Mandriva Linux Security Advisory : ruby (MDVSA-2009:325)
Medium Nessus Plugin ID 43044
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities was discovered and corrected in ruby :
ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate (CVE-2009-0642).
The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type (CVE-2009-1904).
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
This update provides a solution to these vulnerabilities.
SolutionUpdate the affected packages.