Ruby is an interpreted scripting language for object-oriented programming.
Andres Salomon reported an insecure file permissions flaw in the CGI
session management of Ruby. FileStore created world readable files that
could allow a malicious local user the ability to read CGI session data.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0755 to this issue.
Users are advised to upgrade to this erratum package, which contains a
backported patch to CGI::Session FileStore.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | s390 | ruby | < 1.6.8-9.EL3.2 | ruby-1.6.8-9.EL3.2.s390.rpm |
RedHat | any | x86_64 | ruby-mode | < 1.6.8-9.EL3.2 | ruby-mode-1.6.8-9.EL3.2.x86_64.rpm |
RedHat | any | i386 | ruby-devel | < 1.6.4-2.AS21.0 | ruby-devel-1.6.4-2.AS21.0.i386.rpm |
RedHat | any | s390x | ruby-devel | < 1.6.8-9.EL3.2 | ruby-devel-1.6.8-9.EL3.2.s390x.rpm |
RedHat | any | s390 | ruby-mode | < 1.6.8-9.EL3.2 | ruby-mode-1.6.8-9.EL3.2.s390.rpm |
RedHat | any | i386 | irb | < 1.6.4-2.AS21.0 | irb-1.6.4-2.AS21.0.i386.rpm |
RedHat | any | s390x | ruby-mode | < 1.6.8-9.EL3.2 | ruby-mode-1.6.8-9.EL3.2.s390x.rpm |
RedHat | any | ia64 | ruby-mode | < 1.6.8-9.EL3.2 | ruby-mode-1.6.8-9.EL3.2.ia64.rpm |
RedHat | any | ppc | ruby-mode | < 1.6.8-9.EL3.2 | ruby-mode-1.6.8-9.EL3.2.ppc.rpm |
RedHat | any | s390x | ruby | < 1.6.8-9.EL3.2 | ruby-1.6.8-9.EL3.2.s390x.rpm |