ruby-1.8.5-5.6
エラータID: AXSA:2008-536:04
リリース日:
2008/12/24 Wednesday - 12:20
題名:
ruby-1.8.5-5.6
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Asianux Server 3 for ppc
Asianux Server 3 for ia64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- WEBrick の httputils.rb に脆弱性が発見されました。攻撃者は巧妙な HTTP リクエストを用いて CPU 資源を大量消費させるサービス運用妨害 (DoS)を引き起こす可能性があります。
この問題は、CVE-2008-3656 の修正が不完全であったことが原因でした。(CVE-2008-4310)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2008-4310
httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.
httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.
追加情報:
N/A
ダウンロード:
SRPMS
- ruby-1.8.5-5.6.src.rpm
MD5: 3c153ef809c8328191835d4acc883ac4
SHA-256: eb0452a9305bb05e55d07bef2775daac1b88e9fe1fb7c5ec94731806c26c7928
Size: 5.36 MB
Asianux Server 3 for x86
- ruby-1.8.5-5.6.i386.rpm
MD5: 2ac68d8009e0458c34e71a775417d6db
SHA-256: 07620b223ace3df01e98ba673732cb115548ea5d88aad4e1860ef09974e6bb15
Size: 283.41 kB - ruby-devel-1.8.5-5.6.i386.rpm
MD5: 05ce64ee12d36b19dc1d9a2bba82323b
SHA-256: 6db94f08c901ca345c41c62d8ed24997b0b90b070c63294828d79000654f98b0
Size: 549.69 kB - ruby-docs-1.8.5-5.6.i386.rpm
MD5: f55d905a3bc5eaaa8a97016dcff0193a
SHA-256: 28709e0bfce3b2bf3318f3d4cc12aedee7faefa69a040780c3c3cd4455970d32
Size: 1.50 MB - ruby-irb-1.8.5-5.6.i386.rpm
MD5: 4775531d0cadf9f3634708d9fa1a4246
SHA-256: cb3dd8a3dceabf144593a74294c8c989e6950f8d131e4d5e8efc75dab81c9de7
Size: 69.75 kB - ruby-libs-1.8.5-5.6.i386.rpm
MD5: ec838729c5c1a32eaa98f0d3ea65acb4
SHA-256: 9b7603fd8d5137c700806bdaecfb8de8a7403c7b868916daf706ec0ed69e7966
Size: 1.64 MB - ruby-mode-1.8.5-5.6.i386.rpm
MD5: e655467b061c673937970b87e0be004e
SHA-256: 8ce0730adc9a025390bfbca8e8c75a59ece9c7be0faac0d9f319c867e5598221
Size: 54.59 kB - ruby-tcltk-1.8.5-5.6.i386.rpm
MD5: 6e200ffd76be526bbd92b00b50e25b8a
SHA-256: 645c813cecc2581cd94350de556a53e7e292f154a1294269d817d9213fc948eb
Size: 1.67 MB
Asianux Server 3 for x86_64
- ruby-1.8.5-5.6.x86_64.rpm
MD5: cdb8a9efb3a522724f8d76b9a8dfbbcf
SHA-256: 125ca83111e6b0d4192d02b1339b97490d66547cc272c7dacf28d594b8b197b7
Size: 283.22 kB - ruby-devel-1.8.5-5.6.x86_64.rpm
MD5: e7845bfd2dcdf120623fa0091a055dc6
SHA-256: 1f08e0b2401a804c7c46831722b445de06e2ec9d02f435d0046401f30702b513
Size: 557.85 kB - ruby-docs-1.8.5-5.6.x86_64.rpm
MD5: 03b128fdcf9e18e63259d8ad51d21e14
SHA-256: fdc69162e2e5b0f9bfa682eada825cbb4874232ed6b6c3dd270dbcf6be96d0d1
Size: 1.50 MB - ruby-irb-1.8.5-5.6.x86_64.rpm
MD5: fb946df879ee5299365807aa9e5a1483
SHA-256: e1138ac8f0929e252eda98b482be188219f77a96310bdad7fa9d3440b6ef59c0
Size: 69.85 kB - ruby-libs-1.8.5-5.6.x86_64.rpm
MD5: 02b6ce0ad99faabf9c208d283ae1545f
SHA-256: ab61a2ef936aaeeda7c98f4575503de37ee45993099332577ea835ba6fd94d0d
Size: 1.65 MB - ruby-mode-1.8.5-5.6.x86_64.rpm
MD5: 2a59cc899c0c5e7c5c2b4000a37236af
SHA-256: de7a60c2c5c85721d75a11a07a678b58ac5d8b7d83c9f35012ec527d7720e56a
Size: 54.38 kB - ruby-tcltk-1.8.5-5.6.x86_64.rpm
MD5: 65f81eedaae9242c10591e30c49ad283
SHA-256: 6be190ddcd56cbc5eca4bcebfe70c33d1b13657e539861e580774184efb33a0f
Size: 1.67 MB