ruby-1.8.7.299-7.1.0.1.AXS4
エラータID: AXSA:2011-614:01
Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible.
Security issues fixed with this release:
CVE-2011-0188
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."
CVE-2011-1004
The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.
CVE-2011-1005
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.
Update packages.
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."
The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.
From Asianux Server 4 SP1.
SRPMS
- ruby-1.8.7.299-7.1.0.1.AXS4.src.rpm
MD5: 579bdf507aa162acc03d004a2b8d7cfa
SHA-256: c4819dac6349b816b961412cb5b8e43f21ce7d278535bcfe63b4aef2d569bc3b
Size: 8.25 MB
Asianux Server 4 for x86
- ruby-1.8.7.299-7.1.0.1.AXS4.i686.rpm
MD5: 1a3b4ff73ac86a8211b48c854ab4c216
SHA-256: 22dbddebdf2ec77dc140b058158920c515ff262c40bae393527691015b7e4413
Size: 525.06 kB - ruby-irb-1.8.7.299-7.1.0.1.AXS4.i686.rpm
MD5: 4b407638c6a05ce632da3b77d88833e8
SHA-256: dae1d47d66e666f8fcf1080aa04da32c9721bf6f0cbbc879f217d8c2321bc817
Size: 305.40 kB - ruby-libs-1.8.7.299-7.1.0.1.AXS4.i686.rpm
MD5: 6336f06bdafc4664bc5d85dc6f5c746f
SHA-256: ef7703245fe529494ee69fbfa83a06f159c7290f7c67f63d1970f9a52ab2e60a
Size: 1.64 MB
Asianux Server 4 for x86_64
- ruby-1.8.7.299-7.1.0.1.AXS4.x86_64.rpm
MD5: 59dd30809033c8161bd2fc4d75f7f0a7
SHA-256: 4c6887d9240e02993677de825a12b785257c4727a65f9a92d2d4d7a51b0b3441
Size: 524.75 kB - ruby-irb-1.8.7.299-7.1.0.1.AXS4.x86_64.rpm
MD5: d7f52bd9ea9cbb52cfd0ca1ea72c9792
SHA-256: a983da7e0c5079a406e6bccd11ce0e25ab0aa044f241a2ca337f2cf72dadffb4
Size: 304.92 kB - ruby-libs-1.8.7.299-7.1.0.1.AXS4.x86_64.rpm
MD5: 447cab289ccdfe07a49392767962f368
SHA-256: 486a7d3b9ba5819e2aa099356e355059064251a7a3a6af9b1e30f3870ea071df
Size: 1.63 MB - ruby-libs-1.8.7.299-7.1.0.1.AXS4.i686.rpm
MD5: 6336f06bdafc4664bc5d85dc6f5c746f
SHA-256: ef7703245fe529494ee69fbfa83a06f159c7290f7c67f63d1970f9a52ab2e60a
Size: 1.64 MB