[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ MDVSA-2015:224 ] ruby



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:224
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : ruby
 Date    : May 4, 2015
 Affected: Business Server 1.0, Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated ruby packages fix security vulnerability:
 
 Ruby OpenSSL hostname matching implementation violates RFC 6125
 (CVE-2015-1855).
 
 The ruby packages for MBS2 has been updated to version 2.0.0-p645,
 which fixes this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1855
 http://advisories.mageia.org/MGASA-2015-0178.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 1adc1d2f3d0806f1382cfe0c4f0b67e1  mbs1/x86_64/ruby-1.8.7.p374-1.1.mbs1.x86_64.rpm
 8b27ad454f2babf0affd181173b7bc23  mbs1/x86_64/ruby-devel-1.8.7.p374-1.1.mbs1.x86_64.rpm
 22c592ce290b974cb0301a25f392d763  mbs1/x86_64/ruby-doc-1.8.7.p374-1.1.mbs1.noarch.rpm
 6c43028a0b44425e8a3640f4fbb6f467  mbs1/x86_64/ruby-tk-1.8.7.p374-1.1.mbs1.x86_64.rpm 
 71976f5d05f04dde79d5cf00d9e6594e  mbs1/SRPMS/ruby-1.8.7.p374-1.1.mbs1.src.rpm

 Mandriva Business Server 2/X86_64:
 c25a8c9d3b6c4cbf6eeae985d339ef82  mbs2/x86_64/lib64ruby2.0-2.0.0.p645-1.mbs2.x86_64.rpm
 1687fd93a12f1d36809304d7747e92e0  mbs2/x86_64/ruby-2.0.0.p645-1.mbs2.x86_64.rpm
 13a45bb7a70c5dc9a7a0fbfd087beee9  mbs2/x86_64/ruby-devel-2.0.0.p645-1.mbs2.x86_64.rpm
 8f24d566f71bafc96cbc9605812cfedf  mbs2/x86_64/ruby-doc-2.0.0.p645-1.mbs2.noarch.rpm
 faa772e49de1b9a0c23755e47e3e2e20  mbs2/x86_64/ruby-irb-2.0.0.p645-1.mbs2.noarch.rpm
 1ebc872c7a10e0c7b56eb6400e2c47d3  mbs2/x86_64/ruby-tk-2.0.0.p645-1.mbs2.x86_64.rpm 
 aa52721bf8d533a530de2fad00f44eef  mbs2/SRPMS/ruby-2.0.0.p645-1.mbs2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVR5i7mqjQ0CJFipgRAjuNAJ0Vc7ZuiGFcICWjvvyEFhpKqOkxnwCeL4OG
EheJPZnIcO8ZJC2fXw5P9oY=
=PVr1
-----END PGP SIGNATURE-----