Vulnerabilities > CVE-2008-3790 - Improper Input Validation vulnerability in Ruby-Lang Ruby 1.8.6/1.8.7/1.9

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
ruby-lang
CWE-20
nessus
exploit available

Summary

The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion."

Vulnerable Configurations

Part Description Count
Application
Ruby-Lang
21

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Server Side Include (SSI) Injection
    An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
  • Cross Zone Scripting
    An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.

Exploit-Db

descriptionRuby 1.9 REXML Remote Denial Of Service Vulnerability. CVE-2008-3790. Dos exploit for linux platform
idEDB-ID:32292
last seen2016-02-03
modified2008-08-23
published2008-08-23
reporterLuka Treiber
sourcehttps://www.exploit-db.com/download/32292/
titleRuby <= 1.9 REXML Remote Denial Of Service Vulnerability

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200812-17.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200812-17 (Ruby: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the Ruby interpreter and its standard libraries. Drew Yao of Apple Product Security discovered the following flaws: Arbitrary code execution or Denial of Service (memory corruption) in the rb_str_buf_append() function (CVE-2008-2662). Arbitrary code execution or Denial of Service (memory corruption) in the rb_ary_stor() function (CVE-2008-2663). Memory corruption via alloca in the rb_str_format() function (CVE-2008-2664). Memory corruption (
    last seen2020-06-01
    modified2020-06-02
    plugin id35188
    published2008-12-17
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35188
    titleGLSA-200812-17 : Ruby: Multiple vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0897.NASL
    descriptionFrom Red Hat Security Advisory 2008:0897 : Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) Ruby
    last seen2020-06-01
    modified2020-06-02
    plugin id67752
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67752
    titleOracle Linux 4 / 5 : ruby (ELSA-2008-0897)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-8738.NASL
    descriptionUpdate to new upstream release fixing multiple security issues detailed in the upstream advisories: http://www.ruby-lang.org/en/news/2008/08/08/multiple- vulnerabilities-in-ruby/ - CVE-2008-3655 - multiple insufficient safe mode restrictions - CVE-2008-3656 - WEBrick DoS vulnerability (CPU consumption) - CVE-2008-3657 - missing
    last seen2020-06-01
    modified2020-06-02
    plugin id34380
    published2008-10-10
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34380
    titleFedora 9 : ruby-1.8.6.287-2.fc9 (2008-8738)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1651.NASL
    descriptionSeveral vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-3655 Keita Yamaguchi discovered that several safe level restrictions are insufficiently enforced. - CVE-2008-3656 Christian Neukirchen discovered that the WebRick module uses inefficient algorithms for HTTP header splitting, resulting in denial of service through resource exhaustion. - CVE-2008-3657 It was discovered that the dl module doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id34387
    published2008-10-13
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34387
    titleDebian DSA-1651-1 : ruby1.8 - several vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20081021_RUBY_ON_SL3_X.NASL
    descriptionThe Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) Ruby
    last seen2020-06-01
    modified2020-06-02
    plugin id60485
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60485
    titleScientific Linux Security Update : ruby on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_RUBY-6338.NASL
    descriptionThis ruby update improves return value checks for openssl function OCSP_basic_verify() (CVE-2009-0642) which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased (CVE-2008-3905) to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of service bug (CVE-2008-3790). An attack on algorithm complexity was possible in function WEBrick::HTTP::DefaultFileHandler() while parsing HTTP requests (CVE-2008-3656) as well as by using the regex engine (CVE-2008-3443) causing high CPU load. Ruby
    last seen2020-06-01
    modified2020-06-02
    plugin id51760
    published2011-01-27
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51760
    titleSuSE 10 Security Update : ruby (ZYPP Patch Number 6338)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_RUBY-090703.NASL
    descriptionThis ruby update improves return value checks for openssl function OCSP_basic_verify() (CVE-2009-0642) which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased (CVE-2008-3905) to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of service bug (CVE-2008-3790). An attack on algorithm complexity was possible in function WEBrick::HTTP::DefaultFileHandler() while parsing HTTP requests (CVE-2008-3656) as well as by using the regex engine (CVE-2008-3443) causing high CPU load. Ruby
    last seen2020-06-01
    modified2020-06-02
    plugin id40306
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40306
    titleopenSUSE Security Update : ruby (ruby-1070)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_RUBY-090703.NASL
    descriptionThis ruby update improves return value checks for openssl function OCSP_basic_verify() (CVE-2009-0642) which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased (CVE-2008-3905) to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of service bug (CVE-2008-3790). An attack on algorithm complexity was possible in function WEBrick::HTTP::DefaultFileHandler() while parsing HTTP requests (CVE-2008-3656) as well as by using the regex engine (CVE-2008-3443) causing high CPU load. Ruby
    last seen2020-06-01
    modified2020-06-02
    plugin id40122
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40122
    titleopenSUSE Security Update : ruby (ruby-1070)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-226.NASL
    descriptionA denial of service condition was found in Ruby
    last seen2020-06-01
    modified2020-06-02
    plugin id38018
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38018
    titleMandriva Linux Security Advisory : ruby (MDVSA-2008:226)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-651-1.NASL
    descriptionAkira Tagoh discovered a vulnerability in Ruby which lead to an integer overflow. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2376) Laurent Gaffie discovered that Ruby did not properly check for memory allocation failures. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service. (CVE-2008-3443) Keita Yamaguchi discovered several safe level vulnerabilities in Ruby. An attacker could use this to bypass intended access restrictions. (CVE-2008-3655) Keita Yamaguchi discovered that WEBrick in Ruby did not properly validate paths ending with
    last seen2020-06-01
    modified2020-06-02
    plugin id37068
    published2009-04-23
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37068
    titleUbuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : ruby1.8 vulnerabilities (USN-651-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0897.NASL
    descriptionUpdated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) Ruby
    last seen2020-06-01
    modified2020-06-02
    plugin id34466
    published2008-10-22
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34466
    titleRHEL 4 / 5 : ruby (RHSA-2008:0897)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1652.NASL
    descriptionSeveral vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-3655 Keita Yamaguchi discovered that several safe level restrictions are insufficiently enforced. - CVE-2008-3656 Christian Neukirchen discovered that the WebRick module uses inefficient algorithms for HTTP header splitting, resulting in denial of service through resource exhaustion. - CVE-2008-3657 It was discovered that the dl module doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id34388
    published2008-10-13
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34388
    titleDebian DSA-1652-1 : ruby1.9 - several vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0897.NASL
    descriptionUpdated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) Ruby
    last seen2020-06-01
    modified2020-06-02
    plugin id34502
    published2008-10-28
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34502
    titleCentOS 4 / 5 : ruby (CESA-2008:0897)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_RUBY-6339.NASL
    descriptionThis ruby update improves return value checks for openssl function OCSP_basic_verify() (CVE-2009-0642) which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased (CVE-2008-3905) to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of service bug (CVE-2008-3790). An attack on algorithm complexity was possible in function WEBrick::HTTP::DefaultFileHandler() while parsing HTTP requests (CVE-2008-3656) as well as by using the regex engine (CVE-2008-3443) causing high CPU load. Ruby
    last seen2020-06-01
    modified2020-06-02
    plugin id42032
    published2009-10-06
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42032
    titleopenSUSE 10 Security Update : ruby (ruby-6339)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-691-1.NASL
    descriptionLaurent Gaffie discovered that Ruby did not properly check for memory allocation failures. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service. (CVE-2008-3443) This update also fixes a regression in the upstream patch previously applied to fix CVE-2008-3790. The regression would cause parsing of some XML documents to fail. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37474
    published2009-04-23
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37474
    titleUbuntu 8.10 : ruby1.9 vulnerability (USN-691-1)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_5_7.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.7. Mac OS X 10.5.7 contains security fixes for the following products : - Apache - ATS - BIND - CFNetwork - CoreGraphics - Cscope - CUPS - Disk Images - enscript - Flash Player plug-in - Help Viewer - iChat - International Components for Unicode - IPSec - Kerberos - Kernel - Launch Services - libxml - Net-SNMP - Network Time - Networking - OpenSSL - PHP - QuickDraw Manager - ruby - Safari - Spotlight - system_cmds - telnet - Terminal - WebKit - X11
    last seen2020-06-01
    modified2020-06-02
    plugin id38744
    published2009-05-13
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38744
    titleMac OS X 10.5.x < 10.5.7 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12452.NASL
    descriptionThis update for ruby fixes the following security issues : - Improve return value checks for OpenSSL function OCSP_basic_verify() to refuse usage of revoked certificates. (CVE-2009-0642) - Increase entropy of DNS identifiers to avoid spoofing attacks. (CVE-2008-3905) - Fix denial of service (DoS) vulnerability while parsing XML data. (CVE-2008-3790) - Fix possible attack on algorithm complexity in function WEBrick::HTTP::DefaultFileHandler() while parsing HTTP requests or by using the regex engine to cause high CPU load. (CVE-2008-3656, CVE-2008-3443) - Improve ruby
    last seen2020-06-01
    modified2020-06-02
    plugin id41312
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41312
    titleSuSE9 Security Update : ruby (YOU Patch Number 12452)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_RUBY-090703.NASL
    descriptionThis ruby update improves return value checks for openssl function OCSP_basic_verify() (CVE-2009-0642) which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased (CVE-2008-3905) to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of service bug. (CVE-2008-3790) An attack on algorithm complexity was possible in function WEBrick::HTTP::DefaultFileHandler() while parsing HTTP requests (CVE-2008-3656) as well as by using the regex engine (CVE-2008-3443) causing high CPU load. Ruby
    last seen2020-06-01
    modified2020-06-02
    plugin id41452
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41452
    titleSuSE 11 Security Update : ruby (SAT Patch Number 1073)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-8736.NASL
    descriptionUpdate to new upstream release fixing multiple security issues detailed in the upstream advisories: http://www.ruby-lang.org/en/news/2008/08/08/multiple- vulnerabilities-in-ruby/ - CVE-2008-3655 - multiple insufficient safe mode restrictions - CVE-2008-3656 - WEBrick DoS vulnerability (CPU consumption) - CVE-2008-3657 - missing
    last seen2020-06-01
    modified2020-06-02
    plugin id34379
    published2008-10-10
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34379
    titleFedora 8 : ruby-1.8.6.287-2.fc8 (2008-8736)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2009-002.NASL
    descriptionThe remote host is running a version of Mac OS X 10.4 that does not have Security Update 2009-002 applied. This security update contains fixes for the following products : - Apache - ATS - BIND - CoreGraphics - Cscope - CUPS - Disk Images - enscript - Flash Player plug-in - Help Viewer - IPSec - Kerberos - Launch Services - libxml - Net-SNMP - Network Time - OpenSSL - QuickDraw Manager - Spotlight - system_cmds - telnet - Terminal - X11
    last seen2020-06-01
    modified2020-06-02
    plugin id38743
    published2009-05-13
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38743
    titleMac OS X Multiple Vulnerabilities (Security Update 2009-002)

Oval

accepted2013-04-29T04:05:16.883-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionThe REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion."
familyunix
idoval:org.mitre.oval:def:10393
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion."
version27

Redhat

advisories
rhsa
idRHSA-2008:0897
rpms
  • irb-0:1.8.1-7.el4_7.1
  • ruby-0:1.8.1-7.el4_7.1
  • ruby-0:1.8.5-5.el5_2.5
  • ruby-debuginfo-0:1.8.1-7.el4_7.1
  • ruby-debuginfo-0:1.8.5-5.el5_2.5
  • ruby-devel-0:1.8.1-7.el4_7.1
  • ruby-devel-0:1.8.5-5.el5_2.5
  • ruby-docs-0:1.8.1-7.el4_7.1
  • ruby-docs-0:1.8.5-5.el5_2.5
  • ruby-irb-0:1.8.5-5.el5_2.5
  • ruby-libs-0:1.8.1-7.el4_7.1
  • ruby-libs-0:1.8.5-5.el5_2.5
  • ruby-mode-0:1.8.1-7.el4_7.1
  • ruby-mode-0:1.8.5-5.el5_2.5
  • ruby-rdoc-0:1.8.5-5.el5_2.5
  • ruby-ri-0:1.8.5-5.el5_2.5
  • ruby-tcltk-0:1.8.1-7.el4_7.1
  • ruby-tcltk-0:1.8.5-5.el5_2.5

References