ELSA-2008-0896

ELSA-2008-0896 - ruby security update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2008-10-21

Description

[1.6.8-13.el3]
- security fixes. (#461578)
- CVE-2008-3655: multiple insufficient safe mode restrictions
- CVE-2008-3443: Memory allocation failure in Ruby regex engine (remotely exploitable DoS)
- CVE-2008-3905: use of predictable source port and transaction
id in DNS requests done by resolve.rb module.

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory
Oracle Linux 3 (i386)	ruby-1.6.8-13.el3.src.rpm	5905c711f6dc40974f5fa9ebdaa84ee3	-
	irb-1.6.8-13.el3.i386.rpm	70a35d2137adaba3bd79f7f5b69477f7	-
	ruby-1.6.8-13.el3.i386.rpm	8b5621b020c51c54dba193beafedfdc5	-
	ruby-devel-1.6.8-13.el3.i386.rpm	6289694c3e6868338d4c850ef6d2cb31	-
	ruby-docs-1.6.8-13.el3.i386.rpm	ab8dc34efbb7e04bc40c68e710076ce4	-
	ruby-libs-1.6.8-13.el3.i386.rpm	af16c856fdd5898385092bb909c9a24c	-
	ruby-mode-1.6.8-13.el3.i386.rpm	e83d969f9d0aa777deb2ab618f7e9174	-
	ruby-tcltk-1.6.8-13.el3.i386.rpm	b03efd73acd0bcf9c4b4674d77b8f501	-
Oracle Linux 3 (x86_64)	ruby-1.6.8-13.el3.src.rpm	5905c711f6dc40974f5fa9ebdaa84ee3	-
	irb-1.6.8-13.el3.x86_64.rpm	66fa6d75ad1bf7c48772d733080c719a	-
	ruby-1.6.8-13.el3.x86_64.rpm	bb684f887a45277763af848f4ed5b064	-
	ruby-devel-1.6.8-13.el3.x86_64.rpm	ab8155b1c2fcd5797be589439df1025c	-
	ruby-docs-1.6.8-13.el3.x86_64.rpm	f74b00e4c8f04605def20afe1f246d22	-
	ruby-libs-1.6.8-13.el3.i386.rpm	af16c856fdd5898385092bb909c9a24c	-
	ruby-libs-1.6.8-13.el3.x86_64.rpm	29c353c02666cdcdfca95d15489ea183	-
	ruby-mode-1.6.8-13.el3.x86_64.rpm	8d71d01a8e095efb77749477b260dfb0	-
	ruby-tcltk-1.6.8-13.el3.x86_64.rpm	b51cbf949d069093ac831b7412303c1e	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team