-7.EL4.8.1.x86_64.rpm
ruby-docs-1.8.1-7.EL4.8.1.x86_64.rpm
ruby-libs-1.8.1-7.EL4.8.1.i386.rpm
ruby-libs-1.8.1-7.EL4.8.1.x86_64.rpm
ruby-mode-1.8.1-7.EL4.8.1.x86_64.rpm
ruby-tcltk-1.8.1-7.EL4.8.1.x86_64.rpm

SL 5.x

   SRPMS:
ruby-1.8.5-5.el5_1.1.src.rpm
   i386:
ruby-1.8.5-5.el5.1.i386.rpm
ruby-devel-1.8.5-5.el5.1.i386.rpm
ruby-docs-1.8.5-5.el5.1.i386.rpm
ruby-irb-1.8.5-5.el5.1.i386.rpm
ruby-libs-1.8.5-5.el5.1.i386.rpm
ruby-mode-1.8.5-5.el5.1.i386.rpm
ruby-rdoc-1.8.5-5.el5.1.i386.rpm
ruby-ri-1.8.5-5.el5.1.i386.rpm
ruby-tcltk-1.8.5-5.el5.1.i386.rpm
   x86_64:
ruby-1.8.5-5.el5.1.x86_64.rpm
ruby-devel-1.8.5-5.el5.1.x86_64.rpm
ruby-docs-1.8.5-5.el5.1.x86_64.rpm
ruby-irb-1.8.5-5.el5.1.x86_64.rpm
ruby-libs-1.8.5-5.el5.1.i386.rpm
ruby-libs-1.8.5-5.el5.1.x86_64.rpm
ruby-mode-1.8.5-5.el5.1.x86_64.rpm
ruby-rdoc-1.8.5-5.el5.1.x86_64.rpm
ruby-ri-1.8.5-5.el5.1.x86_64.rpm
ruby-tcltk-1.8.5-5.el5.1.x86_64.rpm

-Connie Sieh
-Troy Dawson

Date: Tue, 13 Nov 2007 17:11:56 -0600Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA for ruby on SL5.x, SL4.x i386/x86_64Comments: To: scientific-linux-errata@fnal.govSynopsis: Moderate: ruby security updateIssue date: 2007-11-13CVE Names: CVE-2006-6303 CVE-2007-5162 CVE-2007-5770A flaw was discovered in the way Ruby's CGI module handles certain HTTPrequests. If a remote attacker sends a specially crafted request, it ispossible to cause the ruby CGI script to enter an infinite loop, possibly causing a denial of service. (CVE-2006-6303)An SSL certificate validation flaw was discovered in several Ruby Netmodules. The libraries were not checking the requested host name againstthe common name (CN) in the SSL server certificate, possibly allowing a man in the middle attack. (CVE-2007-5162, CVE-2007-5770)SL 4.x SRPMS:ruby-1.8.1-7.EL4.8.1.src.rpm i386:irb-1.8.1-7.EL4.8.1.i386.rpmruby-1.8.1-7.EL4.8.1.i386.rpmruby-devel-1.8.1-7.EL4.8.1.i386.rpmruby-docs-1.8.1-7.EL4.8.1.i386.rpmruby-libs-1.8.1-7.EL4.8.1.i386.rpmruby-mode-1.8.1-7.EL4.8.1.i386.rpmruby-tcltk-1.8.1-7.EL4.8.1.i386.rpm x86_64:irb-1.8.1-7.EL4.8.1.x86_64.rpmruby-1.8.1-7.EL4.8.1.x86_64.rpmruby-devel-1.8.1-7.EL4.8.1.x86_64.rpmruby-docs-1.8.1-7.EL4.8.1.x86_64.rpmruby-libs-1.8.1-7.EL4.8.1.i386.rpmruby-libs-1.8.1-7.EL4.8.1.x86_64.rpmruby-mode-1.8.1-7.EL4.8.1.x86_64.rpmruby-tcltk-1.8.1-7.EL4.8.1.x86_64.rpmSL 5.x SRPMS:ruby-1.8.5-5.el5_1.1.src.rpm i386:ruby-1.8.5-5.el5.1.i386.rpmruby-devel-1.8.5-5.el5.1.i386.rpmruby-docs-1.8.5-5.el5.1.i386.rpmruby-irb-1.8.5-5.el5.1.i386.rpmruby-libs-1.8.5-5.el5.1.i386.rpmruby-mode-1.8.5-5.el5.1.i386.rpmruby-rdoc-1.8.5-5.el5.1.i386.rpmruby-ri-1.8.5-5.el5.1.i386.rpmruby-tcltk-1.8.5-5.el5.1.i386.rpm x86_64:ruby-1.8.5-5.el5.1.x86_64.rpmruby-devel-1.8.5-5.el5.1.x86_64.rpmruby-docs-1.8.5-5.el5.1.x86_64.rpmruby-irb-1.8.5-5.el5.1.x86_64.rpmruby-libs-1.8.5-5.el5.1.i386.rpmruby-libs-1.8.5-5.el5.1.x86_64.rpmruby-mode-1.8.5-5.el5.1.x86_64.rpmruby-rdoc-1.8.5-5.el5.1.x86_64.rpmruby-ri-1.8.5-5.el5.1.x86_64.rpmruby-tcltk-1.8.5-5.el5.1.x86_64.rpm-Connie Sieh-Troy Dawson

Get the Latest News & Insights

SciLinux: CVE-2006-6303 ruby SL5.x, SL4.x i386/x86_64

Summary

Security Fixes

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By