LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

openSUSE alert openSUSE-SU-2012:0228-1 (Ruby)



From:
    	      opensuse-security@opensuse.org 


To:
    	      opensuse-updates@opensuse.org 


Subject:
    	      openSUSE-SU-2012:0228-1: moderate: Ruby: Update to 1.8,6p357 


Date:
    	      Thu,  9 Feb 2012 19:10:36 +0100 (CET)


Message-ID:
    	      <20120209181036.E7750320E0@maintenance.suse.de>


Archive-link:
    	      Article, Thread
              


   openSUSE Security Update: Ruby: Update to 1.8,6p357
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2012:0228-1
Rating:             moderate
References:         #704409 #739122 
Cross-References:   CVE-2011-2686 CVE-2011-2705 CVE-2011-3009
                    CVE-2011-4815
Affected Products:
                    openSUSE 11.4
______________________________________________________________________________

   An update that fixes four vulnerabilities is now available.
   It includes one version update.

Description:

   This update of ruby provides 1.8.7p357, which contains many
   stability fixes and bug fixes, which are fully compatible
   with the previous version. You can review the detailed list
   here:

   http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_357/ChangeLo
   g

   The particularly noteworthy fixes are:

   - Hash functions are now using a randomized seed to avoid
   algorithmic complexity attacks (CVE-2011-4815).  For this
   OpenSSL::Random.seed at the SecureRandom.random_bytes is
   used if available.
   - mkconfig.rb: fix for continued lines.
   - Fix Infinity to be greater than any bignum number.
   - initialize store->ex_data.sk.
   - some IPv6 related fixes
   - zlib fixes
   - reinitialize PRNG when forking children
   (CVE-2011-2686/CVE-2011-3009)
   - securerandom fixes (CVE-2011-2705)
   - uri route_to fixes
   - fix race condition with variables and autoload


Special Instructions and Notes:

   Please reboot the system after installing this update.This
   update triggers a restart of the software management stack.
   More updates will be available for installation after
   applying this update and restarting the application. This
   update triggers a restart of the software management stack.
   More updates will be available for installation after
   applying this update and restarting the application.

Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 11.4:

      zypper in -t patch ruby-5660

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 11.4 (i586 x86_64) [New Version: 1.8.7.p357]:

      ruby-1.8.7.p357-0.2.1
      ruby-devel-1.8.7.p357-0.2.1
      ruby-examples-1.8.7.p357-0.2.1
      ruby-test-suite-1.8.7.p357-0.2.1
      ruby-tk-1.8.7.p357-0.2.1

   - openSUSE 11.4 (noarch) [New Version: 1.8.7.p357]:

      ruby-doc-html-1.8.7.p357-0.2.1
      ruby-doc-ri-1.8.7.p357-0.2.1


References:

   http://support.novell.com/security/cve/CVE-2011-2686.html
   http://support.novell.com/security/cve/CVE-2011-2705.html
   http://support.novell.com/security/cve/CVE-2011-3009.html
   http://support.novell.com/security/cve/CVE-2011-4815.html
   https://bugzilla.novell.com/704409
   https://bugzilla.novell.com/739122
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds