User: Password:
Subscribe / Log in / New account

Fedora alert FEDORA-2012-0233 (rubygem-rack)

Subject:  [SECURITY] Fedora 15 Update: rubygem-rack-1.1.0-4.fc15
Date:  Mon, 16 Jan 2012 21:26:40 +0000
Message-ID:  <>
Archive-link:  Article, Thread

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2012-0233 2012-01-07 22:27:21 -------------------------------------------------------------------------------- Name : rubygem-rack Product : Fedora 15 Version : 1.1.0 Release : 4.fc15 URL : Summary : Common API for connecting web frameworks, web servers and layers of software Description : Rack provides a common API for connecting web frameworks, web servers and layers of software in between -------------------------------------------------------------------------------- Update Information: Julian Wälde and Alexander Klink reported a flaw in the hash function used in the implementation of the Ruby-rack arrays (CVE-2011-5036). Ruby-rack arrays are implemented using the hash table that maps keys to values. This update fixes the bug. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 5 2012 Bohuslav Kabrda <> - 1:1.1.0-4 - Moved gem install to %prep to be able to apply patches. - Applied two patches that fix test failures with Ruby 1.8.7-p357. - Added a source with files needed for some tests. - Applied backported security fix for CVE-2011-5036. * Wed Feb 9 2011 Fedora Release Engineering <> - Rebuilt for -------------------------------------------------------------------------------- References: [ 1 ] Bug #771150 - CVE-2011-5036 rubygem-rack: hash table collisions DoS (oCERT-2011-003) [fedora-all] -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update rubygem-rack' at the command line. For more information, refer to "Managing Software with yum", available at All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list

(Log in to post comments)

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds