[bluewhite64-security] ruby (BW64SA:20081202-01)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[bluewhite64-security] ruby (BW64SA:20081202-01)

New ruby packages are available for Bluewhite64 11.0, 12.0, and 12.1 to
fix bugs and a security issue.

More details about the issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447


Here are the details from the Bluewhite64 12.1 ChangeLog:
+--------------------------+
PATCHES/packages/ruby-1.8.6_p287-x86_64-1.tgz: Upgraded to ruby-1.8.6-p287.
This fixes several bugs in the previous Ruby update, including a security
issue where the DNS resolver did not randomize the source port and
transaction id sufficiently.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
[*** Security fix ***]
+--------------------------+


Where to find the new packages:
+-----------------------------+
See the "Get Bluewhite64" section on http://www.bluewhite64.com for additional
mirror sites near you.

Updated package for Bluewhite64 11.0:
http://data.bluewhite64.com/bluewhite64-11.0/patches/packages/ruby-1.8.6_p287-x86_64-1.tgz

Updated package for Bluewhite64 12.0:
http://data.bluewhite64.com/bluewhite64-12.0/patches/packages/ruby-1.8.6_p287-x86_64-1.tgz

Updated package for Bluewhite64 12.1:
http://data.bluewhite64.com/bluewhite64-12.1/patches/packages/ruby-1.8.6_p287-x86_64-1.tgz


MD5 signatures:
+-------------+
Bluewhite64 11.0 package:
260ba52657387fc46daa0a1311126c9d ruby-1.8.6_p287-x86_64-1.tgz

Bluewhite64 12.0 package:
260ba52657387fc46daa0a1311126c9d ruby-1.8.6_p287-x86_64-1.tgz

Bluewhite64 12.1 package:
ba8d560c0609996101ba2576fc95593c ruby-1.8.6_p287-x86_64-1.tgz






Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg ruby-1.8.6_p287-x86_64-1.tgz



+-----+
Bluewhite64 Linux Security Team
http://bluewhite64.com/gpg-key

security©bluewhite64.com


+-------------------------------------------------------+
| To leave the bluewhite64-security mailing list:
+-------------------------------------------------------+
| Send a blank email to
|
| bluewhite64-security-unsubscribe©bluewhite64.com
|
| You will get a confirmation message back containing
| instructions to complete the process.
|
| Please do not reply to this email address.
+-------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkk1gtwACgkQpTOsxuDdlY5ZQACeLct/v0YB0GYC+rek3tx42JD8
k44AniRPOmGFBObwNOVvQDs1AAUhStjn
=n8Vt
-----END PGP SIGNATURE-----