SUSE-SU-2012:0147-1: moderate: Security update for ruby
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Feb 3 19:08:44 MST 2012
SUSE Security Update: Security update for ruby
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0147-1
Rating: moderate
References: #704409 #739122 #740796
Cross-References: CVE-2011-2686 CVE-2011-2705 CVE-2011-3009
CVE-2011-4815
Affected Products:
WebYaST [Appliance - Tools]
WebYaST 1.2
SUSE Studio Standard Edition 1.2
SUSE Studio Onsite 1.2
SUSE Studio Onsite 1.1
SUSE Studio Extension for System z 1.2
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Desktop 11 SP1
SUSE Lifecycle Management Server 1.1 [Appliance - Tools]
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
It includes two new package versions.
Description:
This update of ruby provides 1.8.7p357, which contains many
stability fixes and bug fixes while maintaining full
compatibility with the previous version. A detailailed
list of changes is available from
http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_357/ChangeLo
g
<http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_357/ChangeL
og> .
The most important fixes are:
* Hash functions are now using a randomized seed to
avoid algorithmic complexity attacks. If available,
OpenSSL::Random.seed at the SecureRandom.random_bytes is
used to achieve this. (CVE-2011-4815
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4815
> )
* mkconfig.rb: fix for continued lines.
* Fix Infinity to be greater than any bignum number.
* Initialize store->ex_data.sk.
* Several IPv6 related fixes.
* Fixes for zlib.
* Reinitialize PRNG when forking children
(CVE-2011-2686
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2686
> , CVE-2011-3009
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3009
> )
* Fixes to securerandom. (CVE-2011-2705
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2705
> )
* Fix uri route_to
* Fix race condition with variables and autoload.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- WebYaST [Appliance - Tools]:
zypper in -t patch slewyst1sp1-ruby-187p357-5716 slewystsp1-ruby-187p357-5716
- WebYaST 1.2:
zypper in -t patch slewyst12-ruby-187p357-5715
- SUSE Studio Standard Edition 1.2:
zypper in -t patch sleslms12-ruby-187p357-5715
- SUSE Studio Onsite 1.2:
zypper in -t patch slestso12-ruby-187p357-5715
- SUSE Studio Onsite 1.1:
zypper in -t patch slestsosp1-ruby-187p357-5716
- SUSE Studio Extension for System z 1.2:
zypper in -t patch slestso12-ruby-187p357-5715
- SUSE Linux Enterprise Software Development Kit 11 SP1:
zypper in -t patch sdksp1-ruby-187p357-5716
- SUSE Linux Enterprise Server 11 SP1 for VMware:
zypper in -t patch slessp1-ruby-187p357-5716
- SUSE Linux Enterprise Server 11 SP1:
zypper in -t patch slessp1-ruby-187p357-5716
- SUSE Linux Enterprise Desktop 11 SP1:
zypper in -t patch sledsp1-ruby-187p357-5716
- SUSE Lifecycle Management Server 1.1 [Appliance - Tools]:
zypper in -t patch sleslmssp1-ruby-187p357-5716
To bring your system up-to-date, use "zypper patch".
Package List:
- WebYaST [Appliance - Tools] (i586 ia64 ppc64 s390x x86_64) [New Version: 0.4.0 and 1.8.7.p357]:
ruby-dbus-0.4.0-0.9.4
ruby-devel-1.8.7.p357-0.7.1
- WebYaST 1.2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.7.p357]:
ruby-dbus-0.4.0-0.9.4
ruby-devel-1.8.7.p357-0.7.1
- SUSE Studio Standard Edition 1.2 (x86_64) [New Version: 1.8.7.p357]:
ruby-dbus-0.4.0-0.9.4
ruby-devel-1.8.7.p357-0.7.1
- SUSE Studio Onsite 1.2 (x86_64) [New Version: 1.8.7.p357]:
ruby-dbus-0.4.0-0.9.4
ruby-devel-1.8.7.p357-0.7.1
- SUSE Studio Onsite 1.1 (x86_64) [New Version: 1.8.7.p357]:
ruby-dbus-0.4.0-0.9.4
ruby-devel-1.8.7.p357-0.7.1
- SUSE Studio Extension for System z 1.2 (s390x) [New Version: 1.8.7.p357]:
ruby-devel-1.8.7.p357-0.7.1
- SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.7.p357]:
ruby-devel-1.8.7.p357-0.7.1
ruby-doc-ri-1.8.7.p357-0.7.1
ruby-examples-1.8.7.p357-0.7.1
ruby-test-suite-1.8.7.p357-0.7.1
- SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64) [New Version: 1.8.7.p357]:
ruby-doc-html-1.8.7.p357-0.7.1
ruby-tk-1.8.7.p357-0.7.1
- SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 1.8.7.p357]:
ruby-1.8.7.p357-0.7.1
ruby-doc-html-1.8.7.p357-0.7.1
ruby-tk-1.8.7.p357-0.7.1
- SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.7.p357]:
ruby-1.8.7.p357-0.7.1
ruby-doc-html-1.8.7.p357-0.7.1
ruby-tk-1.8.7.p357-0.7.1
- SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 1.8.7.p357]:
ruby-1.8.7.p357-0.7.1
- SUSE Lifecycle Management Server 1.1 [Appliance - Tools] (x86_64) [New Version: 1.8.7.p357]:
ruby-dbus-0.4.0-0.9.4
ruby-devel-1.8.7.p357-0.7.1
References:
http://support.novell.com/security/cve/CVE-2011-2686.html
http://support.novell.com/security/cve/CVE-2011-2705.html
http://support.novell.com/security/cve/CVE-2011-3009.html
http://support.novell.com/security/cve/CVE-2011-4815.html
https://bugzilla.novell.com/704409
https://bugzilla.novell.com/739122
https://bugzilla.novell.com/740796
http://download.novell.com/patch/finder/?keywords=04214679f41728fe49ac9a6f9d32da7f
http://download.novell.com/patch/finder/?keywords=e0d0ef7ec3aa01a87e6c002c3f147d73
More information about the sle-security-updates
mailing list