Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > May 2006 > Two Red Hat Security Advisories: 1. RHSA-2006:0425-01 - Important: libtiff security update 2. RHSA-2006:0427-01 - Moderate: ruby security update

May 2006

Two Red Hat Security Advisories: 1. RHSA-2006:0425-01 - Important: libtiff security update 2. RHSA-2006:0427-01 - Moderate: ruby security update

ID: 00345
Ref: 338/2006
Date: 10 May 2006:14:11:57
Version: 1
Title: Two Red Hat Security Advisories: 1. RHSA-2006:0425-01 - Important: libtiff security update 2. RHSA-2006:0427-01 - Moderate: ruby security update
Abstract:
Vendors affected: Red Hat
Operating systems affected: Red Hat
Applications affected: Red Hat
Title
=====

Two Red Hat Security Advisories:

1. RHSA-2006:0425-01 - Important: libtiff security update

2. RHSA-2006:0427-01 - Moderate: ruby security update

Detail
======

1. The libtiff package contains a library of functions for manipulating TIFF
(Tagged Image File Format) image format files.

2. A bug was found in the way Ruby creates its xmlrpc and http servers. The
servers use a non blocking socket, which enables a remote user to cause a
denial of service condition if they are able to transmit a large volume of
information from the network server. (CVE-2006-1931)



1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: libtiff security update
Advisory ID: RHSA-2006:0425-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0425.html
Issue date: 2006-05-09
Updated on: 2006-05-09
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-2024 CVE-2006-2025 CVE-2006-2026
CVE-2006-2120
- - ---------------------------------------------------------------------

1. Summary:

Updated libtiff packages that fix several security flaws are now available
for Red Hat Enterprise Linux.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The libtiff package contains a library of functions for manipulating TIFF
(Tagged Image File Format) image format files.

An integer overflow flaw was discovered in libtiff. An attacker could
create a carefully crafted TIFF file in such a way that it could cause an
application linked with libtiff to crash or possibly execute arbitrary
code. (CVE-2006-2025)

A double free flaw was discovered in libtiff. An attacker could create a
carefully crafted TIFF file in such a way that it could cause an
application linked with libtiff to crash or possibly execute arbitrary
code. (CVE-2006-2026)

Several denial of service flaws were discovered in libtiff. An attacker
could create a carefully crafted TIFF file in such a way that it could
cause an application linked with libtiff to crash. (CVE-2006-2024,
CVE-2006-2120)

All users are advised to upgrade to these updated packages, which contain
backported fixes for these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

189933 - CVE-2006-2024 multiple libtiff issues (CVE-2006-2025, CVE-2006-2026)
189974 - CVE-2006-2120 libtiff DoS

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/libtiff-3.5.7-30.el2.1.src.rpm
87e92d44fcc7ce77758132833ad900cb libtiff-3.5.7-30.el2.1.src.rpm

i386:
f551309d6c28a7116a54634908d57f9d libtiff-3.5.7-30.el2.1.i386.rpm
64aa285808fcd3e1d5e52e9c9c84e712 libtiff-devel-3.5.7-30.el2.1.i386.rpm

ia64:
9274af2e436ec05555f326fc02293756 libtiff-3.5.7-30.el2.1.ia64.rpm
93f02f4b82ab1e9a7d1e088cefc6bf82 libtiff-devel-3.5.7-30.el2.1.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/libtiff-3.5.7-30.el2.1.src.rpm
87e92d44fcc7ce77758132833ad900cb libtiff-3.5.7-30.el2.1.src.rpm

ia64:
9274af2e436ec05555f326fc02293756 libtiff-3.5.7-30.el2.1.ia64.rpm
93f02f4b82ab1e9a7d1e088cefc6bf82 libtiff-devel-3.5.7-30.el2.1.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/libtiff-3.5.7-30.el2.1.src.rpm
87e92d44fcc7ce77758132833ad900cb libtiff-3.5.7-30.el2.1.src.rpm

i386:
f551309d6c28a7116a54634908d57f9d libtiff-3.5.7-30.el2.1.i386.rpm
64aa285808fcd3e1d5e52e9c9c84e712 libtiff-devel-3.5.7-30.el2.1.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/libtiff-3.5.7-30.el2.1.src.rpm
87e92d44fcc7ce77758132833ad900cb libtiff-3.5.7-30.el2.1.src.rpm

i386:
f551309d6c28a7116a54634908d57f9d libtiff-3.5.7-30.el2.1.i386.rpm
64aa285808fcd3e1d5e52e9c9c84e712 libtiff-devel-3.5.7-30.el2.1.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libtiff-3.5.7-25.el3.1.src.rpm
1490807b5d6fbda4ee076ea8f5680fee libtiff-3.5.7-25.el3.1.src.rpm

i386:
24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.i386.rpm
69f0ef53cb8be5d239048d4b5579b4ca libtiff-debuginfo-3.5.7-25.el3.1.i386.rpm
cfaef3999623396ab3024ebe7e38335b libtiff-devel-3.5.7-25.el3.1.i386.rpm

ia64:
24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.i386.rpm
dcd1eae2ccb0544c5c63643ef51be812 libtiff-3.5.7-25.el3.1.ia64.rpm
69f0ef53cb8be5d239048d4b5579b4ca libtiff-debuginfo-3.5.7-25.el3.1.i386.rpm
009d841f6c5a1e5046e4311b85c294e5 libtiff-debuginfo-3.5.7-25.el3.1.ia64.rpm
091a246db5120a322b0bf562d0b44142 libtiff-devel-3.5.7-25.el3.1.ia64.rpm

ppc:
08d9bfb07060faabdc1eaf9f85557fd9 libtiff-3.5.7-25.el3.1.ppc.rpm
9b6467e3e2ccc62833c17c103e94b3c9 libtiff-3.5.7-25.el3.1.ppc64.rpm
d582d2d6d0b59f5b28363dfe91291783 libtiff-debuginfo-3.5.7-25.el3.1.ppc.rpm
19e0c2648b78f3d2f3a9842a9f709d16 libtiff-debuginfo-3.5.7-25.el3.1.ppc64.rpm
e0b1e68eb2f3cf750ac5d690705735ea libtiff-devel-3.5.7-25.el3.1.ppc.rpm

s390:
b0c32ff31e6d57030137ceea7d62eb6b libtiff-3.5.7-25.el3.1.s390.rpm
8721bf72383f716eee0bc9f358dbe0ba libtiff-debuginfo-3.5.7-25.el3.1.s390.rpm
268f9aceccf4f4436f5b84253abbf340 libtiff-devel-3.5.7-25.el3.1.s390.rpm

s390x:
b0c32ff31e6d57030137ceea7d62eb6b libtiff-3.5.7-25.el3.1.s390.rpm
108dbc6bc9a7c923ec735c64bc52ec71 libtiff-3.5.7-25.el3.1.s390x.rpm
8721bf72383f716eee0bc9f358dbe0ba libtiff-debuginfo-3.5.7-25.el3.1.s390.rpm
1c43093853dca5f9edbfb15ec8257a66 libtiff-debuginfo-3.5.7-25.el3.1.s390x.rpm
a35d361c5b96ecb2fd13d0455294d18a libtiff-devel-3.5.7-25.el3.1.s390x.rpm

x86_64:
24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.i386.rpm
7f9c8bb211fbdb36a0d45f80b4ba3a91 libtiff-3.5.7-25.el3.1.x86_64.rpm
69f0ef53cb8be5d239048d4b5579b4ca libtiff-debuginfo-3.5.7-25.el3.1.i386.rpm
8943e4cfb09742e58c1b407b74b59ddb libtiff-debuginfo-3.5.7-25.el3.1.x86_64.rpm
26133072ae5ea80696b2fdf5241c3d99 libtiff-devel-3.5.7-25.el3.1.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libtiff-3.5.7-25.el3.1.src.rpm
1490807b5d6fbda4ee076ea8f5680fee libtiff-3.5.7-25.el3.1.src.rpm

i386:
24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.i386.rpm
69f0ef53cb8be5d239048d4b5579b4ca libtiff-debuginfo-3.5.7-25.el3.1.i386.rpm
cfaef3999623396ab3024ebe7e38335b libtiff-devel-3.5.7-25.el3.1.i386.rpm

x86_64:
24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.i386.rpm
7f9c8bb211fbdb36a0d45f80b4ba3a91 libtiff-3.5.7-25.el3.1.x86_64.rpm
69f0ef53cb8be5d239048d4b5579b4ca libtiff-debuginfo-3.5.7-25.el3.1.i386.rpm
8943e4cfb09742e58c1b407b74b59ddb libtiff-debuginfo-3.5.7-25.el3.1.x86_64.rpm
26133072ae5ea80696b2fdf5241c3d99 libtiff-devel-3.5.7-25.el3.1.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libtiff-3.5.7-25.el3.1.src.rpm
1490807b5d6fbda4ee076ea8f5680fee libtiff-3.5.7-25.el3.1.src.rpm

i386:
24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.i386.rpm
69f0ef53cb8be5d239048d4b5579b4ca libtiff-debuginfo-3.5.7-25.el3.1.i386.rpm
cfaef3999623396ab3024ebe7e38335b libtiff-devel-3.5.7-25.el3.1.i386.rpm

ia64:
24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.i386.rpm
dcd1eae2ccb0544c5c63643ef51be812 libtiff-3.5.7-25.el3.1.ia64.rpm
69f0ef53cb8be5d239048d4b5579b4ca libtiff-debuginfo-3.5.7-25.el3.1.i386.rpm
009d841f6c5a1e5046e4311b85c294e5 libtiff-debuginfo-3.5.7-25.el3.1.ia64.rpm
091a246db5120a322b0bf562d0b44142 libtiff-devel-3.5.7-25.el3.1.ia64.rpm

x86_64:
24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.i386.rpm
7f9c8bb211fbdb36a0d45f80b4ba3a91 libtiff-3.5.7-25.el3.1.x86_64.rpm
69f0ef53cb8be5d239048d4b5579b4ca libtiff-debuginfo-3.5.7-25.el3.1.i386.rpm
8943e4cfb09742e58c1b407b74b59ddb libtiff-debuginfo-3.5.7-25.el3.1.x86_64.rpm
26133072ae5ea80696b2fdf5241c3d99 libtiff-devel-3.5.7-25.el3.1.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libtiff-3.5.7-25.el3.1.src.rpm
1490807b5d6fbda4ee076ea8f5680fee libtiff-3.5.7-25.el3.1.src.rpm

i386:
24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.i386.rpm
69f0ef53cb8be5d239048d4b5579b4ca libtiff-debuginfo-3.5.7-25.el3.1.i386.rpm
cfaef3999623396ab3024ebe7e38335b libtiff-devel-3.5.7-25.el3.1.i386.rpm

ia64:
24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.i386.rpm
dcd1eae2ccb0544c5c63643ef51be812 libtiff-3.5.7-25.el3.1.ia64.rpm
69f0ef53cb8be5d239048d4b5579b4ca libtiff-debuginfo-3.5.7-25.el3.1.i386.rpm
009d841f6c5a1e5046e4311b85c294e5 libtiff-debuginfo-3.5.7-25.el3.1.ia64.rpm
091a246db5120a322b0bf562d0b44142 libtiff-devel-3.5.7-25.el3.1.ia64.rpm

x86_64:
24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.i386.rpm
7f9c8bb211fbdb36a0d45f80b4ba3a91 libtiff-3.5.7-25.el3.1.x86_64.rpm
69f0ef53cb8be5d239048d4b5579b4ca libtiff-debuginfo-3.5.7-25.el3.1.i386.rpm
8943e4cfb09742e58c1b407b74b59ddb libtiff-debuginfo-3.5.7-25.el3.1.x86_64.rpm
26133072ae5ea80696b2fdf5241c3d99 libtiff-devel-3.5.7-25.el3.1.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libtiff-3.6.1-10.src.rpm
f187e5faa4a9e9217decb8226ab1f320 libtiff-3.6.1-10.src.rpm

i386:
7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.i386.rpm
6cce9331ad86b9d581da80763dcee1d4 libtiff-debuginfo-3.6.1-10.i386.rpm
65b8fe42255d336352887a472a5fb029 libtiff-devel-3.6.1-10.i386.rpm

ia64:
7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.i386.rpm
7c3512460660ced6b5c37cc824bf4f8c libtiff-3.6.1-10.ia64.rpm
6cce9331ad86b9d581da80763dcee1d4 libtiff-debuginfo-3.6.1-10.i386.rpm
66651e14ff0bbdfdb7f6ad0e3034adae libtiff-debuginfo-3.6.1-10.ia64.rpm
fe810c4f0117fff2a78dd12102e0fc5f libtiff-devel-3.6.1-10.ia64.rpm

ppc:
689acd25b3a5e061cfeba66ec7e4bb6b libtiff-3.6.1-10.ppc.rpm
832b748b65e89e395e67a371a4853190 libtiff-3.6.1-10.ppc64.rpm
7a24660f5978fe5cd56911af48eeae09 libtiff-debuginfo-3.6.1-10.ppc.rpm
6d50f111a08a8bf8119b2b8ea55a1d42 libtiff-debuginfo-3.6.1-10.ppc64.rpm
11f03497cc931183e82b9ad134e6014d libtiff-devel-3.6.1-10.ppc.rpm

s390:
e673fb7053252c168b2b107181c466c8 libtiff-3.6.1-10.s390.rpm
a70efd91702f6d8232ed364e811a55f1 libtiff-debuginfo-3.6.1-10.s390.rpm
2df1d55c020d38bbd9c7ffbbf5673404 libtiff-devel-3.6.1-10.s390.rpm

s390x:
e673fb7053252c168b2b107181c466c8 libtiff-3.6.1-10.s390.rpm
241d95f0cdb88ef26399bc7e6d5af764 libtiff-3.6.1-10.s390x.rpm
a70efd91702f6d8232ed364e811a55f1 libtiff-debuginfo-3.6.1-10.s390.rpm
469a968faf3b7bf3f2d078ae2b5ac89a libtiff-debuginfo-3.6.1-10.s390x.rpm
03901241d37afb1c38835838076b34c1 libtiff-devel-3.6.1-10.s390x.rpm

x86_64:
7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.i386.rpm
e390b83c9f71ffedab52f7e53fe09827 libtiff-3.6.1-10.x86_64.rpm
6cce9331ad86b9d581da80763dcee1d4 libtiff-debuginfo-3.6.1-10.i386.rpm
822c2954bd85ba2d835b9944a8a02fb1 libtiff-debuginfo-3.6.1-10.x86_64.rpm
562f7e95d243e4d69cbe123eb14bf947 libtiff-devel-3.6.1-10.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libtiff-3.6.1-10.src.rpm
f187e5faa4a9e9217decb8226ab1f320 libtiff-3.6.1-10.src.rpm

i386:
7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.i386.rpm
6cce9331ad86b9d581da80763dcee1d4 libtiff-debuginfo-3.6.1-10.i386.rpm
65b8fe42255d336352887a472a5fb029 libtiff-devel-3.6.1-10.i386.rpm

x86_64:
7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.i386.rpm
e390b83c9f71ffedab52f7e53fe09827 libtiff-3.6.1-10.x86_64.rpm
6cce9331ad86b9d581da80763dcee1d4 libtiff-debuginfo-3.6.1-10.i386.rpm
822c2954bd85ba2d835b9944a8a02fb1 libtiff-debuginfo-3.6.1-10.x86_64.rpm
562f7e95d243e4d69cbe123eb14bf947 libtiff-devel-3.6.1-10.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libtiff-3.6.1-10.src.rpm
f187e5faa4a9e9217decb8226ab1f320 libtiff-3.6.1-10.src.rpm

i386:
7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.i386.rpm
6cce9331ad86b9d581da80763dcee1d4 libtiff-debuginfo-3.6.1-10.i386.rpm
65b8fe42255d336352887a472a5fb029 libtiff-devel-3.6.1-10.i386.rpm

ia64:
7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.i386.rpm
7c3512460660ced6b5c37cc824bf4f8c libtiff-3.6.1-10.ia64.rpm
6cce9331ad86b9d581da80763dcee1d4 libtiff-debuginfo-3.6.1-10.i386.rpm
66651e14ff0bbdfdb7f6ad0e3034adae libtiff-debuginfo-3.6.1-10.ia64.rpm
fe810c4f0117fff2a78dd12102e0fc5f libtiff-devel-3.6.1-10.ia64.rpm

x86_64:
7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.i386.rpm
e390b83c9f71ffedab52f7e53fe09827 libtiff-3.6.1-10.x86_64.rpm
6cce9331ad86b9d581da80763dcee1d4 libtiff-debuginfo-3.6.1-10.i386.rpm
822c2954bd85ba2d835b9944a8a02fb1 libtiff-debuginfo-3.6.1-10.x86_64.rpm
562f7e95d243e4d69cbe123eb14bf947 libtiff-devel-3.6.1-10.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libtiff-3.6.1-10.src.rpm
f187e5faa4a9e9217decb8226ab1f320 libtiff-3.6.1-10.src.rpm

i386:
7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.i386.rpm
6cce9331ad86b9d581da80763dcee1d4 libtiff-debuginfo-3.6.1-10.i386.rpm
65b8fe42255d336352887a472a5fb029 libtiff-devel-3.6.1-10.i386.rpm

ia64:
7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.i386.rpm
7c3512460660ced6b5c37cc824bf4f8c libtiff-3.6.1-10.ia64.rpm
6cce9331ad86b9d581da80763dcee1d4 libtiff-debuginfo-3.6.1-10.i386.rpm
66651e14ff0bbdfdb7f6ad0e3034adae libtiff-debuginfo-3.6.1-10.ia64.rpm
fe810c4f0117fff2a78dd12102e0fc5f libtiff-devel-3.6.1-10.ia64.rpm

x86_64:
7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.i386.rpm
e390b83c9f71ffedab52f7e53fe09827 libtiff-3.6.1-10.x86_64.rpm
6cce9331ad86b9d581da80763dcee1d4 libtiff-debuginfo-3.6.1-10.i386.rpm
822c2954bd85ba2d835b9944a8a02fb1 libtiff-debuginfo-3.6.1-10.x86_64.rpm
562f7e95d243e4d69cbe123eb14bf947 libtiff-devel-3.6.1-10.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2120
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFEYIFWXlSAg2UNWIIRAmKaAJ9pWE9nHpJv646a+Wl2cdeUsGgNQwCgvAB3
XzeVkQ8GLdZpX36NANITNa4=
=Dj1S
- -----END PGP SIGNATURE-----



2.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: ruby security update
Advisory ID: RHSA-2006:0427-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0427.html
Issue date: 2006-05-09
Updated on: 2006-05-09
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-1931
- - ---------------------------------------------------------------------

1. Summary:

Updated ruby packages that fix a denial of service issue are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Ruby is an interpreted scripting language for object-oriented programming.

A bug was found in the way Ruby creates its xmlrpc and http servers. The
servers use a non blocking socket, which enables a remote user to cause a
denial of service condition if they are able to transmit a large volume of
information from the network server. (CVE-2006-1931)

Users of Ruby should update to these erratum packages, which contain a
backported patch and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

189539 - CVE-2006-1931 Ruby http/xmlrpc server DoS

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ruby-1.8.1-7.EL4.3.src.rpm
653a25c251b54bb0cdab2daa45f3f66e ruby-1.8.1-7.EL4.3.src.rpm

i386:
965760c2d4e817bf3cee4613eae9b9be irb-1.8.1-7.EL4.3.i386.rpm
4369042fbaf2a27666d098230c8f9f96 ruby-1.8.1-7.EL4.3.i386.rpm
f188f2387d9e63eb82b8028055d94f05 ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
3d0287f5e5565136d12d02c6744a31fe ruby-devel-1.8.1-7.EL4.3.i386.rpm
1784aa362805586d55de06b042f123fd ruby-docs-1.8.1-7.EL4.3.i386.rpm
ec380c0cbd972232ecf94554b31d026a ruby-libs-1.8.1-7.EL4.3.i386.rpm
e5a5d4e524595e7e8d15fef85e88d4a8 ruby-mode-1.8.1-7.EL4.3.i386.rpm
d84e73c7299a19c13738b45e0ff80898 ruby-tcltk-1.8.1-7.EL4.3.i386.rpm

ia64:
c964f8b9e1ce1031788c1d1600a1a572 irb-1.8.1-7.EL4.3.ia64.rpm
a49f9116a26e5d81f2554a8116f5830b ruby-1.8.1-7.EL4.3.ia64.rpm
f188f2387d9e63eb82b8028055d94f05 ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
e1de852e5017803d1b95c8b51bff5abf ruby-debuginfo-1.8.1-7.EL4.3.ia64.rpm
9f6b30a53ad4938631b642e8e534a7e2 ruby-devel-1.8.1-7.EL4.3.ia64.rpm
3a3e0adb1589e8f5b8a0cbc90838b872 ruby-docs-1.8.1-7.EL4.3.ia64.rpm
ec380c0cbd972232ecf94554b31d026a ruby-libs-1.8.1-7.EL4.3.i386.rpm
b67cbfcfb8224eb3e8c89087a6f0f0a3 ruby-libs-1.8.1-7.EL4.3.ia64.rpm
9dd5ff9e735d68d79af9a1e9934fd536 ruby-mode-1.8.1-7.EL4.3.ia64.rpm
9cf533ae16f4e82bffe48c9111debbe6 ruby-tcltk-1.8.1-7.EL4.3.ia64.rpm

ppc:
bea620261b0af06529cdf2d1124fc8a6 irb-1.8.1-7.EL4.3.ppc.rpm
5f5ee447b8d90a6bfa5b354ec8604d8c ruby-1.8.1-7.EL4.3.ppc.rpm
553539f0498fb1727b5e5bd7f355b013 ruby-debuginfo-1.8.1-7.EL4.3.ppc.rpm
0c977fa3aad5ee71904842ab49614780 ruby-debuginfo-1.8.1-7.EL4.3.ppc64.rpm
73c2381e5ed944ef7339ffe84926008a ruby-devel-1.8.1-7.EL4.3.ppc.rpm
4926c07e3bfc925099a4f96f1afb4f71 ruby-docs-1.8.1-7.EL4.3.ppc.rpm
592b474a7bf78c112ad1c414cb9ecd85 ruby-libs-1.8.1-7.EL4.3.ppc.rpm
321a623d248798d6121da50974c3593c ruby-libs-1.8.1-7.EL4.3.ppc64.rpm
71b8adb69b5eaedc1e76cf3b9f50ed90 ruby-mode-1.8.1-7.EL4.3.ppc.rpm
a8ed517aecc2fcca259d60d7dd9ddaaa ruby-tcltk-1.8.1-7.EL4.3.ppc.rpm

s390:
ce4768ffb0efbedebbc8faa82bb9a950 irb-1.8.1-7.EL4.3.s390.rpm
be0c3720fbd14665f8419641af6bf8f7 ruby-1.8.1-7.EL4.3.s390.rpm
1788a394d268747e0311a68dfc047a75 ruby-debuginfo-1.8.1-7.EL4.3.s390.rpm
2f9bd8f8619a4dbea43f7b0a40a3ddcb ruby-devel-1.8.1-7.EL4.3.s390.rpm
93a5456a841377c92b1a62ef86acac30 ruby-docs-1.8.1-7.EL4.3.s390.rpm
7a9f928a01cbef840f94295fcca9c2f9 ruby-libs-1.8.1-7.EL4.3.s390.rpm
2ef87351b42fd0a87ebc76771ee98a13 ruby-mode-1.8.1-7.EL4.3.s390.rpm
f2959cd2f0ee556a05de8312be9bb4e1 ruby-tcltk-1.8.1-7.EL4.3.s390.rpm

s390x:
d6b4ebe6e7d64cf6aaf98ff139fe6443 irb-1.8.1-7.EL4.3.s390x.rpm
8c65a4fa6898aa183ca17cf4e0038156 ruby-1.8.1-7.EL4.3.s390x.rpm
1788a394d268747e0311a68dfc047a75 ruby-debuginfo-1.8.1-7.EL4.3.s390.rpm
9c7d46b40d71816723dc3c7c248b5a5c ruby-debuginfo-1.8.1-7.EL4.3.s390x.rpm
8abb6ce53809a7b24aca56ffdd5506c3 ruby-devel-1.8.1-7.EL4.3.s390x.rpm
685e8ba0a0dd5a1f23d000c5529ed9a5 ruby-docs-1.8.1-7.EL4.3.s390x.rpm
7a9f928a01cbef840f94295fcca9c2f9 ruby-libs-1.8.1-7.EL4.3.s390.rpm
3d313397d89a8a2c8c53eaeb11289a44 ruby-libs-1.8.1-7.EL4.3.s390x.rpm
cd3a5c108175ecc83c0e818a7115d687 ruby-mode-1.8.1-7.EL4.3.s390x.rpm
a8e2519df238343b7994e7371ae39db4 ruby-tcltk-1.8.1-7.EL4.3.s390x.rpm

x86_64:
0db700aca9a5de3e603e2b2382c84b72 irb-1.8.1-7.EL4.3.x86_64.rpm
b671345549b1d43e01a0cd7bc521a5f9 ruby-1.8.1-7.EL4.3.x86_64.rpm
f188f2387d9e63eb82b8028055d94f05 ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
67f0ad7ae939a8eb46776361e581e379 ruby-debuginfo-1.8.1-7.EL4.3.x86_64.rpm
d9d6001d8e77eeab21e886bf498b17f4 ruby-devel-1.8.1-7.EL4.3.x86_64.rpm
3a17c58b912257a21268e04f980235aa ruby-docs-1.8.1-7.EL4.3.x86_64.rpm
ec380c0cbd972232ecf94554b31d026a ruby-libs-1.8.1-7.EL4.3.i386.rpm
9a8600d4d97ff9883d81b053d795819b ruby-libs-1.8.1-7.EL4.3.x86_64.rpm
6d84bb6f10c1b398c248ec13e3d95ec8 ruby-mode-1.8.1-7.EL4.3.x86_64.rpm
2b8be83c1998dce62170cdf22c947dbf ruby-tcltk-1.8.1-7.EL4.3.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ruby-1.8.1-7.EL4.3.src.rpm
653a25c251b54bb0cdab2daa45f3f66e ruby-1.8.1-7.EL4.3.src.rpm

i386:
965760c2d4e817bf3cee4613eae9b9be irb-1.8.1-7.EL4.3.i386.rpm
4369042fbaf2a27666d098230c8f9f96 ruby-1.8.1-7.EL4.3.i386.rpm
f188f2387d9e63eb82b8028055d94f05 ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
3d0287f5e5565136d12d02c6744a31fe ruby-devel-1.8.1-7.EL4.3.i386.rpm
1784aa362805586d55de06b042f123fd ruby-docs-1.8.1-7.EL4.3.i386.rpm
ec380c0cbd972232ecf94554b31d026a ruby-libs-1.8.1-7.EL4.3.i386.rpm
e5a5d4e524595e7e8d15fef85e88d4a8 ruby-mode-1.8.1-7.EL4.3.i386.rpm
d84e73c7299a19c13738b45e0ff80898 ruby-tcltk-1.8.1-7.EL4.3.i386.rpm

x86_64:
0db700aca9a5de3e603e2b2382c84b72 irb-1.8.1-7.EL4.3.x86_64.rpm
b671345549b1d43e01a0cd7bc521a5f9 ruby-1.8.1-7.EL4.3.x86_64.rpm
f188f2387d9e63eb82b8028055d94f05 ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
67f0ad7ae939a8eb46776361e581e379 ruby-debuginfo-1.8.1-7.EL4.3.x86_64.rpm
d9d6001d8e77eeab21e886bf498b17f4 ruby-devel-1.8.1-7.EL4.3.x86_64.rpm
3a17c58b912257a21268e04f980235aa ruby-docs-1.8.1-7.EL4.3.x86_64.rpm
ec380c0cbd972232ecf94554b31d026a ruby-libs-1.8.1-7.EL4.3.i386.rpm
9a8600d4d97ff9883d81b053d795819b ruby-libs-1.8.1-7.EL4.3.x86_64.rpm
6d84bb6f10c1b398c248ec13e3d95ec8 ruby-mode-1.8.1-7.EL4.3.x86_64.rpm
2b8be83c1998dce62170cdf22c947dbf ruby-tcltk-1.8.1-7.EL4.3.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ruby-1.8.1-7.EL4.3.src.rpm
653a25c251b54bb0cdab2daa45f3f66e ruby-1.8.1-7.EL4.3.src.rpm

i386:
965760c2d4e817bf3cee4613eae9b9be irb-1.8.1-7.EL4.3.i386.rpm
4369042fbaf2a27666d098230c8f9f96 ruby-1.8.1-7.EL4.3.i386.rpm
f188f2387d9e63eb82b8028055d94f05 ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
3d0287f5e5565136d12d02c6744a31fe ruby-devel-1.8.1-7.EL4.3.i386.rpm
1784aa362805586d55de06b042f123fd ruby-docs-1.8.1-7.EL4.3.i386.rpm
ec380c0cbd972232ecf94554b31d026a ruby-libs-1.8.1-7.EL4.3.i386.rpm
e5a5d4e524595e7e8d15fef85e88d4a8 ruby-mode-1.8.1-7.EL4.3.i386.rpm
d84e73c7299a19c13738b45e0ff80898 ruby-tcltk-1.8.1-7.EL4.3.i386.rpm

ia64:
c964f8b9e1ce1031788c1d1600a1a572 irb-1.8.1-7.EL4.3.ia64.rpm
a49f9116a26e5d81f2554a8116f5830b ruby-1.8.1-7.EL4.3.ia64.rpm
f188f2387d9e63eb82b8028055d94f05 ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
e1de852e5017803d1b95c8b51bff5abf ruby-debuginfo-1.8.1-7.EL4.3.ia64.rpm
9f6b30a53ad4938631b642e8e534a7e2 ruby-devel-1.8.1-7.EL4.3.ia64.rpm
3a3e0adb1589e8f5b8a0cbc90838b872 ruby-docs-1.8.1-7.EL4.3.ia64.rpm
ec380c0cbd972232ecf94554b31d026a ruby-libs-1.8.1-7.EL4.3.i386.rpm
b67cbfcfb8224eb3e8c89087a6f0f0a3 ruby-libs-1.8.1-7.EL4.3.ia64.rpm
9dd5ff9e735d68d79af9a1e9934fd536 ruby-mode-1.8.1-7.EL4.3.ia64.rpm
9cf533ae16f4e82bffe48c9111debbe6 ruby-tcltk-1.8.1-7.EL4.3.ia64.rpm

x86_64:
0db700aca9a5de3e603e2b2382c84b72 irb-1.8.1-7.EL4.3.x86_64.rpm
b671345549b1d43e01a0cd7bc521a5f9 ruby-1.8.1-7.EL4.3.x86_64.rpm
f188f2387d9e63eb82b8028055d94f05 ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
67f0ad7ae939a8eb46776361e581e379 ruby-debuginfo-1.8.1-7.EL4.3.x86_64.rpm
d9d6001d8e77eeab21e886bf498b17f4 ruby-devel-1.8.1-7.EL4.3.x86_64.rpm
3a17c58b912257a21268e04f980235aa ruby-docs-1.8.1-7.EL4.3.x86_64.rpm
ec380c0cbd972232ecf94554b31d026a ruby-libs-1.8.1-7.EL4.3.i386.rpm
9a8600d4d97ff9883d81b053d795819b ruby-libs-1.8.1-7.EL4.3.x86_64.rpm
6d84bb6f10c1b398c248ec13e3d95ec8 ruby-mode-1.8.1-7.EL4.3.x86_64.rpm
2b8be83c1998dce62170cdf22c947dbf ruby-tcltk-1.8.1-7.EL4.3.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ruby-1.8.1-7.EL4.3.src.rpm
653a25c251b54bb0cdab2daa45f3f66e ruby-1.8.1-7.EL4.3.src.rpm

i386:
965760c2d4e817bf3cee4613eae9b9be irb-1.8.1-7.EL4.3.i386.rpm
4369042fbaf2a27666d098230c8f9f96 ruby-1.8.1-7.EL4.3.i386.rpm
f188f2387d9e63eb82b8028055d94f05 ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
3d0287f5e5565136d12d02c6744a31fe ruby-devel-1.8.1-7.EL4.3.i386.rpm
1784aa362805586d55de06b042f123fd ruby-docs-1.8.1-7.EL4.3.i386.rpm
ec380c0cbd972232ecf94554b31d026a ruby-libs-1.8.1-7.EL4.3.i386.rpm
e5a5d4e524595e7e8d15fef85e88d4a8 ruby-mode-1.8.1-7.EL4.3.i386.rpm
d84e73c7299a19c13738b45e0ff80898 ruby-tcltk-1.8.1-7.EL4.3.i386.rpm

ia64:
c964f8b9e1ce1031788c1d1600a1a572 irb-1.8.1-7.EL4.3.ia64.rpm
a49f9116a26e5d81f2554a8116f5830b ruby-1.8.1-7.EL4.3.ia64.rpm
f188f2387d9e63eb82b8028055d94f05 ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
e1de852e5017803d1b95c8b51bff5abf ruby-debuginfo-1.8.1-7.EL4.3.ia64.rpm
9f6b30a53ad4938631b642e8e534a7e2 ruby-devel-1.8.1-7.EL4.3.ia64.rpm
3a3e0adb1589e8f5b8a0cbc90838b872 ruby-docs-1.8.1-7.EL4.3.ia64.rpm
ec380c0cbd972232ecf94554b31d026a ruby-libs-1.8.1-7.EL4.3.i386.rpm
b67cbfcfb8224eb3e8c89087a6f0f0a3 ruby-libs-1.8.1-7.EL4.3.ia64.rpm
9dd5ff9e735d68d79af9a1e9934fd536 ruby-mode-1.8.1-7.EL4.3.ia64.rpm
9cf533ae16f4e82bffe48c9111debbe6 ruby-tcltk-1.8.1-7.EL4.3.ia64.rpm

x86_64:
0db700aca9a5de3e603e2b2382c84b72 irb-1.8.1-7.EL4.3.x86_64.rpm
b671345549b1d43e01a0cd7bc521a5f9 ruby-1.8.1-7.EL4.3.x86_64.rpm
f188f2387d9e63eb82b8028055d94f05 ruby-debuginfo-1.8.1-7.EL4.3.i386.rpm
67f0ad7ae939a8eb46776361e581e379 ruby-debuginfo-1.8.1-7.EL4.3.x86_64.rpm
d9d6001d8e77eeab21e886bf498b17f4 ruby-devel-1.8.1-7.EL4.3.x86_64.rpm
3a17c58b912257a21268e04f980235aa ruby-docs-1.8.1-7.EL4.3.x86_64.rpm
ec380c0cbd972232ecf94554b31d026a ruby-libs-1.8.1-7.EL4.3.i386.rpm
9a8600d4d97ff9883d81b053d795819b ruby-libs-1.8.1-7.EL4.3.x86_64.rpm
6d84bb6f10c1b398c248ec13e3d95ec8 ruby-mode-1.8.1-7.EL4.3.x86_64.rpm
2b8be83c1998dce62170cdf22c947dbf ruby-tcltk-1.8.1-7.EL4.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1931
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFEYIFgXlSAg2UNWIIRAvmYAJ40mLWPFcZfvcIDZnyRykvXoFuTRQCgoZbM
kOUx2zC/13mr+bGEtZvxpPI=
=mjCJ
- -----END PGP SIGNATURE-----

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |