Mailinglist Archive: opensuse-updates (68 mails)

< Previous Next >
openSUSE-SU-2012:0228-1: moderate: Ruby: Update to 1.8,6p357
openSUSE Security Update: Ruby: Update to 1.8,6p357
______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:0228-1
Rating: moderate
References: #704409 #739122
Cross-References: CVE-2011-2686 CVE-2011-2705 CVE-2011-3009
CVE-2011-4815
Affected Products:
openSUSE 11.4
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.
It includes one version update.

Description:

This update of ruby provides 1.8.7p357, which contains many
stability fixes and bug fixes, which are fully compatible
with the previous version. You can review the detailed list
here:

http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_357/ChangeLo
g

The particularly noteworthy fixes are:

- Hash functions are now using a randomized seed to avoid
algorithmic complexity attacks (CVE-2011-4815). For this
OpenSSL::Random.seed at the SecureRandom.random_bytes is
used if available.
- mkconfig.rb: fix for continued lines.
- Fix Infinity to be greater than any bignum number.
- initialize store->ex_data.sk.
- some IPv6 related fixes
- zlib fixes
- reinitialize PRNG when forking children
(CVE-2011-2686/CVE-2011-3009)
- securerandom fixes (CVE-2011-2705)
- uri route_to fixes
- fix race condition with variables and autoload


Special Instructions and Notes:

Please reboot the system after installing this update.This
update triggers a restart of the software management stack.
More updates will be available for installation after
applying this update and restarting the application. This
update triggers a restart of the software management stack.
More updates will be available for installation after
applying this update and restarting the application.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch ruby-5660

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.4 (i586 x86_64) [New Version: 1.8.7.p357]:

ruby-1.8.7.p357-0.2.1
ruby-devel-1.8.7.p357-0.2.1
ruby-examples-1.8.7.p357-0.2.1
ruby-test-suite-1.8.7.p357-0.2.1
ruby-tk-1.8.7.p357-0.2.1

- openSUSE 11.4 (noarch) [New Version: 1.8.7.p357]:

ruby-doc-html-1.8.7.p357-0.2.1
ruby-doc-ri-1.8.7.p357-0.2.1


References:

http://support.novell.com/security/cve/CVE-2011-2686.html
http://support.novell.com/security/cve/CVE-2011-2705.html
http://support.novell.com/security/cve/CVE-2011-3009.html
http://support.novell.com/security/cve/CVE-2011-4815.html
https://bugzilla.novell.com/704409
https://bugzilla.novell.com/739122


< Previous Next >
This Thread
  • No further messages