-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                ESB-2007.0910 -- [Win][UNIX/Linux][RedHat]
                      Moderate: ruby security update
                             14 November 2007

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              ruby
Publisher:            Red Hat
Operating System:     Red Hat Linux 4
                      Red Hat Linux 5
                      UNIX variants (UNIX, Linux, OSX)
                      Windows
Impact:               Access Confidential Data
                      Denial of Service
                      Inappropriate Access
Access:               Remote/Unauthenticated
CVE Names:            CVE-2007-5770 CVE-2007-5162 CVE-2006-6303

Original Bulletin:    https://rhn.redhat.com/errata/RHSA-2007-0961.html
                      https://rhn.redhat.com/errata/RHSA-2007-0965.html

Comment: This advisory contains two (2) Red Hat Security Advisories.
         
         This advisory references vulnerabilities in products which run on
         platforms other than Red Hat. It is recommended that administrators
         running ruby check for an updated version of the software for their
         operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: ruby security update
Advisory ID:       RHSA-2007:0961-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0961.html
Issue date:        2007-11-13
Updated on:        2007-11-13
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-6303 CVE-2007-5162 CVE-2007-5770 
- - ---------------------------------------------------------------------

1. Summary:

Updated ruby packages that fix several security issues are now available
for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Ruby is an interpreted scripting language for object-oriented programming.

A flaw was discovered in the way Ruby's CGI module handles certain HTTP
requests. If a remote attacker sends a specially crafted request, it is
possible to cause the ruby CGI script to enter an infinite loop, possibly
causing a denial of service. (CVE-2006-6303)

An SSL certificate validation flaw was discovered in several Ruby Net
modules. The libraries were not checking the requested host name against
the common name (CN) in the SSL server certificate, possibly allowing a man
in the middle attack. (CVE-2007-5162, CVE-2007-5770)

Users of Ruby should upgrade to these updated packages, which contain
backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

218287 - CVE-2006-6303 ruby's cgi.rb vulnerable infinite loop DoS
313691 - CVE-2007-5162 ruby Net:HTTP insufficient verification of SSL certificate
362081 - CVE-2007-5770 ruby insufficient verification of SSL certificate in various net::* modules

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ruby-1.8.1-7.EL4.8.1.src.rpm
106605e96347c6766e83336109ba6ae0  ruby-1.8.1-7.EL4.8.1.src.rpm

i386:
765be348e6e5cad8b65f70497d42051d  irb-1.8.1-7.EL4.8.1.i386.rpm
f73ba45ab88a14158cfa3b85c0ebfe82  ruby-1.8.1-7.EL4.8.1.i386.rpm
c3333caf260f1dee91d739a1bccbe7a4  ruby-debuginfo-1.8.1-7.EL4.8.1.i386.rpm
9d605627141ccc78801ae53c364c884e  ruby-devel-1.8.1-7.EL4.8.1.i386.rpm
4330a884a43cc05b072db0507185bb94  ruby-docs-1.8.1-7.EL4.8.1.i386.rpm
92278b25f1a1ea86d1b2c18afeb05d27  ruby-libs-1.8.1-7.EL4.8.1.i386.rpm
0360306d3f6166b36c1931aaae8d34b9  ruby-mode-1.8.1-7.EL4.8.1.i386.rpm
5535d1efd33c3cad3ee737d55f6f7681  ruby-tcltk-1.8.1-7.EL4.8.1.i386.rpm

ia64:
79afb3c8edf4d65c3a6b07fdf52cb526  irb-1.8.1-7.EL4.8.1.ia64.rpm
224177b4e85cbb98ea816a64dde00633  ruby-1.8.1-7.EL4.8.1.ia64.rpm
c3333caf260f1dee91d739a1bccbe7a4  ruby-debuginfo-1.8.1-7.EL4.8.1.i386.rpm
6771ce90dba3304330d9581490092155  ruby-debuginfo-1.8.1-7.EL4.8.1.ia64.rpm
918ccbb91646cd136c081d9ad33d3721  ruby-devel-1.8.1-7.EL4.8.1.ia64.rpm
d74490173c8eb515d92e14c0989e3b7e  ruby-docs-1.8.1-7.EL4.8.1.ia64.rpm
92278b25f1a1ea86d1b2c18afeb05d27  ruby-libs-1.8.1-7.EL4.8.1.i386.rpm
7541fe15a20e6f4d76e54d4831b7bcf0  ruby-libs-1.8.1-7.EL4.8.1.ia64.rpm
f02558e7060950c1e494091870abb917  ruby-mode-1.8.1-7.EL4.8.1.ia64.rpm
65fab944a8c300f774a4bf9bf681e66e  ruby-tcltk-1.8.1-7.EL4.8.1.ia64.rpm

ppc:
32c8d583b12f0540150728beca98516a  irb-1.8.1-7.EL4.8.1.ppc.rpm
253e37299eca96941362fd0da1b905b1  ruby-1.8.1-7.EL4.8.1.ppc.rpm
e61050368f7da362d893d421b2030d7b  ruby-debuginfo-1.8.1-7.EL4.8.1.ppc.rpm
d9d0d602b138b6b49d070f49e1d62095  ruby-debuginfo-1.8.1-7.EL4.8.1.ppc64.rpm
d08807158491f3d09240aae131be1577  ruby-devel-1.8.1-7.EL4.8.1.ppc.rpm
9ddf28f5ae0a457e4d2ba9fc7ed4d150  ruby-docs-1.8.1-7.EL4.8.1.ppc.rpm
de396a9f2c3808849a666de02482704a  ruby-libs-1.8.1-7.EL4.8.1.ppc.rpm
af47b978c18c50d0051476bd033d1e50  ruby-libs-1.8.1-7.EL4.8.1.ppc64.rpm
ca595a74f2fd54abfb2f91e14d83c84d  ruby-mode-1.8.1-7.EL4.8.1.ppc.rpm
8b8d7eb76afedb6662d7f689c49b3258  ruby-tcltk-1.8.1-7.EL4.8.1.ppc.rpm

s390:
3dfffafb19d5612dac313a8cdedcaa08  irb-1.8.1-7.EL4.8.1.s390.rpm
01dd2123eaca564e4013feacb073600e  ruby-1.8.1-7.EL4.8.1.s390.rpm
3f48142faef520f76b158d9a332b8c76  ruby-debuginfo-1.8.1-7.EL4.8.1.s390.rpm
0577bdd9c31681ec0db944e68ed0a258  ruby-devel-1.8.1-7.EL4.8.1.s390.rpm
37e28a8e01e41e153b58c6365dc5ee20  ruby-docs-1.8.1-7.EL4.8.1.s390.rpm
f4b2f51f031fe1b411ba17499399a989  ruby-libs-1.8.1-7.EL4.8.1.s390.rpm
2625c174e9837fecf9c1fe41bc1b9002  ruby-mode-1.8.1-7.EL4.8.1.s390.rpm
a5616a339f8d84a3da47eeff25a9aa84  ruby-tcltk-1.8.1-7.EL4.8.1.s390.rpm

s390x:
213116e94f9e99f5f9c03043892ffbf3  irb-1.8.1-7.EL4.8.1.s390x.rpm
db5a7d26cdfbefe2248a1d54b50f4157  ruby-1.8.1-7.EL4.8.1.s390x.rpm
3f48142faef520f76b158d9a332b8c76  ruby-debuginfo-1.8.1-7.EL4.8.1.s390.rpm
7f328a6c2d9e5c345a3689a7c9b3d420  ruby-debuginfo-1.8.1-7.EL4.8.1.s390x.rpm
657ad52c8465fc84eaee4136d2adeff4  ruby-devel-1.8.1-7.EL4.8.1.s390x.rpm
b041f610b1d62a19c10261d6b409eb14  ruby-docs-1.8.1-7.EL4.8.1.s390x.rpm
f4b2f51f031fe1b411ba17499399a989  ruby-libs-1.8.1-7.EL4.8.1.s390.rpm
8e7d43c13a8868217377d3d442430358  ruby-libs-1.8.1-7.EL4.8.1.s390x.rpm
0b8c3dc30bb9d932e7176882503c5ac4  ruby-mode-1.8.1-7.EL4.8.1.s390x.rpm
98c1e9130ab7b2d2db4c6f0d9e157ec2  ruby-tcltk-1.8.1-7.EL4.8.1.s390x.rpm

x86_64:
f2c8d1fca0386f4549afe1eed3b27bfe  irb-1.8.1-7.EL4.8.1.x86_64.rpm
1cb537a873061ed0920366a223aa4723  ruby-1.8.1-7.EL4.8.1.x86_64.rpm
c3333caf260f1dee91d739a1bccbe7a4  ruby-debuginfo-1.8.1-7.EL4.8.1.i386.rpm
99df3795693b455bd46ec25fc5e19412  ruby-debuginfo-1.8.1-7.EL4.8.1.x86_64.rpm
ddd89b3fe0d886afe15d1e56fe9c25b3  ruby-devel-1.8.1-7.EL4.8.1.x86_64.rpm
22ca0c3995245046e85b4f378dc8e83f  ruby-docs-1.8.1-7.EL4.8.1.x86_64.rpm
92278b25f1a1ea86d1b2c18afeb05d27  ruby-libs-1.8.1-7.EL4.8.1.i386.rpm
92bde1960d6f6fd7b3c139cb1c27985c  ruby-libs-1.8.1-7.EL4.8.1.x86_64.rpm
99bcb06185b20465900cafce0f97a3c0  ruby-mode-1.8.1-7.EL4.8.1.x86_64.rpm
012c233146fe9350713e7ed1f24a577f  ruby-tcltk-1.8.1-7.EL4.8.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ruby-1.8.1-7.EL4.8.1.src.rpm
106605e96347c6766e83336109ba6ae0  ruby-1.8.1-7.EL4.8.1.src.rpm

i386:
765be348e6e5cad8b65f70497d42051d  irb-1.8.1-7.EL4.8.1.i386.rpm
f73ba45ab88a14158cfa3b85c0ebfe82  ruby-1.8.1-7.EL4.8.1.i386.rpm
c3333caf260f1dee91d739a1bccbe7a4  ruby-debuginfo-1.8.1-7.EL4.8.1.i386.rpm
9d605627141ccc78801ae53c364c884e  ruby-devel-1.8.1-7.EL4.8.1.i386.rpm
4330a884a43cc05b072db0507185bb94  ruby-docs-1.8.1-7.EL4.8.1.i386.rpm
92278b25f1a1ea86d1b2c18afeb05d27  ruby-libs-1.8.1-7.EL4.8.1.i386.rpm
0360306d3f6166b36c1931aaae8d34b9  ruby-mode-1.8.1-7.EL4.8.1.i386.rpm
5535d1efd33c3cad3ee737d55f6f7681  ruby-tcltk-1.8.1-7.EL4.8.1.i386.rpm

x86_64:
f2c8d1fca0386f4549afe1eed3b27bfe  irb-1.8.1-7.EL4.8.1.x86_64.rpm
1cb537a873061ed0920366a223aa4723  ruby-1.8.1-7.EL4.8.1.x86_64.rpm
c3333caf260f1dee91d739a1bccbe7a4  ruby-debuginfo-1.8.1-7.EL4.8.1.i386.rpm
99df3795693b455bd46ec25fc5e19412  ruby-debuginfo-1.8.1-7.EL4.8.1.x86_64.rpm
ddd89b3fe0d886afe15d1e56fe9c25b3  ruby-devel-1.8.1-7.EL4.8.1.x86_64.rpm
22ca0c3995245046e85b4f378dc8e83f  ruby-docs-1.8.1-7.EL4.8.1.x86_64.rpm
92278b25f1a1ea86d1b2c18afeb05d27  ruby-libs-1.8.1-7.EL4.8.1.i386.rpm
92bde1960d6f6fd7b3c139cb1c27985c  ruby-libs-1.8.1-7.EL4.8.1.x86_64.rpm
99bcb06185b20465900cafce0f97a3c0  ruby-mode-1.8.1-7.EL4.8.1.x86_64.rpm
012c233146fe9350713e7ed1f24a577f  ruby-tcltk-1.8.1-7.EL4.8.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ruby-1.8.1-7.EL4.8.1.src.rpm
106605e96347c6766e83336109ba6ae0  ruby-1.8.1-7.EL4.8.1.src.rpm

i386:
765be348e6e5cad8b65f70497d42051d  irb-1.8.1-7.EL4.8.1.i386.rpm
f73ba45ab88a14158cfa3b85c0ebfe82  ruby-1.8.1-7.EL4.8.1.i386.rpm
c3333caf260f1dee91d739a1bccbe7a4  ruby-debuginfo-1.8.1-7.EL4.8.1.i386.rpm
9d605627141ccc78801ae53c364c884e  ruby-devel-1.8.1-7.EL4.8.1.i386.rpm
4330a884a43cc05b072db0507185bb94  ruby-docs-1.8.1-7.EL4.8.1.i386.rpm
92278b25f1a1ea86d1b2c18afeb05d27  ruby-libs-1.8.1-7.EL4.8.1.i386.rpm
0360306d3f6166b36c1931aaae8d34b9  ruby-mode-1.8.1-7.EL4.8.1.i386.rpm
5535d1efd33c3cad3ee737d55f6f7681  ruby-tcltk-1.8.1-7.EL4.8.1.i386.rpm

ia64:
79afb3c8edf4d65c3a6b07fdf52cb526  irb-1.8.1-7.EL4.8.1.ia64.rpm
224177b4e85cbb98ea816a64dde00633  ruby-1.8.1-7.EL4.8.1.ia64.rpm
c3333caf260f1dee91d739a1bccbe7a4  ruby-debuginfo-1.8.1-7.EL4.8.1.i386.rpm
6771ce90dba3304330d9581490092155  ruby-debuginfo-1.8.1-7.EL4.8.1.ia64.rpm
918ccbb91646cd136c081d9ad33d3721  ruby-devel-1.8.1-7.EL4.8.1.ia64.rpm
d74490173c8eb515d92e14c0989e3b7e  ruby-docs-1.8.1-7.EL4.8.1.ia64.rpm
92278b25f1a1ea86d1b2c18afeb05d27  ruby-libs-1.8.1-7.EL4.8.1.i386.rpm
7541fe15a20e6f4d76e54d4831b7bcf0  ruby-libs-1.8.1-7.EL4.8.1.ia64.rpm
f02558e7060950c1e494091870abb917  ruby-mode-1.8.1-7.EL4.8.1.ia64.rpm
65fab944a8c300f774a4bf9bf681e66e  ruby-tcltk-1.8.1-7.EL4.8.1.ia64.rpm

x86_64:
f2c8d1fca0386f4549afe1eed3b27bfe  irb-1.8.1-7.EL4.8.1.x86_64.rpm
1cb537a873061ed0920366a223aa4723  ruby-1.8.1-7.EL4.8.1.x86_64.rpm
c3333caf260f1dee91d739a1bccbe7a4  ruby-debuginfo-1.8.1-7.EL4.8.1.i386.rpm
99df3795693b455bd46ec25fc5e19412  ruby-debuginfo-1.8.1-7.EL4.8.1.x86_64.rpm
ddd89b3fe0d886afe15d1e56fe9c25b3  ruby-devel-1.8.1-7.EL4.8.1.x86_64.rpm
22ca0c3995245046e85b4f378dc8e83f  ruby-docs-1.8.1-7.EL4.8.1.x86_64.rpm
92278b25f1a1ea86d1b2c18afeb05d27  ruby-libs-1.8.1-7.EL4.8.1.i386.rpm
92bde1960d6f6fd7b3c139cb1c27985c  ruby-libs-1.8.1-7.EL4.8.1.x86_64.rpm
99bcb06185b20465900cafce0f97a3c0  ruby-mode-1.8.1-7.EL4.8.1.x86_64.rpm
012c233146fe9350713e7ed1f24a577f  ruby-tcltk-1.8.1-7.EL4.8.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ruby-1.8.1-7.EL4.8.1.src.rpm
106605e96347c6766e83336109ba6ae0  ruby-1.8.1-7.EL4.8.1.src.rpm

i386:
765be348e6e5cad8b65f70497d42051d  irb-1.8.1-7.EL4.8.1.i386.rpm
f73ba45ab88a14158cfa3b85c0ebfe82  ruby-1.8.1-7.EL4.8.1.i386.rpm
c3333caf260f1dee91d739a1bccbe7a4  ruby-debuginfo-1.8.1-7.EL4.8.1.i386.rpm
9d605627141ccc78801ae53c364c884e  ruby-devel-1.8.1-7.EL4.8.1.i386.rpm
4330a884a43cc05b072db0507185bb94  ruby-docs-1.8.1-7.EL4.8.1.i386.rpm
92278b25f1a1ea86d1b2c18afeb05d27  ruby-libs-1.8.1-7.EL4.8.1.i386.rpm
0360306d3f6166b36c1931aaae8d34b9  ruby-mode-1.8.1-7.EL4.8.1.i386.rpm
5535d1efd33c3cad3ee737d55f6f7681  ruby-tcltk-1.8.1-7.EL4.8.1.i386.rpm

ia64:
79afb3c8edf4d65c3a6b07fdf52cb526  irb-1.8.1-7.EL4.8.1.ia64.rpm
224177b4e85cbb98ea816a64dde00633  ruby-1.8.1-7.EL4.8.1.ia64.rpm
c3333caf260f1dee91d739a1bccbe7a4  ruby-debuginfo-1.8.1-7.EL4.8.1.i386.rpm
6771ce90dba3304330d9581490092155  ruby-debuginfo-1.8.1-7.EL4.8.1.ia64.rpm
918ccbb91646cd136c081d9ad33d3721  ruby-devel-1.8.1-7.EL4.8.1.ia64.rpm
d74490173c8eb515d92e14c0989e3b7e  ruby-docs-1.8.1-7.EL4.8.1.ia64.rpm
92278b25f1a1ea86d1b2c18afeb05d27  ruby-libs-1.8.1-7.EL4.8.1.i386.rpm
7541fe15a20e6f4d76e54d4831b7bcf0  ruby-libs-1.8.1-7.EL4.8.1.ia64.rpm
f02558e7060950c1e494091870abb917  ruby-mode-1.8.1-7.EL4.8.1.ia64.rpm
65fab944a8c300f774a4bf9bf681e66e  ruby-tcltk-1.8.1-7.EL4.8.1.ia64.rpm

x86_64:
f2c8d1fca0386f4549afe1eed3b27bfe  irb-1.8.1-7.EL4.8.1.x86_64.rpm
1cb537a873061ed0920366a223aa4723  ruby-1.8.1-7.EL4.8.1.x86_64.rpm
c3333caf260f1dee91d739a1bccbe7a4  ruby-debuginfo-1.8.1-7.EL4.8.1.i386.rpm
99df3795693b455bd46ec25fc5e19412  ruby-debuginfo-1.8.1-7.EL4.8.1.x86_64.rpm
ddd89b3fe0d886afe15d1e56fe9c25b3  ruby-devel-1.8.1-7.EL4.8.1.x86_64.rpm
22ca0c3995245046e85b4f378dc8e83f  ruby-docs-1.8.1-7.EL4.8.1.x86_64.rpm
92278b25f1a1ea86d1b2c18afeb05d27  ruby-libs-1.8.1-7.EL4.8.1.i386.rpm
92bde1960d6f6fd7b3c139cb1c27985c  ruby-libs-1.8.1-7.EL4.8.1.x86_64.rpm
99bcb06185b20465900cafce0f97a3c0  ruby-mode-1.8.1-7.EL4.8.1.x86_64.rpm
012c233146fe9350713e7ed1f24a577f  ruby-tcltk-1.8.1-7.EL4.8.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5770
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHOXV6XlSAg2UNWIIRAgCwAJ9qV6b0L0STxmOFhqwSJT5VKoKClACbBBXQ
8v6N6i8NOQlE/YsuwCxvYRA=
=uewW
- -----END PGP SIGNATURE-----


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: ruby security update
Advisory ID:       RHSA-2007:0965-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0965.html
Issue date:        2007-11-13
Updated on:        2007-11-13
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-5162 CVE-2007-5770 
- - ---------------------------------------------------------------------

1. Summary:

Updated ruby packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

Ruby is an interpreted scripting language for object-oriented programming.

An SSL certificate validation flaw was discovered in several Ruby Net
modules. The libraries were not checking the requested host name against
the common name (CN) in the SSL server certificate, possibly allowing a man
in the middle attack. (CVE-2007-5162, CVE-2007-5770)

Users of Ruby should upgrade to these updated packages, which contain a
backported patch to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

313691 - CVE-2007-5162 ruby Net:HTTP insufficient verification of SSL certificate
362081 - CVE-2007-5770 ruby insufficient verification of SSL certificate in various net::* modules

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ruby-1.8.5-5.el5_1.1.src.rpm
bd2ba2ff48194091448b3c7c61fd218f  ruby-1.8.5-5.el5_1.1.src.rpm

i386:
9a1214c0884a6e4cfa181a693dbf1905  ruby-1.8.5-5.el5_1.1.i386.rpm
affda32e3a7fbc2ff7b71820983fa10e  ruby-debuginfo-1.8.5-5.el5_1.1.i386.rpm
3f99f3d8b23dbd04830d5b622d9acfbe  ruby-docs-1.8.5-5.el5_1.1.i386.rpm
fdafed93c351491808f3d787d2e1b967  ruby-irb-1.8.5-5.el5_1.1.i386.rpm
0d59f6f236006e26d2bdb13835adfbe5  ruby-libs-1.8.5-5.el5_1.1.i386.rpm
6a61484d511a539a6f5e51ab2f1b524d  ruby-rdoc-1.8.5-5.el5_1.1.i386.rpm
8283e9c796c013c6fec91ebaf0686717  ruby-ri-1.8.5-5.el5_1.1.i386.rpm
f57234b3f2b2e62c320cce79633517a2  ruby-tcltk-1.8.5-5.el5_1.1.i386.rpm

x86_64:
1727a1e7a24dffd9bcbaf14dd5885e09  ruby-1.8.5-5.el5_1.1.x86_64.rpm
affda32e3a7fbc2ff7b71820983fa10e  ruby-debuginfo-1.8.5-5.el5_1.1.i386.rpm
5d03ae1d4a04606daa60c2f21452962d  ruby-debuginfo-1.8.5-5.el5_1.1.x86_64.rpm
b20add781113d1a6c62da9eb4ae5322e  ruby-docs-1.8.5-5.el5_1.1.x86_64.rpm
9860b5dcaff839ceac92ad3473474138  ruby-irb-1.8.5-5.el5_1.1.x86_64.rpm
0d59f6f236006e26d2bdb13835adfbe5  ruby-libs-1.8.5-5.el5_1.1.i386.rpm
7cdaed976249c0f131f545adc6d34a19  ruby-libs-1.8.5-5.el5_1.1.x86_64.rpm
b9daa1cda45b5c9eb7977162d32932f8  ruby-rdoc-1.8.5-5.el5_1.1.x86_64.rpm
7a97f1f171c16e36bd85abbbadab358b  ruby-ri-1.8.5-5.el5_1.1.x86_64.rpm
9e1e70b9dd97366bd2d46a3bd87da52d  ruby-tcltk-1.8.5-5.el5_1.1.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ruby-1.8.5-5.el5_1.1.src.rpm
bd2ba2ff48194091448b3c7c61fd218f  ruby-1.8.5-5.el5_1.1.src.rpm

i386:
affda32e3a7fbc2ff7b71820983fa10e  ruby-debuginfo-1.8.5-5.el5_1.1.i386.rpm
fc9636a5d413c56797e35c13e19445c1  ruby-devel-1.8.5-5.el5_1.1.i386.rpm
b71daf9336d1c3ddfd572dd6f42aac3a  ruby-mode-1.8.5-5.el5_1.1.i386.rpm

x86_64:
affda32e3a7fbc2ff7b71820983fa10e  ruby-debuginfo-1.8.5-5.el5_1.1.i386.rpm
5d03ae1d4a04606daa60c2f21452962d  ruby-debuginfo-1.8.5-5.el5_1.1.x86_64.rpm
fc9636a5d413c56797e35c13e19445c1  ruby-devel-1.8.5-5.el5_1.1.i386.rpm
c9cfa969d4cff4ba305119184559d59f  ruby-devel-1.8.5-5.el5_1.1.x86_64.rpm
42b2fdf9d6d85e4701938042d05da90e  ruby-mode-1.8.5-5.el5_1.1.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ruby-1.8.5-5.el5_1.1.src.rpm
bd2ba2ff48194091448b3c7c61fd218f  ruby-1.8.5-5.el5_1.1.src.rpm

i386:
9a1214c0884a6e4cfa181a693dbf1905  ruby-1.8.5-5.el5_1.1.i386.rpm
affda32e3a7fbc2ff7b71820983fa10e  ruby-debuginfo-1.8.5-5.el5_1.1.i386.rpm
fc9636a5d413c56797e35c13e19445c1  ruby-devel-1.8.5-5.el5_1.1.i386.rpm
3f99f3d8b23dbd04830d5b622d9acfbe  ruby-docs-1.8.5-5.el5_1.1.i386.rpm
fdafed93c351491808f3d787d2e1b967  ruby-irb-1.8.5-5.el5_1.1.i386.rpm
0d59f6f236006e26d2bdb13835adfbe5  ruby-libs-1.8.5-5.el5_1.1.i386.rpm
b71daf9336d1c3ddfd572dd6f42aac3a  ruby-mode-1.8.5-5.el5_1.1.i386.rpm
6a61484d511a539a6f5e51ab2f1b524d  ruby-rdoc-1.8.5-5.el5_1.1.i386.rpm
8283e9c796c013c6fec91ebaf0686717  ruby-ri-1.8.5-5.el5_1.1.i386.rpm
f57234b3f2b2e62c320cce79633517a2  ruby-tcltk-1.8.5-5.el5_1.1.i386.rpm

ia64:
833cb4e41f3ce360bffebe58dca7ffed  ruby-1.8.5-5.el5_1.1.ia64.rpm
f9280d52b11296dede951e4dc546d0e0  ruby-debuginfo-1.8.5-5.el5_1.1.ia64.rpm
aa9fc9d56a73ddf69284e15178fd5335  ruby-devel-1.8.5-5.el5_1.1.ia64.rpm
5796d0d2c9bd06e7f15311ff7eb76f95  ruby-docs-1.8.5-5.el5_1.1.ia64.rpm
1cb804cb60fe8cd550d171d522566740  ruby-irb-1.8.5-5.el5_1.1.ia64.rpm
012d3122c4de5507f39eb43b339e8db3  ruby-libs-1.8.5-5.el5_1.1.ia64.rpm
b54dd1219ac04bc945265c65f4a2e8a9  ruby-mode-1.8.5-5.el5_1.1.ia64.rpm
b3e415994eb42d61e8d9783e40f586dd  ruby-rdoc-1.8.5-5.el5_1.1.ia64.rpm
0668bbb175d3fc815ee7c709f1d67e8e  ruby-ri-1.8.5-5.el5_1.1.ia64.rpm
03b3bbd6a20b5a570de2571259beb103  ruby-tcltk-1.8.5-5.el5_1.1.ia64.rpm

ppc:
8c799e6408b3c0af19cf7bebea3b0ec4  ruby-1.8.5-5.el5_1.1.ppc.rpm
a8e8a533efaabacbd9806998beb7bed9  ruby-debuginfo-1.8.5-5.el5_1.1.ppc.rpm
4e5a03c88823942fb923e13ee5e9f652  ruby-debuginfo-1.8.5-5.el5_1.1.ppc64.rpm
c65c8ac0c44f5574b2d9e0c946bb1cc0  ruby-devel-1.8.5-5.el5_1.1.ppc.rpm
216d5f434ca5b590361445655cf35546  ruby-devel-1.8.5-5.el5_1.1.ppc64.rpm
e7cf922d26f18c948840f2250491b432  ruby-docs-1.8.5-5.el5_1.1.ppc.rpm
6b8ddefd1936ee7eb6f529ffd45f0f56  ruby-irb-1.8.5-5.el5_1.1.ppc.rpm
9bd06a79a8d2144ca0425f64ee5bc052  ruby-libs-1.8.5-5.el5_1.1.ppc.rpm
f68509b3bec796e6e35890101422979c  ruby-libs-1.8.5-5.el5_1.1.ppc64.rpm
cc042ce28dbd9cfca6686b05488cccd2  ruby-mode-1.8.5-5.el5_1.1.ppc.rpm
9f52495edcf1c7241d971a772ec9864b  ruby-rdoc-1.8.5-5.el5_1.1.ppc.rpm
d4ef2eb938ad8e500c312f5a0112bc17  ruby-ri-1.8.5-5.el5_1.1.ppc.rpm
9b94203c995d9825ea9522d47d2c93b9  ruby-tcltk-1.8.5-5.el5_1.1.ppc.rpm

s390x:
466dbec52fbb1b426a05562d4223f1b5  ruby-1.8.5-5.el5_1.1.s390x.rpm
9dab2dee3b0818ee8f512b2378792f8d  ruby-debuginfo-1.8.5-5.el5_1.1.s390.rpm
ebbc60ecc686cf0b2cf581e7b9bcbeb3  ruby-debuginfo-1.8.5-5.el5_1.1.s390x.rpm
112e2222450789fda4d4aa3ee866f1c0  ruby-devel-1.8.5-5.el5_1.1.s390.rpm
5cf92a394b87428a0fa8dd3b4e4cb1b1  ruby-devel-1.8.5-5.el5_1.1.s390x.rpm
f8cb187ff5e57e17a7ad9a956b04dbf3  ruby-docs-1.8.5-5.el5_1.1.s390x.rpm
aee78c767a2c33a31927258d90e07cf9  ruby-irb-1.8.5-5.el5_1.1.s390x.rpm
9f539c988f1672d7b7534faf15c889d6  ruby-libs-1.8.5-5.el5_1.1.s390.rpm
cfa7ff37d59ffa463d96c1865b6cd7b0  ruby-libs-1.8.5-5.el5_1.1.s390x.rpm
80f07b5abe18be100c69925551695c75  ruby-mode-1.8.5-5.el5_1.1.s390x.rpm
2b1f9972403c4793cd97ef783ba052b7  ruby-rdoc-1.8.5-5.el5_1.1.s390x.rpm
2d551ece5c839f9b241118a140dbbe02  ruby-ri-1.8.5-5.el5_1.1.s390x.rpm
558d87b587fc059bb648a620e91d9506  ruby-tcltk-1.8.5-5.el5_1.1.s390x.rpm

x86_64:
1727a1e7a24dffd9bcbaf14dd5885e09  ruby-1.8.5-5.el5_1.1.x86_64.rpm
affda32e3a7fbc2ff7b71820983fa10e  ruby-debuginfo-1.8.5-5.el5_1.1.i386.rpm
5d03ae1d4a04606daa60c2f21452962d  ruby-debuginfo-1.8.5-5.el5_1.1.x86_64.rpm
fc9636a5d413c56797e35c13e19445c1  ruby-devel-1.8.5-5.el5_1.1.i386.rpm
c9cfa969d4cff4ba305119184559d59f  ruby-devel-1.8.5-5.el5_1.1.x86_64.rpm
b20add781113d1a6c62da9eb4ae5322e  ruby-docs-1.8.5-5.el5_1.1.x86_64.rpm
9860b5dcaff839ceac92ad3473474138  ruby-irb-1.8.5-5.el5_1.1.x86_64.rpm
0d59f6f236006e26d2bdb13835adfbe5  ruby-libs-1.8.5-5.el5_1.1.i386.rpm
7cdaed976249c0f131f545adc6d34a19  ruby-libs-1.8.5-5.el5_1.1.x86_64.rpm
42b2fdf9d6d85e4701938042d05da90e  ruby-mode-1.8.5-5.el5_1.1.x86_64.rpm
b9daa1cda45b5c9eb7977162d32932f8  ruby-rdoc-1.8.5-5.el5_1.1.x86_64.rpm
7a97f1f171c16e36bd85abbbadab358b  ruby-ri-1.8.5-5.el5_1.1.x86_64.rpm
9e1e70b9dd97366bd2d46a3bd87da52d  ruby-tcltk-1.8.5-5.el5_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5770
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHOXW1XlSAg2UNWIIRAjfGAJ4hK/7/KqFVYetVhIxsaFicYMO9DQCgtBaX
t8gAEpDflWZnbE3ZbSQHXcs=
=loqA
- -----END PGP SIGNATURE-----


- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRzpZByh9+71yA2DNAQI0VgQAkE82FdhlUx1gzGP5AixZlB8PUBu4aavX
LIIs0cGtjRpmkjSnKFNmgiY3C5v/uniak+hVIkMln61nnZLkar2oulVnX+jd+mqR
A9baYlBlkiV5ZlZJ3FOuliUhgkarNt3PgOfvmpj/KeSczeP+tTXEYp5vVvBs5CI+
U/yKDe2ANMg=
=Mzdk
-----END PGP SIGNATURE-----