ruby security update

2008-10-21T00:00:00
ID ELSA-2008-0897
Type oraclelinux
Reporter Oracle
Modified 2008-10-21T00:00:00

Description

[1.8.5-5.el5_2.5] - Build with -fno-strict-aliasing. [1.8.5-5.el5_2.4] - security fixes. (#461590) - CVE-2008-3655: multiple insufficient safe mode restrictions. - CVE-2008-3656: WEBrick DoS vulnerability (CPU consumption). - CVE-2008-3657: missing taintness checks in dl module. - CVE-2008-3905: use of predictable source port and transaction id in DNS requests done by resolv.rb module. - CVE-2008-3443: Memory allocation failure in Ruby regex engine (remotely exploitable DoS). - CVE-2008-3790: DoS vulnerability in the REXML module.