[Bluewhite64 Linux Security] ruby [BW64SA:20090622-02]
Hash: SHA1
[Bluewhite64 Linux Security] ruby [BW64SA:20090622-02]
New ruby packages are available for Bluewhite64 Linux 11.0, 12.0, 12.1,
and 12.2 to fix a security issue.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1904
Here are the details from the Bluewhite64 Linux 12.2 ChangeLog:
- ----------------------------------------------------------------
PATCHES/packages/ruby-1.8.7_p174-x86_64-1.tgz: Upgraded.
This fixes a denial of service issue caused by the BigDecimal method
handling large input values improperly that may allow attackers to
crash the interpreter. The issue affects most Rails applications.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1904
[*** Security fix ***]
Download the new packages from:
- --------------------------------
For Bluewhite64 Linux 11.0:
http://data.bluewhite64.com/bluewhite64-11.0/patches/packages/ruby-1.8.6_p369-x86_64-1.tgz
For Bluewhite64 Linux 12.0:
http://data.bluewhite64.com/bluewhite64-12.0/patches/packages/ruby-1.8.6_p369-x86_64-1.tgz
For Bluewhite64 Linux 12.1:
http://data.bluewhite64.com/bluewhite64-12.1/patches/packages/ruby-1.8.6_p369-x86_64-1.tgz
For Bluewhite64 Linux 12.2:
http://data.bluewhite64.com/bluewhite64-12.2/patches/packages/ruby-1.8.7_p174-x86_64-1.tgz
Also, please see the "Get Bluewhite64" section on http://www.bluewhite64.com for
additional mirror sites near you.
MD5 signatures:
- ----------------
Bluewhite64 11.0 package:
678a1e0138a31688668591246ed38020 ruby-1.8.6_p369-x86_64-1.tgz
Bluewhite64 12.0 package:
518d91898ee7c71d9d32b660210101f3 ruby-1.8.6_p369-x86_64-1.tgz
Bluewhite64 12.1 package:
7ce44492b9cddbd6e53faca6773b585d ruby-1.8.6_p369-x86_64-1.tgz
Bluewhite64 12.2 package:
a1d2409d4910873937b676adb39ecbfc ruby-1.8.7_p174-x86_64-1.tgz
Installation instructions:
- ----------------------------
Upgrade the package as root:
# upgradepkg ruby-1.8.7_p174-x86_64-1.tgz
- ---
Bluewhite64 Linux Security Team
http://bluewhite64.com/gpg-key
security©bluewhite64.com
- ------------------------------------------------------
To leave the bluewhite64-security mailing list:
Send a blank email to
bluewhite64-security-unsubscribe©bluewhite64.com
You will get a confirmation message back containing
instructions to complete the process.
Please do not reply to this email address.
- ------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAko/6scACgkQpTOsxuDdlY5Y5gCeLT6x0XqnV12xZRAglQw3zUpF
6+oAn21CwAFmrf1pJWbphw0xws66ENe7
=j8oi
-----END PGP SIGNATURE-----