[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 315/06 - Five Mandriva Linux Security Advisories:



-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 315/06 dated 28.04.06  Time: 14:15  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Five Mandriva Linux Security Advisories:

1. MDKA-2006:022 -  Updated module-init-tools packages fix CUPS-related bug

2. MDKSA-2006:076 - Updated mozilla packages fix numerous vulnerabilities

3. MDKSA-2006:077 - Updated ethereal packages fix numerous vulnerabilities

4. MDKSA-2006:078 - Updated mozilla-thunderbird packages fix numerous vulnerabilities

5. MDKSA-2006:079 - Updated ruby packages fix vulnerability

Detail
====== 

1.  The default configuration of module-init-tools was to send a HUP signal
 to the CUPS daemon whenever the "usblp" kernel module is loaded, for
 example when a USB printer is plugged in. Due to udev also sending a HUP
 signal to the CUPS daemon on pluggin in a USB printer there were two
 HUPs one shortly after the other which often makes the CUPS daemon
 crashing.

2.  A number of vulnerabilities have been discovered in the Mozilla Suite
 that could allow a remote attacker to craft malicious web pages that
 could take advantage of these issues to execute arbitrary code with
 elevated privileges, spoof content, and steal local files, cookies, or
 other information from web pages.  As well, some of these
 vulnerabilities can be exploited to execute arbitrary code with the
 privileges of the user running the browser.

3.  A number of vulnerabilities have been discovered in the Ethereal network
 analyzer.  These issues have been corrected in Ethereal version 0.99.0
 which is provided with this update.

4.  A number of vulnerabilities have been discovered in the Mozilla
 Thunderbird email client that could allow a remote attacker to craft
 malicious web emails that could take advantage of these issues to
 execute arbitrary code with elevated privileges, spoof content, and
 steal local files, or other information.  As well, some of these
 vulnerabilities can be exploited to execute arbitrary code with the
 privileges of the user running the program.

5.  A vulnerability in how ruby's HTTP module uses blocking sockets was
 reported by Yukihiro Matsumoto.  By sending large amounts of data to a
 server application using this module, a remote attacker could exploit
 it to render the application unusable and not respond to other client
 requests.




1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Advisory                                   MDKA-2006:022
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : module-init-tools
 Date    : April 26, 2006
 Affected: 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 The default configuration of module-init-tools was to send a HUP signal
 to the CUPS daemon whenever the "usblp" kernel module is loaded, for
 example when a USB printer is plugged in. Due to udev also sending a HUP
 signal to the CUPS daemon on pluggin in a USB printer there were two
 HUPs one shortly after the other which often makes the CUPS daemon
 crashing.
 
 The updated module-init-tools package removes the usblp call
 responsible for this bad behaviour.
 _______________________________________________________________________

 Updated Packages:
 
 Mandriva Linux 2006.0:
 5e9dbb1b640b6ea39bef367dda25f608  2006.0/RPMS/module-init-tools-3.2-0.pre8.2.1.20060mdk.i586.rpm
 728da795addc56680bec0e6da818d5e5  2006.0/SRPMS/module-init-tools-3.2-0.pre8.2.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 0af8f938e00750f5e659aa12608970a0  x86_64/2006.0/RPMS/module-init-tools-3.2-0.pre8.2.1.20060mdk.x86_64.rpm
 728da795addc56680bec0e6da818d5e5  x86_64/2006.0/SRPMS/module-init-tools-3.2-0.pre8.2.1.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFET/xMmqjQ0CJFipgRAl2DAJ9RR+0oJHTY89559rlG4dVOUl3sHACfbPUX
y0lmMcNiaEuw0BpbIjfgJ5o=
=NusG
- -----END PGP SIGNATURE-----



2.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:076
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : mozilla
 Date    : April 25, 2006
 Affected: Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 A number of vulnerabilities have been discovered in the Mozilla Suite
 that could allow a remote attacker to craft malicious web pages that
 could take advantage of these issues to execute arbitrary code with
 elevated privileges, spoof content, and steal local files, cookies, or
 other information from web pages.  As well, some of these
 vulnerabilities can be exploited to execute arbitrary code with the
 privileges of the user running the browser.
 
 As well, two crasher bugs have been fixed as well.
 
 The updated packages have been patched to fix these problems.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0748
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0884
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1727
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1729
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1736
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1737
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1738
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1740
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1790
 https://bugzilla.mozilla.org/show_bug.cgi?id=275896
 https://bugzilla.mozilla.org/show_bug.cgi?id=330900
 _______________________________________________________________________
 
 Updated Packages:
 
 Corporate 3.0:
 81dce00119439ab171593eb2976fe547  corporate/3.0/RPMS/libnspr4-1.7.8-0.8.C30mdk.i586.rpm
 c0e04b64accc75483ca0795af33562be  corporate/3.0/RPMS/libnspr4-devel-1.7.8-0.8.C30mdk.i586.rpm
 288e4e8379aa0d7cc56327ba60035e0a  corporate/3.0/RPMS/libnss3-1.7.8-0.8.C30mdk.i586.rpm
 c1bac96a978df5d75cfd7887a09144d5  corporate/3.0/RPMS/libnss3-devel-1.7.8-0.8.C30mdk.i586.rpm
 0d06c6a4520068a368cf48e3f407c74e  corporate/3.0/RPMS/mozilla-1.7.8-0.8.C30mdk.i586.rpm
 73f9e85c4556834db6ef9333b98beef0  corporate/3.0/RPMS/mozilla-devel-1.7.8-0.8.C30mdk.i586.rpm
 6939f71693b40125b5c3dd0534441d4a  corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.8.C30mdk.i586.rpm
 cb3df735d1ce023dd9cfeed26889c91b  corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.8.C30mdk.i586.rpm
 7aee6465cb0a42c6561b3c3deac96c8d  corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.8.C30mdk.i586.rpm
 01ec6255f2071d246ef76a11b2844c8e  corporate/3.0/RPMS/mozilla-irc-1.7.8-0.8.C30mdk.i586.rpm
 8d4075f4c1c9cd4f613a68ff15f09d85  corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.8.C30mdk.i586.rpm
 cc4bcc8c9c19557513ef30d96150b9fe  corporate/3.0/RPMS/mozilla-mail-1.7.8-0.8.C30mdk.i586.rpm
 05ab0503358b30c10dba88bb916473be  corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.8.C30mdk.i586.rpm
 ddccba24ecfaa9f82167a7bb5c9c71ad  corporate/3.0/SRPMS/mozilla-1.7.8-0.8.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 9a8e62df1100fa84600706050870a63e  x86_64/corporate/3.0/RPMS/lib64nspr4-1.7.8-0.8.C30mdk.x86_64.rpm
 17c9c8233a462fc91061554c0a0ef451  x86_64/corporate/3.0/RPMS/lib64nspr4-devel-1.7.8-0.8.C30mdk.x86_64.rpm
 efa25dec22975bab70c748d07e0a3c75  x86_64/corporate/3.0/RPMS/lib64nss3-1.7.8-0.8.C30mdk.x86_64.rpm
 38de0287eaf7ed9f2e319cbcc042dcdf  x86_64/corporate/3.0/RPMS/lib64nss3-devel-1.7.8-0.8.C30mdk.x86_64.rpm
 18393cfe8c07b958e52a6f0f2b506e53  x86_64/corporate/3.0/RPMS/mozilla-1.7.8-0.8.C30mdk.x86_64.rpm
 e6aea2fc34c466383781cb6487964cc0  x86_64/corporate/3.0/RPMS/mozilla-devel-1.7.8-0.8.C30mdk.x86_64.rpm
 be9a4c7519f064b07b48ea9556866f74  x86_64/corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.8.C30mdk.x86_64.rpm
 085cc65fea8f657875c5024c0d964a5d  x86_64/corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.8.C30mdk.x86_64.rpm
 1b6244b6bf96093518937ccf8dcd33c6  x86_64/corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.8.C30mdk.x86_64.rpm
 e66333a5573e85f32effe85a01a64a27  x86_64/corporate/3.0/RPMS/mozilla-irc-1.7.8-0.8.C30mdk.x86_64.rpm
 4bfb009ca3dcdc90ff1eb2f244cafdc4  x86_64/corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.8.C30mdk.x86_64.rpm
 caddf105e2756d3bebf74ad2f4e8a0d6  x86_64/corporate/3.0/RPMS/mozilla-mail-1.7.8-0.8.C30mdk.x86_64.rpm
 f1551cc11e1e75be6d25cf2f53070ac0  x86_64/corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.8.C30mdk.x86_64.rpm
 ddccba24ecfaa9f82167a7bb5c9c71ad  x86_64/corporate/3.0/SRPMS/mozilla-1.7.8-0.8.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFETnBTmqjQ0CJFipgRArcTAKDcxTz/GNX8kqak3RR/7w24zwM07gCgiFlz
qBCSTPZ9EPi5eHFsxhS4f2A=
=n4oP
- -----END PGP SIGNATURE-----



3.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:077
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : ethereal
 Date    : April 25, 2006
 Affected: 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 A number of vulnerabilities have been discovered in the Ethereal network
 analyzer.  These issues have been corrected in Ethereal version 0.99.0
 which is provided with this update.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1932
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1933
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1934
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1935
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1936
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1937
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1938
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1939
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1940
 http://www.ethereal.com/appnotes/enpa-sa-00023.html
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 3684b786f2d0b4e6b94835b349f9626c  2006.0/RPMS/ethereal-0.99.0-0.2.20060mdk.i586.rpm
 60178af17bbcc68b2c09b4159f2ebf9b  2006.0/RPMS/ethereal-tools-0.99.0-0.2.20060mdk.i586.rpm
 e4db63d295a3671d299c91d8d5afb246  2006.0/RPMS/libethereal0-0.99.0-0.2.20060mdk.i586.rpm
 9c14e115bacb6312eb7211db438aa96c  2006.0/RPMS/tethereal-0.99.0-0.2.20060mdk.i586.rpm
 4ba5d0e3317541d15e8accba0fba490f  2006.0/SRPMS/ethereal-0.99.0-0.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 63fd1fedff5a2b40b23e4c0274d9d9ed  x86_64/2006.0/RPMS/ethereal-0.99.0-0.2.20060mdk.x86_64.rpm
 4276650cc2a9e72d48e12e5677387d33  x86_64/2006.0/RPMS/ethereal-tools-0.99.0-0.2.20060mdk.x86_64.rpm
 2f1177acc1cbcc32204269cc3e9ddbca  x86_64/2006.0/RPMS/lib64ethereal0-0.99.0-0.2.20060mdk.x86_64.rpm
 33231dedb621c15c1b00610db5464d13  x86_64/2006.0/RPMS/tethereal-0.99.0-0.2.20060mdk.x86_64.rpm
 4ba5d0e3317541d15e8accba0fba490f  x86_64/2006.0/SRPMS/ethereal-0.99.0-0.2.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFETn6ZmqjQ0CJFipgRAhM0AKCKBLJjLRQG0kFKl14rHaaTYRt/3gCfXbQP
ze3gwFYBsX1remwL+WpiF+g=
=3oF/
- -----END PGP SIGNATURE-----



4.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:078
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : mozilla-thunderbird
 Date    : April 25, 2006
 Affected: 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 A number of vulnerabilities have been discovered in the Mozilla
 Thunderbird email client that could allow a remote attacker to craft
 malicious web emails that could take advantage of these issues to
 execute arbitrary code with elevated privileges, spoof content, and
 steal local files, or other information.  As well, some of these
 vulnerabilities can be exploited to execute arbitrary code with the
 privileges of the user running the program.
 
 As well, two crasher bugs have been fixed as well.
 
 The updated packages have been patched to fix these problems.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0748
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0884
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1045
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1727
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1737
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1738
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1790
 https://bugzilla.mozilla.org/show_bug.cgi?id=275896
 https://bugzilla.mozilla.org/show_bug.cgi?id=330900
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 db1cb3f95a9ed5c38eadf84ab15059dd  2006.0/RPMS/mozilla-thunderbird-1.0.6-7.6.20060mdk.i586.rpm
 4ac317574cda9d575725e2001c106c64  2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.6.20060mdk.i586.rpm
 c9788a8baa83accaa38a6962d019be16  2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.6.20060mdk.i586.rpm
 898658630b23e73046c50de78ae364b1  2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.6.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 6ceb2686941e208c141d1a339dd87f85  x86_64/2006.0/RPMS/mozilla-thunderbird-1.0.6-7.6.20060mdk.x86_64.rpm
 57637d19befac214ef7c4c2cef84462d  x86_64/2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.6.20060mdk.x86_64.rpm
 f08fe4796dd84bbb9414668f55cbb2b9  x86_64/2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.6.20060mdk.x86_64.rpm
 898658630b23e73046c50de78ae364b1  x86_64/2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.6.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEToCCmqjQ0CJFipgRArg/AJ9gLIoUIcy2Ehv85hJOb/AHjleHAwCdGom9
YsIfn/LvyqzAd40BPrKIlCE=
=/HDC
- -----END PGP SIGNATURE-----



5.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:079
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : ruby
 Date    : April 25, 2006
 Affected: 10.2, 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability in how ruby's HTTP module uses blocking sockets was
 reported by Yukihiro Matsumoto.  By sending large amounts of data to a
 server application using this module, a remote attacker could exploit
 it to render the application unusable and not respond to other client
 requests.
 
 The updated packages have been patched to fix this problem.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1931
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.2:
 f9745c919a26b88653c1bb8d65b22656  10.2/RPMS/ruby-1.8.2-6.3.102mdk.i586.rpm
 a70aa5e8d43962a8e1432eba455550a1  10.2/RPMS/ruby-devel-1.8.2-6.3.102mdk.i586.rpm
 ef56fa7d95bb07869fd990174fba0a80  10.2/RPMS/ruby-doc-1.8.2-6.3.102mdk.i586.rpm
 46cf35ec68925266be3476e0e2244dba  10.2/RPMS/ruby-tk-1.8.2-6.3.102mdk.i586.rpm
 9a297ac138f1be885dbf9bdb3f963dca  10.2/SRPMS/ruby-1.8.2-6.3.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 7a961ba32e721306fc18cc84138131fa  x86_64/10.2/RPMS/ruby-1.8.2-6.3.102mdk.x86_64.rpm
 6215d5fe2525ddcaf47b22443be40d29  x86_64/10.2/RPMS/ruby-devel-1.8.2-6.3.102mdk.x86_64.rpm
 6bf001166ce1fe417513be0da4afa983  x86_64/10.2/RPMS/ruby-doc-1.8.2-6.3.102mdk.x86_64.rpm
 dc54e4e1cb352e2a31578b528b0fae24  x86_64/10.2/RPMS/ruby-tk-1.8.2-6.3.102mdk.x86_64.rpm
 9a297ac138f1be885dbf9bdb3f963dca  x86_64/10.2/SRPMS/ruby-1.8.2-6.3.102mdk.src.rpm

 Mandriva Linux 2006.0:
 3144dc749cdb9da398064c2cf34103fe  2006.0/RPMS/ruby-1.8.2-7.2.20060mdk.i586.rpm
 1bf85e3cd1456dbda21fd95f1626b28f  2006.0/RPMS/ruby-devel-1.8.2-7.2.20060mdk.i586.rpm
 80000d9bf73c957174c6ce8a7c637147  2006.0/RPMS/ruby-doc-1.8.2-7.2.20060mdk.i586.rpm
 272d3970702ec07e44a0469d1f431380  2006.0/RPMS/ruby-tk-1.8.2-7.2.20060mdk.i586.rpm
 5cd34c71849ac8eebe80c6389178a5a8  2006.0/SRPMS/ruby-1.8.2-7.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 c032856335423079f3a68b7eeaeda281  x86_64/2006.0/RPMS/ruby-1.8.2-7.2.20060mdk.x86_64.rpm
 aa44a1b8179d94c3ef4504d504fdb01b  x86_64/2006.0/RPMS/ruby-devel-1.8.2-7.2.20060mdk.x86_64.rpm
 a409a90806495d8a074fa15d9191d053  x86_64/2006.0/RPMS/ruby-doc-1.8.2-7.2.20060mdk.x86_64.rpm
 4a13e6ade495ac6c2d6068d88674d396  x86_64/2006.0/RPMS/ruby-tk-1.8.2-7.2.20060mdk.x86_64.rpm
 5cd34c71849ac8eebe80c6389178a5a8  x86_64/2006.0/SRPMS/ruby-1.8.2-7.2.20060mdk.src.rpm

 Corporate 3.0:
 249f78bda13201aecd66a30379a23209  corporate/3.0/RPMS/ruby-1.8.1-1.5.C30mdk.i586.rpm
 210ae59468330f26d71496c636fc4dcc  corporate/3.0/RPMS/ruby-devel-1.8.1-1.5.C30mdk.i586.rpm
 a69109163c0cd1c22616dce20e4924cf  corporate/3.0/RPMS/ruby-doc-1.8.1-1.5.C30mdk.i586.rpm
 cbfdf5cab0ae9c82731a94ef51f60e41  corporate/3.0/RPMS/ruby-tk-1.8.1-1.5.C30mdk.i586.rpm
 7db43332f4a6cd0d6f530f2e423315ac  corporate/3.0/SRPMS/ruby-1.8.1-1.5.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 3ec5b89b32196866594ac0fbeb852e66  x86_64/corporate/3.0/RPMS/ruby-1.8.1-1.5.C30mdk.x86_64.rpm
 63df0377e01145f410075b7122c1e541  x86_64/corporate/3.0/RPMS/ruby-devel-1.8.1-1.5.C30mdk.x86_64.rpm
 54580e762f81bceb21bc62aa7f4f934b  x86_64/corporate/3.0/RPMS/ruby-doc-1.8.1-1.5.C30mdk.x86_64.rpm
 f8e720ecbeafc2dceb8522272b213e08  x86_64/corporate/3.0/RPMS/ruby-tk-1.8.1-1.5.C30mdk.x86_64.rpm
 7db43332f4a6cd0d6f530f2e423315ac  x86_64/corporate/3.0/SRPMS/ruby-1.8.1-1.5.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEToPBmqjQ0CJFipgRAjYgAJ9tf1nRJZhBInVNILG53lQvy1nTOwCfQtJu
yoIIcgaXpYqbHvIzbKdUL04=
=FxkL
- -----END PGP SIGNATURE-----




- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Mandriva for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the site of the
original source to ensure that you receive the most current information concerning 
that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQCVAwUBRFIViIpao72zK539AQFtrQP+M9c5mEEECFZOZ2fokYjRVy6XnHgYfyAv
LqoraWGiACWBm2Aymvqd/3o0J8rh9ylUxYP+xF+lPkyt17KP8hChXxMDMFETnlc1
BeQ1pk92fJWA/VnaVnri6lMUkzEYvPRawfv0nVevbiioc9J5RiOQ/jtg7jWQOI2o
rDTuy4+D70A=
=D6eh
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________