Updated ruby193-ruby packages that fix three security issues are nowavailable for Red Hat Software Collections 1.Red Hat Product Security has rated this update as having Moderate securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

Ruby is an extensible, interpreted, object-oriented, scripting language.It has features to process text files and to perform system managementtasks.Multiple denial of service flaws were found in the way the Ruby REXML XMLparser performed expansion of parameter entities. A specially crafted XMLdocument could cause REXML to use an excessive amount of CPU and memory.(CVE-2014-8080, CVE-2014-8090)A stack-based buffer overflow was found in the implementation of the RubyArray pack() method. When performing base64 encoding, a single byte couldbe written past the end of the buffer, possibly causing Ruby to crash.(CVE-2014-4975)The CVE-2014-8090 issue was discovered by Red Hat Product Security.All ruby193-ruby users are advised to upgrade to these updated packages,which contain backported patches to correct these issues. All runninginstances of Ruby need to be restarted for this update to take effect.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.This update is available via the Red Hat Network. Details on how to use theRed Hat Network to apply this update are available athttps://access.redhat.com/articles/11258Red Hat Software Collections 1 for RHEL 6

SRPMS:
ruby193-ruby-1.9.3.484-50.el6.src.rpm
    MD5: 035f55f53268998a82dbdc600394a737SHA-256: ba4060d197da06803219813299fac0453c5500d898a3f3e3fec1216db4711c3b
 
x86_64:
ruby193-ruby-1.9.3.484-50.el6.x86_64.rpm
    MD5: 75e757f524c5906b9a9956c7dc8c80c5SHA-256: cec82a8781cc385bdb3b2fcf478cab11aac2a34f1cadd9881b78dc5a14040a33
ruby193-ruby-debuginfo-1.9.3.484-50.el6.x86_64.rpm
    MD5: 7553962e78ea5aea4819b0d2baa8f71bSHA-256: d1a07789caaab51f54268ac1680a99eaf18daf87dfb88a1ceff03a3e0b5287e1
ruby193-ruby-devel-1.9.3.484-50.el6.x86_64.rpm
    MD5: 2a4c27dd8e43e02e1a73f7b2f54021efSHA-256: 74b01bc6254a004acb07db9497ffe35537b12e4cc643a585d0a51b2b26ee0959
ruby193-ruby-doc-1.9.3.484-50.el6.x86_64.rpm
    MD5: 335119e73fb2d0ba516cece22c5f3528SHA-256: 056f5397ae901c899ede5b54f0bdbb0ac11398365018e94eacd2a9cdd118cb71
ruby193-ruby-irb-1.9.3.484-50.el6.noarch.rpm
    MD5: ef593721a47d825c74a22af71a50339dSHA-256: 04bc8ac5ba4fc462e4e19f5547e20f3650049df82f0e93c51e136869d1b5dea2
ruby193-ruby-libs-1.9.3.484-50.el6.x86_64.rpm
    MD5: 127974de610dfff7f4f363d905b7928fSHA-256: 728d62747cf93a03bab272233ff523300672c445ae5bf3429f6ac5d5cfbf63d4
ruby193-ruby-tcltk-1.9.3.484-50.el6.x86_64.rpm
    MD5: 8cc578e2ca061ef8bb818f4c7983b38bSHA-256: b4764b176a59d0062ccf8f9b268961c125dfc9be280d21b6b3ca3672efbc7758
ruby193-rubygem-bigdecimal-1.1.0-50.el6.x86_64.rpm
    MD5: ace64855b57cb1cd6a26196d8212221eSHA-256: 4eda944ca185a921d7b2ea49f163d93dece655b71ff281b5ce93efe6a95aff09
ruby193-rubygem-io-console-0.3-50.el6.x86_64.rpm
    MD5: d45da2ae6cef18b0e99e5cd28c69489fSHA-256: bc2acef6bf4f7069a0c945d5ff32623af821bf9fbd8aa0aa89fce81cc0e7ef6e
ruby193-rubygem-json-1.5.5-50.el6.x86_64.rpm
    MD5: f3d8e92bea9d3fa85cd649396df4117eSHA-256: 8fa2f32a20d8024c42aa7f01b6a3d6801bd6954238f04f376907cf3807a4660c
ruby193-rubygem-minitest-2.5.1-50.el6.noarch.rpm
    MD5: c5a550a17f5c1e5099b715750d8891ebSHA-256: 0c55e75281cafd1e122ece3c84014c2ddeb1f36a3f6324c45fbb16a1f4d48b16
ruby193-rubygem-rake-0.9.2.2-50.el6.noarch.rpm
    MD5: f84b10b47312a9f7ed8b4036d0f12140SHA-256: 334c065e811b793cfae12a7fd0ddedee49f43a679fed2315f350c253aeb82f3d
ruby193-rubygem-rdoc-3.9.5-50.el6.x86_64.rpm
    MD5: a811fab7de4c2648db644d5a42e8e544SHA-256: 64cebd6b6217c6287b665823dffbdb2358618f7b441939b2ff18d55dc58e3250
ruby193-rubygems-1.8.23-50.el6.noarch.rpm
    MD5: 8bf05d1375e3b4c004b41c3adf44f5e0SHA-256: df05d4f919313debd5dbe08d81d270e0dafca7e94ba9b7a397770caaeff6e6ad
ruby193-rubygems-devel-1.8.23-50.el6.noarch.rpm
    MD5: 0b41e50994ab04c7ef85055e44a8f49cSHA-256: a5c5703bd1d6a36a0d81e56ba21051076949565c9dae41d4d845c04717efde8f
 
Red Hat Software Collections 1 for RHEL 7

SRPMS:
ruby193-ruby-1.9.3.484-50.el7.src.rpm
    MD5: ea138f5672ff32ec6a57bfeea89cb2d0SHA-256: 4e4a22825f63471b111c7054dec711a125424ff96556325c06da10d70da12866
 
x86_64:
ruby193-ruby-1.9.3.484-50.el7.x86_64.rpm
    MD5: 5fd1e126b3baf74e87097febbfae379fSHA-256: 0410fec8c619cd74c73ae9b0a1095fa3cbff24db434840c01a9fb28ced56565a
ruby193-ruby-debuginfo-1.9.3.484-50.el7.x86_64.rpm
    MD5: 31856d7b8eec21e5c4219e45154f1142SHA-256: abdbeeabe8054180d462022a745ee351cbb9f8485785bee85c8a6455ac837edf
ruby193-ruby-devel-1.9.3.484-50.el7.x86_64.rpm
    MD5: 113a832e6f9120d0dd7e56e4843f26f1SHA-256: 355e6d76435236acf2f82076e3fa3884d77602daca770f81dd8197670c8c19ba
ruby193-ruby-doc-1.9.3.484-50.el7.x86_64.rpm
    MD5: f3352d21fc9703d43663ca9dbf78f2c9SHA-256: cd64b4f06f97c712f4aa3e2006adb6bc2ea99e6a3cc02a8028297fe0a912a4c2
ruby193-ruby-irb-1.9.3.484-50.el7.noarch.rpm
    MD5: 1092a7cd92156fad4ee214adfdf4616eSHA-256: b9b87cedd5d175543c81300b2024b5d0db37771bc9aeaae6a07846339bb57177
ruby193-ruby-libs-1.9.3.484-50.el7.x86_64.rpm
    MD5: e11130a9a127cef0ed48d1f82ab061bdSHA-256: de857fc606c517598f6b60cb65c1b4a3eb0fdf10b6d0592cf03b11538682fa12
ruby193-ruby-tcltk-1.9.3.484-50.el7.x86_64.rpm
    MD5: cbcfc87c7bcc71cc930e379c40052d5fSHA-256: 52a2b39deee1926f3535860cfa509bd8f60ba6966c59eb1b29783ee975e39744
ruby193-rubygem-bigdecimal-1.1.0-50.el7.x86_64.rpm
    MD5: 1eb24a6c765a2e9fb578cb597f54a5d6SHA-256: 5cfdf09b42454f1656774c643cd18941e1087845fbcaa6b3d7f56a5358b8baa6
ruby193-rubygem-io-console-0.3-50.el7.x86_64.rpm
    MD5: 08c6a760ade62965f533209fa9186d3fSHA-256: 35a46aecd50105e068833b199b89d24ea6165da635e409fb8f4f2cd19f5b72e7
ruby193-rubygem-json-1.5.5-50.el7.x86_64.rpm
    MD5: a85659f5f1d466cfb983e3b2764aa312SHA-256: 142b627b6d626de418bc0ee1c6cc90679a00d1d8419fa7a67ef5149e29297e1d
ruby193-rubygem-minitest-2.5.1-50.el7.noarch.rpm
    MD5: 5e3a76c1da46a9a7f040f5060f053b64SHA-256: 70f3e6f569fc20c2353130195c4ddf35eb6095ef6b5ec8dd7307f479eeb1b50a
ruby193-rubygem-rake-0.9.2.2-50.el7.noarch.rpm
    MD5: 015b9c5155ef939fa6832aafb36d5498SHA-256: df3aa24124615990e5a28abf3623a5529103f0469ed57453af26155485193ad0
ruby193-rubygem-rdoc-3.9.5-50.el7.x86_64.rpm
    MD5: ed2e02427506cd9c51b89f523f277920SHA-256: 4d35d29c83f846bd3a5d924c2b12e2a17e0a47680836abd6c3c68e9d28119e2f
ruby193-rubygems-1.8.23-50.el7.noarch.rpm
    MD5: 245feb297fc2d419227ec8ab649d2b35SHA-256: f269183c85ccf13d3858e7cd47929000eda3339e80204fe11526a43ec93deb93
ruby193-rubygems-devel-1.8.23-50.el7.noarch.rpm
    MD5: ca33da6f1f09514d96274fb979b4ffb6SHA-256: 2aabf0aaf93df1186bd37873f883b0fcacfcee8074516040b1c589f726751b23
 
(The unlinked packages above are only available from the Red Hat Network)
1118158 – CVE-2014-4975 ruby: off-by-one stack-based buffer overflow in the encodes() function1157709 – CVE-2014-8080 ruby: REXML billion laughs attack via parameter entity expansion1159927 – CVE-2014-8090 ruby: REXML incomplete fix for CVE-2014-8080

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply