LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

openSUSE alert openSUSE-SU-2011:0561-1 (ruby)



From:
    	      opensuse-security@opensuse.org 


To:
    	      opensuse-updates@opensuse.org 


Subject:
    	      openSUSE-SU-2011:0561-1: important: ruby 


Date:
    	      Mon, 30 May 2011 23:08:20 +0200 (CEST)


Message-ID:
    	      <20110530210820.B2F513229F@maintenance.suse.de>


Archive-link:
    	      Article, Thread
              


   openSUSE Security Update: ruby
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2011:0561-1
Rating:             important
References:         #600752 #655136 #673740 #673750 #682287 
Cross-References:   CVE-2010-0541 CVE-2011-0188 CVE-2011-1004
                    CVE-2011-1005
Affected Products:
                    openSUSE 11.3
______________________________________________________________________________

   An update that solves four vulnerabilities and has one
   errata is now available.

Description:

   Ruby was prone to several security issues:
   - a race condition allowed local users to delete arbitrary
   files (CVE-2011-1004)
   - exception methods could bypass safe mode (CVE-2011-1005)
   - webrick cross site scripting issue (CVE-2010-0541)
   - memory corruption in the BigDecimal class (CVE-2011-0188)


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 11.3:

      zypper in -t patch ruby-4587

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 11.3 (i586 x86_64):

      ruby-1.8.7.p249-8.9.1
      ruby-devel-1.8.7.p249-8.9.1
      ruby-examples-1.8.7.p249-8.9.1
      ruby-test-suite-1.8.7.p249-8.9.1
      ruby-tk-1.8.7.p249-8.9.1

   - openSUSE 11.3 (noarch):

      ruby-doc-html-1.8.7.p249-8.9.1
      ruby-doc-ri-1.8.7.p249-8.9.1


References:

   http://support.novell.com/security/cve/CVE-2010-0541.html
   http://support.novell.com/security/cve/CVE-2011-0188.html
   http://support.novell.com/security/cve/CVE-2011-1004.html
   http://support.novell.com/security/cve/CVE-2011-1005.html
   https://bugzilla.novell.com/600752
   https://bugzilla.novell.com/655136
   https://bugzilla.novell.com/673740
   https://bugzilla.novell.com/673750
   https://bugzilla.novell.com/682287
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds