| |||||||||||||||||||
Fedora alert FEDORA-2012-18017 (ruby)
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2012-18017 2012-11-11 01:55:09 -------------------------------------------------------------------------------- Name : ruby Product : Fedora 17 Version : 1.9.3.327 Release : 19.fc17 URL : http://ruby-lang.org/ Summary : An interpreter of object-oriented scripting language Description : Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. -------------------------------------------------------------------------------- Update Information: A security flaw was found on ruby currently shiped on Fedora 18 that carefully crafted sequence of strings may cause a denial of service attack on the service that parses the sequence to create a Hash object by using the strings as keys. This issue is now registered as CVE-2012-5371. This new package should fix this issue. -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 10 2012 Mamoru TASAKA <mtasaka@fedoraproject.org> - 1.9.3.327-19 - Update to 1.9.3.327 - Fix Hash-flooding DoS vulnerability on MurmurHash function (CVE-2012-5371) * Sat Oct 13 2012 Mamoru TASAKA <mtasaka@fedoraproject.org> - 1.9.3.286-18 - Update to 1.9.3 p286 - Don't create files when NUL-containing path name is passed (bug 865940, CVE-2012-4522) * Thu Oct 4 2012 Mamoru Tasaka <mtasaka@fedoraproject.org> - 1.9.3.194-17 - Patch from trunk for CVE-2012-4464, CVE-2012-4466 * Thu Sep 6 2012 Vít Ondruch <vondruch@redhat.com> - 1.9.3.194-16 - Split documentation into -doc subpackage (rhbz#854418). * Tue Aug 14 2012 Vít Ondruch <vondruch@redhat.com> - 1.9.3.194-15 - Revert the dependency of ruby-libs on rubygems (rhbz#845011, rhbz#847482). * Wed Aug 1 2012 Vít Ondruch <vondruch@redhat.com> - 1.9.3.194-14 - ruby-libs must require rubygems (rhbz#845011). * Mon Jun 11 2012 Bohuslav Kabrda <bkabrda@redhat.com> - 1.9.3.194-13 - Make the bigdecimal gem a runtime dependency of Ruby. * Mon Jun 11 2012 Bohuslav Kabrda <bkabrda@redhat.com> - 1.9.3.194-12 - Make symlinks for bigdecimal and io-console gems to ruby stdlib dirs (RHBZ 829209). * Tue May 29 2012 Bohuslav Kabrda <bkabrda@redhat.com> - 1.9.3.194-11 - Fix license to contain Public Domain. - macros.ruby now contains unexpanded macros. -------------------------------------------------------------------------------- References: [ 1 ] Bug #875267 - CVE-2012-5371 ruby: hash-flooding DoS flaw in ruby 1.9 [fedora-17] https://bugzilla.redhat.com/show_bug.cgi?id=875267 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update ruby' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-... (Log in to post comments)
|
|||||||||||||||||||