sledp2-rubySecurity update for rubySecurity update for rubyThis ruby update improves return value checks for openssl
function OCSP_basic_verify() (CVE-2009-0642) which allowed
an attacker to use revoked certificates. The entropy of DNS
identifiers was increased (CVE-2008-3905) to avaid spoofing
attacks. The code for parsing XML data was vulnerable to a
denial of service bug (CVE-2008-3790). An attack on
algorithm complexity was possible in function
WEBrick::HTTP::DefaultFileHandler() while parsing HTTP
requests (CVE-2008-3656) as well as by using the regex
engine (CVE-2008-3443) causing high CPU load. Ruby's access
restriction code (CVE-2008-3655) as well as safe-level
handling using function DL.dlopen() (CVE-2008-3657) and big
decimal handling (CVE-2009-1904) was improved. Bypassing
HTTP basic authentication (authenticate_with_http_digest)
is not possible anymore.
This ruby update improves return value checks for openssl
function OCSP_basic_verify() (CVE-2009-0642) which allowed
an attacker to use revoked certificates. The entropy of DNS
identifiers was increased (CVE-2008-3905) to avaid spoofing
attacks. The code for parsing XML data was vulnerable to a
denial of service bug (CVE-2008-3790). An attack on
algorithm complexity was possible in function
WEBrick::HTTP::DefaultFileHandler() while parsing HTTP
requests (CVE-2008-3656) as well as by using the regex
engine (CVE-2008-3443) causing high CPU load. Ruby's access
restriction code (CVE-2008-3655) as well as safe-level
handling using function DL.dlopen() (CVE-2008-3657) and big
decimal handling (CVE-2009-1904) was improved. Bypassing
HTTP basic authentication (authenticate_with_http_digest)
is not possible anymore.
securityrubyx86_6460c0e54481d1ffa86dd642bac17071afea43d730