Synopsis:	Moderate: ruby security update
Issue date:	2007-11-13
CVE Names:	CVE-2006-6303 CVE-2007-5162 CVE-2007-5770

A flaw was discovered in the way Ruby's CGI module handles certain HTTP
requests. If a remote attacker sends a specially crafted request, it is
possible to cause the ruby CGI script to enter an infinite loop, 
possibly causing a denial of service. (CVE-2006-6303)

An SSL certificate validation flaw was discovered in several Ruby Net
modules. The libraries were not checking the requested host name against
the common name (CN) in the SSL server certificate, possibly allowing a 
man in the middle attack. (CVE-2007-5162, CVE-2007-5770)

SL 4.x

   SRPMS:
ruby-1.8.1-7.EL4.8.1.src.rpm
   i386:
irb-1.8.1-7.EL4.8.1.i386.rpm
ruby-1.8.1-7.EL4.8.1.i386.rpm
ruby-devel-1.8.1-7.EL4.8.1.i386.rpm
ruby-docs-1.8.1-7.EL4.8.1.i386.rpm
ruby-libs-1.8.1-7.EL4.8.1.i386.rpm
ruby-mode-1.8.1-7.EL4.8.1.i386.rpm
ruby-tcltk-1.8.1-7.EL4.8.1.i386.rpm
   x86_64:
irb-1.8.1-7.EL4.8.1.x86_64.rpm
ruby-1.8.1-7.EL4.8.1.x86_64.rpm
ruby-devel-1.8.1-7.EL4.8.1.x86_64.rpm
ruby-docs-1.8.1-7.EL4.8.1.x86_64.rpm
ruby-libs-1.8.1-7.EL4.8.1.i386.rpm
ruby-libs-1.8.1-7.EL4.8.1.x86_64.rpm
ruby-mode-1.8.1-7.EL4.8.1.x86_64.rpm
ruby-tcltk-1.8.1-7.EL4.8.1.x86_64.rpm

SL 5.x

   SRPMS:
ruby-1.8.5-5.el5_1.1.src.rpm
   i386:
ruby-1.8.5-5.el5.1.i386.rpm
ruby-devel-1.8.5-5.el5.1.i386.rpm
ruby-docs-1.8.5-5.el5.1.i386.rpm
ruby-irb-1.8.5-5.el5.1.i386.rpm
ruby-libs-1.8.5-5.el5.1.i386.rpm
ruby-mode-1.8.5-5.el5.1.i386.rpm
ruby-rdoc-1.8.5-5.el5.1.i386.rpm
ruby-ri-1.8.5-5.el5.1.i386.rpm
ruby-tcltk-1.8.5-5.el5.1.i386.rpm
   x86_64:
ruby-1.8.5-5.el5.1.x86_64.rpm
ruby-devel-1.8.5-5.el5.1.x86_64.rpm
ruby-docs-1.8.5-5.el5.1.x86_64.rpm
ruby-irb-1.8.5-5.el5.1.x86_64.rpm
ruby-libs-1.8.5-5.el5.1.i386.rpm
ruby-libs-1.8.5-5.el5.1.x86_64.rpm
ruby-mode-1.8.5-5.el5.1.x86_64.rpm
ruby-rdoc-1.8.5-5.el5.1.x86_64.rpm
ruby-ri-1.8.5-5.el5.1.x86_64.rpm
ruby-tcltk-1.8.5-5.el5.1.x86_64.rpm

-Connie Sieh
-Troy Dawson