Mailinglist Archive: opensuse-updates (119 mails)

< Previous Next >
openSUSE-SU-2013:0376-1: moderate: ruby19 to 1.9.3 p385
openSUSE Security Update: ruby19 to 1.9.3 p385
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:0376-1
Rating: moderate
References: #783511 #789983 #791199 #802406
Cross-References: CVE-2012-4464 CVE-2012-4466 CVE-2012-4522
CVE-2012-5371 CVE-2013-0256
Affected Products:
openSUSE 12.2
______________________________________________________________________________

An update that fixes 5 vulnerabilities is now available.

Description:


ruby19 was updated to fix various bugs and security issues:

Update to 1.9.3 p385 (bnc#802406)
- XSS exploit of RDoc documentation generated by rdoc
(CVE-2013-0256)
- for other changes see
/usr/share/doc/packages/ruby19/Changelog

Update to 1.9.3 p327 (bnc#789983)
- CVE-2012-5371 and plenty of other fixes

Update to 1.9.3 p286 (bnc#783511, bnc#791199)
- This release includes some security fixes, and many other
bug fixes. $SAFE escaping vulnerability about
Exception#to_s / NameError#to_s (CVE-2012-4464,
CVE-2012-4466)
- Unintentional file creation caused by inserting an
illegal NUL character many other bug fixes.
(CVE-2012-4522)

Also following bugfixes and packaging fixes were done:
- make sure the rdoc output is more stable for
build-compare (new patch ruby-sort-rdoc-output.patch)
- readd the private header *atomic.h
- remove build depencency on ca certificates - only causing
cycles
- one more header needed for rubygem-ruby-debug-base19
- install vm_core.h and its dependencies as ruby-devel-extra
- move the provides to the ruby package instead
- add provides for the internal gems
- restore the old ruby macros and the gem wrapper script
- gem_install_wrapper no longer necessary


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-167

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.2 (i586 x86_64):

ruby19-1.9.3.p385-3.18.1
ruby19-debuginfo-1.9.3.p385-3.18.1
ruby19-debugsource-1.9.3.p385-3.18.1
ruby19-devel-1.9.3.p385-3.18.1
ruby19-devel-extra-1.9.3.p385-3.18.1
ruby19-tk-1.9.3.p385-3.18.1
ruby19-tk-debuginfo-1.9.3.p385-3.18.1

- openSUSE 12.2 (noarch):

ruby19-doc-ri-1.9.3.p385-3.18.1


References:

http://support.novell.com/security/cve/CVE-2012-4464.html
http://support.novell.com/security/cve/CVE-2012-4466.html
http://support.novell.com/security/cve/CVE-2012-4522.html
http://support.novell.com/security/cve/CVE-2012-5371.html
http://support.novell.com/security/cve/CVE-2013-0256.html
https://bugzilla.novell.com/783511
https://bugzilla.novell.com/789983
https://bugzilla.novell.com/791199
https://bugzilla.novell.com/802406


< Previous Next >
This Thread
  • No further messages