Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Mon, 30 Jan 2012 08:37:07 -0600 Reply-To: Pat RieheckySender: Security Errata for Scientific Linux From: Pat Riehecky Organization: Fermilab Subject: Informative Announcement for SL4.x Less Than 1 Month End Of Life Notice MIME-Version: 1.0 In accordance with our Upstream Vendor's Errata Support Policy, the regular life-cycle of Scientific Linux 4 will end in February 2012. After this date, The Upstream Vendor will discontinue the regular update services. We must follow them in this matter. Therefore, new bug fix, enhancement, and security errata updates will no longer be available for Scientific Linux 4 after the End of Life date. They will not be providing updates and so we cannot provide them. Anyone still running production workloads on Scientific Linux 4 are advised to begin upgrading to Scientific Linux 5 or 6. Upstream recommends a reinstall and not an upgrade. Please be advised that we also believe that a clean reinstall is the preferred method for moving from Scientific Linux 4 to a newer version. We will continue to provide updates as they become available to us for Scientific Linux 4. Again, this is a reminder of the coming end of life for Scientific Linux 4 in February 2012. - Scientific Linux Development Team Date: Mon, 30 Jan 2012 15:54:11 -0600 Reply-To: This email address is being protected from spambots. You need JavaScript enabled to view it. Sender: Security Errata for Scientific LinuxFrom: This email address is being protected from spambots. You need JavaScript enabled to view it. Subject: Security ERRATA Moderate: ruby on SL4.x, SL5.x i386/x86_64 Comments: To:This email address is being protected from spambots. You need JavaScript enabled to view it. Synopsis: Moderate: ruby security update Issue Date: 2012-01-30 CVE Numbers: CVE-2011-2686 CVE-2011-4815 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A denial of service flaw was found in the implementation of associative arrays (hashes) in Ruby. An attacker able to supply a large number of inputs to a Ruby application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2011-4815) It was found that Ruby did not reinitialize the PRNG (pseudorandom number generator) after forking a child process. This could eventually lead to the PRNG returning the same result twice. An attacker keeping track of the values returned by one child process could use this flaw to predict the values the PRNG would return in other child processes (as long as the parent process persisted). (CVE-2011-3009) All users of ruby are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. SL4: i386 irb-1.8.1-18.el4.i386.rpm ruby-1.8.1-18.el4.i386.rpm ruby-debuginfo-1.8.1-18.el4.i386.rpm ruby-devel-1.8.1-18.el4.i386.rpm ruby-docs-1.8.1-18.el4.i386.rpm ruby-libs-1.8.1-18.el4.i386.rpm ruby-mode-1.8.1-18.el4.i386.rpm ruby-tcltk-1.8.1-18.el4.i386.rpm x86_64 irb-1.8.1-18.el4.x86_64.rpm ruby-1.8.1-18.el4.x86_64.rpm ruby-debuginfo-1.8.1-18.el4.i386.rpm ruby-debuginfo-1.8.1-18.el4.x86_64.rpm ruby-devel-1.8.1-18.el4.x86_64.rpm ruby-docs-1.8.1-18.el4.x86_64.rpm ruby-libs-1.8.1-18.el4.i386.rpm ruby-libs-1.8.1-18.el4.x86_64.rpm ruby-mode-1.8.1-18.el4.x86_64.rpm ruby-tcltk-1.8.1-18.el4.x86_64.rpm SL5: i386 ruby-1.8.5-22.el5_7.1.i386.rpm ruby-debuginfo-1.8.5-22.el5_7.1.i386.rpm ruby-devel-1.8.5-22.el5_7.1.i386.rpm ruby-docs-1.8.5-22.el5_7.1.i386.rpm ruby-irb-1.8.5-22.el5_7.1.i386.rpm ruby-libs-1.8.5-22.el5_7.1.i386.rpm ruby-mode-1.8.5-22.el5_7.1.i386.rpm ruby-rdoc-1.8.5-22.el5_7.1.i386.rpm ruby-ri-1.8.5-22.el5_7.1.i386.rpm ruby-tcltk-1.8.5-22.el5_7.1.i386.rpm x86_64 ruby-1.8.5-22.el5_7.1.x86_64.rpm ruby-debuginfo-1.8.5-22.el5_7.1.i386.rpm ruby-debuginfo-1.8.5-22.el5_7.1.x86_64.rpm ruby-devel-1.8.5-22.el5_7.1.i386.rpm ruby-devel-1.8.5-22.el5_7.1.x86_64.rpm ruby-docs-1.8.5-22.el5_7.1.x86_64.rpm ruby-irb-1.8.5-22.el5_7.1.x86_64.rpm ruby-libs-1.8.5-22.el5_7.1.i386.rpm ruby-libs-1.8.5-22.el5_7.1.x86_64.rpm ruby-mode-1.8.5-22.el5_7.1.x86_64.rpm ruby-rdoc-1.8.5-22.el5_7.1.x86_64.rpm ruby-ri-1.8.5-22.el5_7.1.x86_64.rpm ruby-tcltk-1.8.5-22.el5_7.1.x86_64.rpm - Scientific Linux Development Team