Fedora alert FEDORA-2010-0530 (ruby)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 12 Update: ruby-1.8.6.383-6.fc12 | |
| Date: | Thu, 14 Jan 2010 01:27:05 +0000 | |
| Message-ID: | <20100114012646.D85C810FBDD@bastion2.fedora.phx.redhat.com> |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-0530 2010-01-14 00:55:08 -------------------------------------------------------------------------------- Name : ruby Product : Fedora 12 Version : 1.8.6.383 Release : 6.fc12 URL : http://www.ruby-lang.org/ Summary : An interpreter of object-oriented scripting language Description : Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. -------------------------------------------------------------------------------- Update Information: A secrity vulnerability is found on WEBrick module in Ruby currently shipped on Fedora 12 that WEBrick lets attackers to inject malicious escape sequences to its logs, making it possible for dangerous control characters to be executed on a victim's terminal emulator. This issue has now been tagged as CVE-2009-4492. Also currently have_library() function in mkmf.rb always requires ruby's static archive to function correctly despite that ruby shared library is also provided. This new rpm will fix these issues. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 13 2010 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 1.8.6.383-6 - CVE-2009-4492 ruby WEBrick log escape sequence (bug 554485) * Wed Dec 9 2009 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 1.8.6.383-5 - Change mkmf.rb to use LIBRUBYARG_SHARED so that have_library() works without libruby-static.a (bug 428384) - And move libruby-static.a to -static subpackage -------------------------------------------------------------------------------- References: [ 1 ] Bug #554485 - CVE-2009-4492 ruby WEBrick log escape sequence https://bugzilla.redhat.com/show_bug.cgi?id=554485 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update ruby' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-...