ruby-1.8.5-5.7.1AXS3

エラータID: AXSA:2009-78:01

リリース日: 
2009/07/22 Wednesday - 11:20
題名: 
ruby-1.8.5-5.7.1AXS3
影響のあるチャネル: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- APOP には、プロトコル上の問題でパスワード解読が可能なため、第三者にパスワードが漏えいする問題があります。(CVE-2007-1558)

- Ruby の ext/openssl/ossl_ocsp.c には、OCSP_basic_verify 関数からの戻り値が適切にチェックされない為、X.509 証明書に関する脆弱性が存在します。(CVE-2009-0642)

- Ruby の BigDecimal ライブラリで float 型に変換する際に大きな数を表す文字列によって攻撃者がサービス拒否 (アプリケーションのクラッシュ) を引き起こす脆弱性があります。(CVE-2009-1904)

一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2007-1558
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
CVE-2009-0642
ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate.
CVE-2009-1904
The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.




追加情報: 

N/A

ダウンロード: 

SRPMS
  1. ruby-1.8.5-5.7.1AXS3.src.rpm
    MD5: bad8670e9e36b4d32a41544dce06eb5b
    SHA-256: b929ea3c7bfb84e1cad81400e5d8be1f5ab40e11e8129fa57b02b88641c47c2a
    Size: 5.36 MB

Asianux Server 3 for x86
  1. ruby-1.8.5-5.7.1AXS3.i386.rpm
    MD5: e97c2ce46666349cbc9730011cc082f5
    SHA-256: 80e021adb25cc6f968092eda4c249444e05527c03e652cbc2195385612a598b7
    Size: 283.79 kB
  2. ruby-devel-1.8.5-5.7.1AXS3.i386.rpm
    MD5: 3fe0d37518b77ef6f643e1a96c70b245
    SHA-256: cb6b28ad4e08834e43315d614307b1de1a0975434d9df530c64ca22b69c2de48
    Size: 549.57 kB
  3. ruby-docs-1.8.5-5.7.1AXS3.i386.rpm
    MD5: cfa2b5e2e628a3410874720c3cd170d2
    SHA-256: 55522c8a6cfec7ace01e90a82f1789fce7fa410e086d02c9ab54fc32ae459cea
    Size: 1.50 MB
  4. ruby-irb-1.8.5-5.7.1AXS3.i386.rpm
    MD5: 55c425c6b0eef1e72c660a9a1f36f0b5
    SHA-256: aa008a7782cbfe6377766f2c9676cdbe14044ed77a8f7004fd54b3f35df509af
    Size: 70.24 kB
  5. ruby-libs-1.8.5-5.7.1AXS3.i386.rpm
    MD5: eca68920d8555429165e88f9fb5dd7e8
    SHA-256: 1e1deba6bf19caa9e9776d8db595da628812a14960c193b9747acd03efeaf442
    Size: 1.64 MB
  6. ruby-mode-1.8.5-5.7.1AXS3.i386.rpm
    MD5: 994067c3693cbf7b45704abbe0012a47
    SHA-256: a91941f2c78337dfb6e7a1251d2b921d29472d3bf39d93a5abc52546dd7da1a9
    Size: 54.68 kB
  7. ruby-tcltk-1.8.5-5.7.1AXS3.i386.rpm
    MD5: e3ec19f4fcbf3de6564f17a728c52ea4
    SHA-256: 8fdae449dc591499017686e18e6d43048196c574946ec4cd6cf47b66af4a37d1
    Size: 1.67 MB

Asianux Server 3 for x86_64
  1. ruby-1.8.5-5.7.1AXS3.x86_64.rpm
    MD5: 1b0eb332e73b31f9a79e11230ee94735
    SHA-256: e700a70b5851ab42307ee6953c20302367f69196c7c575e25efbdf8dfd6a57dd
    Size: 283.72 kB
  2. ruby-devel-1.8.5-5.7.1AXS3.x86_64.rpm
    MD5: 9fa3e3d99dfe4b573f6fb48ecf7c090b
    SHA-256: 8850d3e6a628c242b1d5ddde37b595d2ce986319971eb44f6f22dfbd41f65986
    Size: 557.81 kB
  3. ruby-docs-1.8.5-5.7.1AXS3.x86_64.rpm
    MD5: 6e00cf6ad8b6119840e4bb5c02ad4155
    SHA-256: 7d4dfd797259282cb352ef2fba51ce3b8ac68d8b11f5c546197247efc957838c
    Size: 1.50 MB
  4. ruby-irb-1.8.5-5.7.1AXS3.x86_64.rpm
    MD5: df3a19135913d2e7483bab6a3c659baa
    SHA-256: 49d9d1c0ee7a9ea9d494e1cbd912b5006ad12475da1405f5e87f80c0fc1b0538
    Size: 70.08 kB
  5. ruby-libs-1.8.5-5.7.1AXS3.x86_64.rpm
    MD5: 9a47758a4a5c285ec82a70f6d74573c0
    SHA-256: de9d588d0903bda571bf24700755ff3e5a50cac6d4aa1f09d1ab7061f5b5d5f4
    Size: 1.65 MB
  6. ruby-mode-1.8.5-5.7.1AXS3.x86_64.rpm
    MD5: 4a5ca37910f80fab5f79a3aa61327b30
    SHA-256: 80f29ecd67f903f2eea0412e0580bdbd9d83e2cb50d9751c7dd2aa2e4d48cd5a
    Size: 54.81 kB
  7. ruby-tcltk-1.8.5-5.7.1AXS3.x86_64.rpm
    MD5: 8c7caab5ed4bb53a5b0d5878f671e22d
    SHA-256: c8fc0081d6b8352e7a35b4a47a7e8f6123be92fdbc7819a41c34e3beb1f2aa1c
    Size: 1.67 MB