ruby-1.8.7.352-3.0.1.AXS4

エラータID: AXSA:2012-54:01

Release date: 
Wednesday, February 1, 2012 - 12:54
Subject: 
ruby-1.8.7.352-3.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
Low
Description: 

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible.
Security issues fixed with this release:
CVE-2011-2705
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.
CVE-2011-3009
Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.

Solution: 

Update packages.

CVEs: 
CVE-2011-2705
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.
CVE-2011-3009
Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.
Additional Info: 

N/A

Download: 

SRPMS
  1. ruby-1.8.7.352-3.0.1.AXS4.src.rpm
    MD5: ab76687f71a7e62b10e86c6cbc7e518a
    SHA-256: 486f48cc7e725e1a428bc86724dffdfeef0c9b1710026b97e0ba5c79f219554c
    Size: 8.28 MB

Asianux Server 4 for x86
  1. ruby-1.8.7.352-3.0.1.AXS4.i686.rpm
    MD5: c1077a522cd17987f35731a7db2951b6
    SHA-256: 7f57fc0c9ed31e547b6437c02cf503f02ad551b71009b0a352577840160431ff
    Size: 531.37 kB
  2. ruby-irb-1.8.7.352-3.0.1.AXS4.i686.rpm
    MD5: a7692b96cc057f380e697cdcd3073e27
    SHA-256: edfc03f4410214e5de008a116d5e7863d6737d51c69ac3c78322647afa3322d7
    Size: 310.56 kB
  3. ruby-libs-1.8.7.352-3.0.1.AXS4.i686.rpm
    MD5: 49a0811ea8847ce2e440f3dcfa8ac30e
    SHA-256: 784b5b920ff2c48530dff58a7754033d4a217f879504b58e221d7194730e2ff5
    Size: 1.64 MB

Asianux Server 4 for x86_64
  1. ruby-1.8.7.352-3.0.1.AXS4.x86_64.rpm
    MD5: f4b9536b2b9f55c97f902bf459b21af2
    SHA-256: b0da0c2172a84f72b1b3a0cc9428ff14a531ccc5b4c482cf1f4f255e997cceed
    Size: 531.07 kB
  2. ruby-irb-1.8.7.352-3.0.1.AXS4.x86_64.rpm
    MD5: 02436b1e06e9aeb48ef15a2e6cda84cc
    SHA-256: ccc652baf8fa614b77129e3a62a70e529bf4424cf5b8538c70909d4c5b265aa8
    Size: 310.09 kB
  3. ruby-libs-1.8.7.352-3.0.1.AXS4.x86_64.rpm
    MD5: 42d7551ff2acbaa7d54bef89dbca873c
    SHA-256: 5b8d95b2b15a4ac37755abcbef02d0fcbf5a9406fae28a083066bc05172ca3b2
    Size: 1.64 MB
  4. ruby-libs-1.8.7.352-3.0.1.AXS4.i686.rpm
    MD5: 49a0811ea8847ce2e440f3dcfa8ac30e
    SHA-256: 784b5b920ff2c48530dff58a7754033d4a217f879504b58e221d7194730e2ff5
    Size: 1.64 MB