Ruby is an interpreted scripting language for object-oriented programming.
A bug was found in the way Ruby launched an XMLRPC server. If an XMLRPC
server is launched in a certain way, it becomes possible for a remote
attacker to execute arbitrary commands within the XMLRPC server. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-1992 to this issue.
Users of Ruby should update to these erratum packages, which contain a
backported patch and are not vulnerable to this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | s390 | ruby-tcltk | < 1.8.1-7.EL4.1 | ruby-tcltk-1.8.1-7.EL4.1.s390.rpm |
RedHat | any | i386 | ruby | < 1.8.1-7.EL4.1 | ruby-1.8.1-7.EL4.1.i386.rpm |
RedHat | any | ppc | ruby-tcltk | < 1.8.1-7.EL4.1 | ruby-tcltk-1.8.1-7.EL4.1.ppc.rpm |
RedHat | any | i386 | ruby-devel | < 1.8.1-7.EL4.1 | ruby-devel-1.8.1-7.EL4.1.i386.rpm |
RedHat | any | ia64 | ruby-docs | < 1.8.1-7.EL4.1 | ruby-docs-1.8.1-7.EL4.1.ia64.rpm |
RedHat | any | x86_64 | ruby-devel | < 1.8.1-7.EL4.1 | ruby-devel-1.8.1-7.EL4.1.x86_64.rpm |
RedHat | any | ia64 | ruby-tcltk | < 1.8.1-7.EL4.1 | ruby-tcltk-1.8.1-7.EL4.1.ia64.rpm |
RedHat | any | ppc | ruby-mode | < 1.8.1-7.EL4.1 | ruby-mode-1.8.1-7.EL4.1.ppc.rpm |
RedHat | any | ppc | ruby-libs | < 1.8.1-7.EL4.1 | ruby-libs-1.8.1-7.EL4.1.ppc.rpm |
RedHat | any | ppc | ruby-docs | < 1.8.1-7.EL4.1 | ruby-docs-1.8.1-7.EL4.1.ppc.rpm |