Updated ruby200-ruby packages that fix three security issues are nowavailable for Red Hat Software Collections 1.Red Hat Product Security has rated this update as having Moderate securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

Ruby is an extensible, interpreted, object-oriented, scripting language.It has features to process text files and to perform system managementtasks.Multiple denial of service flaws were found in the way the Ruby REXML XMLparser performed expansion of parameter entities. A specially crafted XMLdocument could cause REXML to use an excessive amount of CPU and memory.(CVE-2014-8080, CVE-2014-8090)A stack-based buffer overflow was found in the implementation of the RubyArray pack() method. When performing base64 encoding, a single byte couldbe written past the end of the buffer, possibly causing Ruby to crash.(CVE-2014-4975)The CVE-2014-8090 issue was discovered by Red Hat Product Security.All ruby200-ruby users are advised to upgrade to these updated packages,which contain backported patches to correct these issues. All runninginstances of Ruby need to be restarted for this update to take effect.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.This update is available via the Red Hat Network. Details on how to use theRed Hat Network to apply this update are available athttps://access.redhat.com/articles/11258Red Hat Software Collections 1 for RHEL 6

SRPMS:
ruby200-ruby-2.0.0.353-24.el6.src.rpm
    MD5: 7c570b0337ffbe7d2ce782cfe6a5b22bSHA-256: d16e2ac1efcf8902f6c9e1a413fa0e11deef4712a579c64bb07f5c88b80f6b41
 
x86_64:
ruby200-ruby-2.0.0.353-24.el6.x86_64.rpm
    MD5: e81e56afc1c190ed84a76184dddd0670SHA-256: a6fe64d5b00963e94827198cee507f9711b5d787eeed638d8ce01e45284c02fa
ruby200-ruby-debuginfo-2.0.0.353-24.el6.x86_64.rpm
    MD5: 64a181c9eb9d402eb7c2bd67253d3f38SHA-256: 1e834c1aa699867809d23ddf89fd73db534a2e5202e89fd908301d5d5e7f52de
ruby200-ruby-devel-2.0.0.353-24.el6.x86_64.rpm
    MD5: 35a406e7fe15933433ecb411b57f417dSHA-256: c64d452f62c812dc68d1aca37a33d8c10c79b392641c459f51c852e74e85385a
ruby200-ruby-doc-2.0.0.353-24.el6.noarch.rpm
    MD5: 077352bc393a53be0dee70fe1ba9e5beSHA-256: a114a6aa26331acca569533247cfb0ab0ef6352ce6aa4d938807a6638e1100e6
ruby200-ruby-irb-2.0.0.353-24.el6.noarch.rpm
    MD5: 8e91f6924304757bb1d12583fdb5d8bcSHA-256: ee4829a3c5a6103ee8d6d58cdac94a0f519b0919f9838027dc2f58b4444c3b5c
ruby200-ruby-libs-2.0.0.353-24.el6.x86_64.rpm
    MD5: 0a8116641d0dc45290f673a1c09686a2SHA-256: 95f2545584ad7d676ee8c408418e07bd50051068d792d6a8691446a9463d7d80
ruby200-ruby-tcltk-2.0.0.353-24.el6.x86_64.rpm
    MD5: b26277077b4fc4809a33e32795f90473SHA-256: 4bb7eb683ca2ba5c250879298e969c93c40d9e11bb8d1311ae22239c91223db1
ruby200-rubygem-bigdecimal-1.2.0-24.el6.x86_64.rpm
    MD5: 4e39ae1e1d3ebc0d6b07c01025515ecaSHA-256: e4da2a27ea2f40afd790701fbdb64d48f65e6e9ef6dc30bc0f227358d79c3d3d
ruby200-rubygem-io-console-0.4.2-24.el6.x86_64.rpm
    MD5: b7a4b7813f00edf92e0c377fb26ce21bSHA-256: 352bf9a2d861ab05c2315577f1a278f95ecb9a5889f64246d7d7d5452d7feca9
ruby200-rubygem-json-1.7.7-24.el6.x86_64.rpm
    MD5: 2b089922beb5f42c2163ec721be490c6SHA-256: b7f16c38afbacc786ece3cceff923a076e2387441f4ebf2abdf11c87a5287ca1
ruby200-rubygem-minitest-4.3.2-24.el6.noarch.rpm
    MD5: 9f0f2264acfad48048be9c4332fb16eaSHA-256: 0fb23251c8134a4fc522b50190842adf0b1f71a27cb73b4a71a6d678f308f21f
ruby200-rubygem-psych-2.0.0-24.el6.x86_64.rpm
    MD5: 62e016e4d4584c090e356a0a953c2441SHA-256: abff7ea58de3f2bb2fca3985d38a868ca31a9738ab4386ec91bca0ca0854e91a
ruby200-rubygem-rake-0.9.6-24.el6.noarch.rpm
    MD5: 28c563fe2b58e831278d9dae3ef1e393SHA-256: db085e4adf9fcb0ec705028e20eae26b938bdc203bace754ad258ee18afa197f
ruby200-rubygem-rdoc-4.0.0-24.el6.noarch.rpm
    MD5: 18e231b6d76ac9096e48a59b7ff27179SHA-256: 105ed34d5d81e02e6dd4b7fc53d8dff76837e8854f6df088835edab7e94c9a3f
ruby200-rubygems-2.0.14-24.el6.x86_64.rpm
    MD5: e645592efcb5e6ec26f11b7755da8f61SHA-256: 5edab9b902ead4d450db06fe433a6335a45e3d7be67baca66791e9ab0534c819
ruby200-rubygems-devel-2.0.14-24.el6.noarch.rpm
    MD5: 55efd103e8cd2068467bb818622bc16cSHA-256: 8440b2245afdf9aad2a499337d1c9d36b95dcbc1e1e641db24edc37cb9883692
 
Red Hat Software Collections 1 for RHEL 7

SRPMS:
ruby200-ruby-2.0.0.353-24.el7.src.rpm
    MD5: 08bb4ccc47462517c74fb81595cafb6eSHA-256: 5a43669276621e0a6fa8c111379b48e7b940102f43c32dd590200d28e355f5f2
 
x86_64:
ruby200-ruby-2.0.0.353-24.el7.x86_64.rpm
    MD5: cc78a88abaf012e793abb5d8cd4cd702SHA-256: ccf116b302fd29d6bcc3c664df96740e7ed116fdfd5ad6f3ab4d2c41817f5a1f
ruby200-ruby-debuginfo-2.0.0.353-24.el7.x86_64.rpm
    MD5: 7f36c78e9e35e15cdd578c7ff536ba9eSHA-256: a7f67d404545151da9a6860499caa3f92d6cd99529c40ad3755b39c24e324d03
ruby200-ruby-devel-2.0.0.353-24.el7.x86_64.rpm
    MD5: 67917f2238e76d69b06a3f098a8780fbSHA-256: 681a2192295ad81fd3c7ede90c3c0d7167953b4c1777a77f18cd0ec89dcf6701
ruby200-ruby-doc-2.0.0.353-24.el7.noarch.rpm
    MD5: 0f6fbaa89462cc122cc3c50e6031cde2SHA-256: ea607713dd8b77823cc1fcc9fd266e7d28c762f1271888ab2241aec0dbd1150a
ruby200-ruby-irb-2.0.0.353-24.el7.noarch.rpm
    MD5: da7bfeb8293176bfbdbb6b49670902c1SHA-256: 667192b81493c2edc9c6a63d556ea74eafa692fea3aa95d468ba3e5cb34563b8
ruby200-ruby-libs-2.0.0.353-24.el7.x86_64.rpm
    MD5: 7b5991bb20f1c3ec6652764263265d92SHA-256: df1d8ad5136a6ca39df08ecd39c9519c37e713e98bc19779aba84fa416316613
ruby200-ruby-tcltk-2.0.0.353-24.el7.x86_64.rpm
    MD5: edcc8e669f9aad29622a9bb81598e173SHA-256: fc1ee5aa6719cab6b97d61a9ebaabfef4c4379b4a160ad0a19a3916089371372
ruby200-rubygem-bigdecimal-1.2.0-24.el7.x86_64.rpm
    MD5: 564673c48cb43630a876ac9faddbb59fSHA-256: 7ac8eb6f61b3fb05d93495e5a0eebcffe66842901e9c415614bb209288a0b6c5
ruby200-rubygem-io-console-0.4.2-24.el7.x86_64.rpm
    MD5: ffa280d9285c49ee9694705c256c1802SHA-256: 65b9dcc3dbb5e85494856b87adfeb00abc72dbac7ca7878a564edba1ac22c52f
ruby200-rubygem-json-1.7.7-24.el7.x86_64.rpm
    MD5: eb1085fbfd2e247232ad846f196ddcafSHA-256: da9ac1b7a55369aa57db9b80b042b47ad3937ab9109c15665246b1441e8af283
ruby200-rubygem-minitest-4.3.2-24.el7.noarch.rpm
    MD5: 6dd9e3362c9933638614d2638f1a1069SHA-256: 983abc13553bed3d463b14bc0741744adc048bdc548ad2f4f83486d64f9d35fb
ruby200-rubygem-psych-2.0.0-24.el7.x86_64.rpm
    MD5: 56487c65d63d78e9c60f73d4fcec3ce8SHA-256: e1f341b45a8b36f130af1b42071f6d1ad6efae44e884887270fdfe32cb9b72eb
ruby200-rubygem-rake-0.9.6-24.el7.noarch.rpm
    MD5: 1968bf3d1a50a9b489ee2858e8c19762SHA-256: 87ad6e811b8cdd4c934914b31323de125c9d3e3b77a4a4f4be3ca708348169d1
ruby200-rubygem-rdoc-4.0.0-24.el7.noarch.rpm
    MD5: d81b0e3807c323babe097b1c87abddadSHA-256: e91e07cd997c148c32b69db429a4f747165f6b7266a98d90472da297a5f94797
ruby200-rubygems-2.0.14-24.el7.x86_64.rpm
    MD5: 59d7c9afb623c929092be386867a16e3SHA-256: 98d1271090c101a0586f6a4a1936a5e1b6dcf9e3fecdbc84752d8982d9c50ac1
ruby200-rubygems-devel-2.0.14-24.el7.noarch.rpm
    MD5: 54506faf1ff56f8dd4b008e91aa9d66bSHA-256: 50bc625d4506b5ddbba2cacd31890dec929b2f4b600d85ce2dc85a8c0008766b
 
(The unlinked packages above are only available from the Red Hat Network)
1118158 – CVE-2014-4975 ruby: off-by-one stack-based buffer overflow in the encodes() function1157709 – CVE-2014-8080 ruby: REXML billion laughs attack via parameter entity expansion1159927 – CVE-2014-8090 ruby: REXML incomplete fix for CVE-2014-8080

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply