| |||||||||||||||||||
Fedora alert FEDORA-2010-0533 (ruby)
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-0533 2010-01-14 00:55:12 -------------------------------------------------------------------------------- Name : ruby Product : Fedora 11 Version : 1.8.6.383 Release : 6.fc11 URL : http://www.ruby-lang.org/ Summary : An interpreter of object-oriented scripting language Description : Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. -------------------------------------------------------------------------------- Update Information: A secrity vulnerability is found on WEBrick module in Ruby currently shipped on Fedora 11 that WEBrick lets attackers to inject malicious escape sequences to its logs, making it possible for dangerous control characters to be executed on a victim's terminal emulator. This issue has now been tagged as CVE-2009-4492. Also currently have_library() function in mkmf.rb always requires ruby's static archive to function correctly despite that ruby shared library is also provided. This new rpm will fix these issues. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 13 2010 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 1.8.6.383-6 - CVE-2009-4492 ruby WEBrick log escape sequence (bug 554485) * Wed Dec 9 2009 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 1.8.6.383-5 - Change mkmf.rb to use LIBRUBYARG_SHARED so that have_library() works without libruby-static.a (bug 428384) - And move libruby-static.a to -static subpackage * Thu Oct 29 2009 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 1.8.6.383-4 - Use bison to regenerate parse.c to keep the original format of error messages (bug 530275 comment 4) * Sun Oct 25 2009 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 1.8.6.383-3 - Patch so that irb saves its history (bug 518584, ruby issue 1556) * Sat Oct 24 2009 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 1.8.6.383-2 - Restore the previous changes * Sat Oct 24 2009 Jeroen van Meeuwen <kanarip@fedoraproject.org> - 1.8.6.383-1 - Update to 1.8.6 patchlevel 383 (bug 520063) * Wed Oct 14 2009 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 1.8.6.369-3 - Much better idea for Patch31 provided by Akira TAGOH <tagoh@redhat.com> * Wed Oct 14 2009 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 1.8.6.369-2 - Fix the search path of ri command for ri manuals installed with gem (bug 528787) * Sat Jun 20 2009 Jeroen van Meeuwen <kanarip@fedoraproject.org> - 1.8.6.369-1 - New patchlevel fixing CVE-2009-1904 - Fix directory on ARM (#506233, Kedar Sovani) * Sun May 31 2009 Jeroen van Meeuwen <j.van.meeuwen@ogd.nl> - 1.8.6.368-1 - New upstream release (p368) -------------------------------------------------------------------------------- References: [ 1 ] Bug #554485 - CVE-2009-4492 ruby WEBrick log escape sequence https://bugzilla.redhat.com/show_bug.cgi?id=554485 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update ruby' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-... (Log in to post comments)
|
|||||||||||||||||||