Security update for ruby
SUSE Security Update: Security update for ruby
This update of ruby provides 1.8.7p357, which contains many
stability fixes and bug fixes while maintaining full
compatibility with the previous version. A detailailed
list of changes is available from
http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_357/ChangeLo
g
The most important fixes are:
* Hash functions are now using a randomized seed to
avoid algorithmic complexity attacks. If available,
OpenSSL::Random.seed at the SecureRandom.random_bytes is
used to achieve this. (CVE-2011-4815
> )
* mkconfig.rb: fix for continued lines.
* Fix Infinity to be greater than any bignum number.
* Initialize store->ex_data.sk.
* Several IPv6 related fixes.
* Fixes for zlib.
* Reinitialize PRNG when forking children
(CVE-2011-2686
> , CVE-2011-3009
> )
* Fixes to securerandom. (CVE-2011-2705
> )
* Fix uri route_to
* Fix race condition with variables and autoload.
| Announcement ID: | SUSE-SU-2012:0147-1 |
| Rating: | moderate |
| References: | #704409 #739122 #740796 |
| Affected Products: |
An update that fixes four vulnerabilities is now available. It includes two new package versions.
Description:
This update of ruby provides 1.8.7p357, which contains many
stability fixes and bug fixes while maintaining full
compatibility with the previous version. A detailailed
list of changes is available from
http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_357/ChangeLo
g
The most important fixes are:
* Hash functions are now using a randomized seed to
avoid algorithmic complexity attacks. If available,
OpenSSL::Random.seed at the SecureRandom.random_bytes is
used to achieve this. (CVE-2011-4815
* mkconfig.rb: fix for continued lines.
* Fix Infinity to be greater than any bignum number.
* Initialize store->ex_data.sk.
* Several IPv6 related fixes.
* Fixes for zlib.
* Reinitialize PRNG when forking children
(CVE-2011-2686
* Fixes to securerandom. (CVE-2011-2705
* Fix uri route_to
* Fix race condition with variables and autoload.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- WebYaST [Appliance - Tools]:
zypper in -t patch slewyst1sp1-ruby-187p357-5716 slewystsp1-ruby-187p357-5716 - WebYaST 1.2:
zypper in -t patch slewyst12-ruby-187p357-5715 - SUSE Studio Standard Edition 1.2:
zypper in -t patch sleslms12-ruby-187p357-5715 - SUSE Studio Onsite 1.2:
zypper in -t patch slestso12-ruby-187p357-5715 - SUSE Studio Onsite 1.1:
zypper in -t patch slestsosp1-ruby-187p357-5716 - SUSE Studio Extension for System z 1.2:
zypper in -t patch slestso12-ruby-187p357-5715 - SUSE Linux Enterprise Software Development Kit 11 SP1:
zypper in -t patch sdksp1-ruby-187p357-5716 - SUSE Linux Enterprise Server 11 SP1 for VMware:
zypper in -t patch slessp1-ruby-187p357-5716 - SUSE Linux Enterprise Server 11 SP1:
zypper in -t patch slessp1-ruby-187p357-5716 - SUSE Linux Enterprise Desktop 11 SP1:
zypper in -t patch sledsp1-ruby-187p357-5716 - SUSE Lifecycle Management Server 1.1 [Appliance - Tools]:
zypper in -t patch sleslmssp1-ruby-187p357-5716
To bring your system up-to-date, use "zypper patch".
Package List:
- WebYaST [Appliance - Tools] (i586 ia64 ppc64 s390x x86_64) [New Version: 0.4.0 and 1.8.7.p357]:
- ruby-dbus-0.4.0-0.9.4
- ruby-devel-1.8.7.p357-0.7.1
- WebYaST 1.2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.7.p357]:
- ruby-dbus-0.4.0-0.9.4
- ruby-devel-1.8.7.p357-0.7.1
- SUSE Studio Standard Edition 1.2 (x86_64) [New Version: 1.8.7.p357]:
- ruby-dbus-0.4.0-0.9.4
- ruby-devel-1.8.7.p357-0.7.1
- SUSE Studio Onsite 1.2 (x86_64) [New Version: 1.8.7.p357]:
- ruby-dbus-0.4.0-0.9.4
- ruby-devel-1.8.7.p357-0.7.1
- SUSE Studio Onsite 1.1 (x86_64) [New Version: 1.8.7.p357]:
- ruby-dbus-0.4.0-0.9.4
- ruby-devel-1.8.7.p357-0.7.1
- SUSE Studio Extension for System z 1.2 (s390x) [New Version: 1.8.7.p357]:
- ruby-devel-1.8.7.p357-0.7.1
- SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.7.p357]:
- ruby-devel-1.8.7.p357-0.7.1
- ruby-doc-ri-1.8.7.p357-0.7.1
- ruby-examples-1.8.7.p357-0.7.1
- ruby-test-suite-1.8.7.p357-0.7.1
- SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64) [New Version: 1.8.7.p357]:
- ruby-doc-html-1.8.7.p357-0.7.1
- ruby-tk-1.8.7.p357-0.7.1
- SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 1.8.7.p357]:
- ruby-1.8.7.p357-0.7.1
- ruby-doc-html-1.8.7.p357-0.7.1
- ruby-tk-1.8.7.p357-0.7.1
- SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.7.p357]:
- ruby-1.8.7.p357-0.7.1
- ruby-doc-html-1.8.7.p357-0.7.1
- ruby-tk-1.8.7.p357-0.7.1
- SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 1.8.7.p357]:
- ruby-1.8.7.p357-0.7.1
- SUSE Lifecycle Management Server 1.1 [Appliance - Tools] (x86_64) [New Version: 1.8.7.p357]:
- ruby-dbus-0.4.0-0.9.4
- ruby-devel-1.8.7.p357-0.7.1
References:
- http://support.novell.com/security/cve/CVE-2011-2686.html
- http://support.novell.com/security/cve/CVE-2011-2705.html
- http://support.novell.com/security/cve/CVE-2011-3009.html
- http://support.novell.com/security/cve/CVE-2011-4815.html
- https://bugzilla.novell.com/704409
- https://bugzilla.novell.com/739122
- https://bugzilla.novell.com/740796
- http://download.suse.com/patch/finder/?keywords=04214679f41728fe49ac9a6f9d32da7f
- http://download.suse.com/patch/finder/?keywords=e0d0ef7ec3aa01a87e6c002c3f147d73