openSUSE Security Update: Ruby: Update to 1.8,6p357 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0228-1 Rating: moderate References: #704409 #739122 Cross-References: CVE-2011-2686 CVE-2011-2705 CVE-2011-3009 CVE-2011-4815 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. It includes one version update. Description: This update of ruby provides 1.8.7p357, which contains many stability fixes and bug fixes, which are fully compatible with the previous version. You can review the detailed list here: http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_357/ChangeLo g The particularly noteworthy fixes are: - Hash functions are now using a randomized seed to avoid algorithmic complexity attacks (CVE-2011-4815). For this OpenSSL::Random.seed at the SecureRandom.random_bytes is used if available. - mkconfig.rb: fix for continued lines. - Fix Infinity to be greater than any bignum number. - initialize store->ex_data.sk. - some IPv6 related fixes - zlib fixes - reinitialize PRNG when forking children (CVE-2011-2686/CVE-2011-3009) - securerandom fixes (CVE-2011-2705) - uri route_to fixes - fix race condition with variables and autoload Special Instructions and Notes: Please reboot the system after installing this update.This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch ruby-5660 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 1.8.7.p357]: ruby-1.8.7.p357-0.2.1 ruby-devel-1.8.7.p357-0.2.1 ruby-examples-1.8.7.p357-0.2.1 ruby-test-suite-1.8.7.p357-0.2.1 ruby-tk-1.8.7.p357-0.2.1 - openSUSE 11.4 (noarch) [New Version: 1.8.7.p357]: ruby-doc-html-1.8.7.p357-0.2.1 ruby-doc-ri-1.8.7.p357-0.2.1 References: http://support.novell.com/security/cve/CVE-2011-2686.html http://support.novell.com/security/cve/CVE-2011-2705.html http://support.novell.com/security/cve/CVE-2011-3009.html http://support.novell.com/security/cve/CVE-2011-4815.html https://bugzilla.novell.com/704409 https://bugzilla.novell.com/739122