The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-691-1] Ruby vulnerability


<< Previous INDEX Search src / Print Next >>
Subject: [USN-691-1] Ruby vulnerability
From: Marc Deslauriers <marc.deslauriers@canonical.com.>
To: [email protected]
Cc: [email protected], [email protected]
X-Original-To: [email protected]
X-Mailcontrol-Inbound: 
 uq3drnD2P+ps5SfEb0fvr78+NoP1DHBZwGqKpaXB2eTgNv8D6KLIxb8+NoP1DHBZ8VSaBg0k0xw=
X-Spam-Score: -11
X-Scanned-By: MailControl A_08_51_00 (www.mailcontrol.com) on 10.74.0.158
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-e2uKS+RMIdU9OmIXdpSo"
Date: Tue, 16 Dec 2008 10:18:46 -0500
Message-Id: <1229440726.18614.12.camel@mdlinux.technorage.com.>
Mime-Version: 1.0
X-Mailer: Evolution 2.24.2 
X-Virus-Scanned: antivirus-gw at tyumen.ru


--=-e2uKS+RMIdU9OmIXdpSo
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-691-1          December 16, 2008
ruby1.9 vulnerability
CVE-2008-3443, CVE-2008-3790
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
  ruby1.9                         1.9.0.2-7ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Laurent Gaffie discovered that Ruby did not properly check for memory
allocation failures. If a user or automated system were tricked into
running a malicious script, an attacker could cause a denial of
service. (CVE-2008-3443)

This update also fixes a regression in the upstream patch previously
applied to fix CVE-2008-3790. The regression would cause parsing of
some XML documents to fail.


Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/ruby1.9_1.9.0.2-7=
ubuntu1.1.diff.gz
      Size/MD5:    49454 02828291d0b8db94d06dbc6be804b58b
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/ruby1.9_1.9.0.2-7=
ubuntu1.1.dsc
      Size/MD5:     1771 5d3434eeadde20df96b78b4a959112f2
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/ruby1.9_1.9.0.2.o=
rig.tar.gz
      Size/MD5:  6407910 2a848b81ed1d6393b88eec8aa6173b75

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/irb1.9_1.9.0.=
2-7ubuntu1.1_all.deb
      Size/MD5:    57440 7c3c984736fd87485a9dfa0e8065afcc
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/rdoc1.9_1.9.0=
.2-7ubuntu1.1_all.deb
      Size/MD5:   112262 a2afb0c815463a14b51eff6199d10661
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/ri1.9_1.9.0.2=
-7ubuntu1.1_all.deb
      Size/MD5:   971786 57646618dddada4562990b3eb1c787b6
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/ruby1.9-elisp=
_1.9.0.2-7ubuntu1.1_all.deb
      Size/MD5:    31094 4e2ac93f161570ff11b5d39d5912bfce
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/ruby1.9-examp=
les_1.9.0.2-7ubuntu1.1_all.deb
      Size/MD5:    64354 8a9aca7db601358141fd19d85ea45751

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/libruby1.9-dbg_1.=
9.0.2-7ubuntu1.1_amd64.deb
      Size/MD5:  2113618 bc410c5116879cd05234451e2fbc1447
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/libruby1.9_1.9.0.=
2-7ubuntu1.1_amd64.deb
      Size/MD5:  2275308 5863e492367db5313ac068c5dde703e9
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/ruby1.9-dev_1.9.0=
.2-7ubuntu1.1_amd64.deb
      Size/MD5:   943252 1c8a27569a60edf9e4aabb7b7716967f
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/ruby1.9_1.9.0.2-7=
ubuntu1.1_amd64.deb
      Size/MD5:    26536 86aa87a261a57d1d67edb397671b20b4
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libdbm-ruby1.=
9_1.9.0.2-7ubuntu1.1_amd64.deb
      Size/MD5:    12544 eeb030e448f92081b3c05fe696011142
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libgdbm-ruby1=
.9_1.9.0.2-7ubuntu1.1_amd64.deb
      Size/MD5:    11838 b8c61c3b7435de2752b46bb75331ca3c
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libopenssl-ru=
by1.9_1.9.0.2-7ubuntu1.1_amd64.deb
      Size/MD5:   134340 258bed110d062a4b96b02b558b08a412
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libreadline-r=
uby1.9_1.9.0.2-7ubuntu1.1_amd64.deb
      Size/MD5:    11638 6e3898a64f7dcccf444be54599313a17
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libtcltk-ruby=
1.9_1.9.0.2-7ubuntu1.1_amd64.deb
      Size/MD5:  1745708 58a02a0dfa5d27ff0bb011acb635ed80

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/libruby1.9-dbg_1.=
9.0.2-7ubuntu1.1_i386.deb
      Size/MD5:  1921126 690079b204fc118f99876ed462371de5
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/libruby1.9_1.9.0.=
2-7ubuntu1.1_i386.deb
      Size/MD5:  2127706 3dd6e4cd3c8adf46db14d45574ffd0ec
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/ruby1.9-dev_1.9.0=
.2-7ubuntu1.1_i386.deb
      Size/MD5:   889504 c2fe2150cb1c8a15f855c42a52c424ef
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/ruby1.9_1.9.0.2-7=
ubuntu1.1_i386.deb
      Size/MD5:    26324 97f33c71e37213e31af3e400e3687a9d
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libdbm-ruby1.=
9_1.9.0.2-7ubuntu1.1_i386.deb
      Size/MD5:    11186 4f749b40168d0b0235d49082b981694f
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libgdbm-ruby1=
.9_1.9.0.2-7ubuntu1.1_i386.deb
      Size/MD5:    10598 44b212294eb892c174bde278bb9e97cb
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libopenssl-ru=
by1.9_1.9.0.2-7ubuntu1.1_i386.deb
      Size/MD5:   118168 178e91fd4562e351835bfb9902ba4c61
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libreadline-r=
uby1.9_1.9.0.2-7ubuntu1.1_i386.deb
      Size/MD5:    10818 8c041f2499bb45935b185e82a8e40b3a
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libtcltk-ruby=
1.9_1.9.0.2-7ubuntu1.1_i386.deb
      Size/MD5:  1738394 8c37885e72e5f00d7b4281885478bc6c

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-7ubu=
ntu1.1_lpia.deb
      Size/MD5:  1951024 4f5e0733a3f49d53ca008ffcecf0c2de
    http://ports.ubuntu.com/pool/main/r/ruby1.9/libruby1.9_1.9.0.2-7ubuntu1=
.1_lpia.deb
      Size/MD5:  2105434 535e2f90d7471df4fbdb766e48bf8c91
    http://ports.ubuntu.com/pool/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-7ubuntu=
1.1_lpia.deb
      Size/MD5:   874130 473f3817d976736b04d4237e179a9c6f
    http://ports.ubuntu.com/pool/main/r/ruby1.9/ruby1.9_1.9.0.2-7ubuntu1.1_=
lpia.deb
      Size/MD5:    26300 6d016c54f454eb4654facd88c1ae0a13
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-=
7ubuntu1.1_lpia.deb
      Size/MD5:    11248 44a9b7e75e49660021284d7d6604ccff
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2=
-7ubuntu1.1_lpia.deb
      Size/MD5:    10420 4f3e626250d8d16256e771135f80f4f4
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libopenssl-ruby1.9_1.9.=
0.2-7ubuntu1.1_lpia.deb
      Size/MD5:   117570 b62300ef68d2655d837a0aed5d0bd054
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libreadline-ruby1.9_1.9=
.0.2-7ubuntu1.1_lpia.deb
      Size/MD5:    10746 a82cc7f12682aba7b583ec86cd13f55e
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libtcltk-ruby1.9_1.9.0.=
2-7ubuntu1.1_lpia.deb
      Size/MD5:  1737900 60a1f240342ab4ec317c1c0cf9c6e288

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-7ubu=
ntu1.1_powerpc.deb
      Size/MD5:  2091776 d37a509a3fc9bcbc145e645f7766f269
    http://ports.ubuntu.com/pool/main/r/ruby1.9/libruby1.9_1.9.0.2-7ubuntu1=
.1_powerpc.deb
      Size/MD5:  2243518 af2e9a1ec3ca58e27f1f450d73fd9610
    http://ports.ubuntu.com/pool/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-7ubuntu=
1.1_powerpc.deb
      Size/MD5:   901944 a7d7281252ec2325d634dd9857a80159
    http://ports.ubuntu.com/pool/main/r/ruby1.9/ruby1.9_1.9.0.2-7ubuntu1.1_=
powerpc.deb
      Size/MD5:    28734 0ecd088dcfe450dc224550ff4cb2846a
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-=
7ubuntu1.1_powerpc.deb
      Size/MD5:    14040 e5d5eb44f95ab85d5219a98e1ef3ae37
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2=
-7ubuntu1.1_powerpc.deb
      Size/MD5:    13318 e7e41a81b7155e3a8ab28f0905b0d084
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libopenssl-ruby1.9_1.9.=
0.2-7ubuntu1.1_powerpc.deb
      Size/MD5:   133012 25e742b2556294b87f8563be9f622f56
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libreadline-ruby1.9_1.9=
.0.2-7ubuntu1.1_powerpc.deb
      Size/MD5:    13556 f1f4a0574e284023b1734d48db0f19c8
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libtcltk-ruby1.9_1.9.0.=
2-7ubuntu1.1_powerpc.deb
      Size/MD5:  1747252 33ef64fd198e65ee8919e8409aaea08d

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-7ubu=
ntu1.1_sparc.deb
      Size/MD5:  1803982 09d9b480b214361a46549de31f99e849
    http://ports.ubuntu.com/pool/main/r/ruby1.9/libruby1.9_1.9.0.2-7ubuntu1=
.1_sparc.deb
      Size/MD5:  2109258 731ae4bcad17cf2f0fa70a3bbc0ed490
    http://ports.ubuntu.com/pool/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-7ubuntu=
1.1_sparc.deb
      Size/MD5:   883296 2ee2efc0f3c6d42bbc3ef765e346bd7b
    http://ports.ubuntu.com/pool/main/r/ruby1.9/ruby1.9_1.9.0.2-7ubuntu1.1_=
sparc.deb
      Size/MD5:    26526 b2af0ad31ed80fa28cbdd24f5fabe6b7
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-=
7ubuntu1.1_sparc.deb
      Size/MD5:    11212 c6dd5248b2680527df86081bbd7f58cc
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2=
-7ubuntu1.1_sparc.deb
      Size/MD5:    10430 e24df579da217e1a47a2d7010c9408f9
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libopenssl-ruby1.9_1.9.=
0.2-7ubuntu1.1_sparc.deb
      Size/MD5:   124360 52fbc1543bdc80153b92113320a324c5
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libreadline-ruby1.9_1.9=
.0.2-7ubuntu1.1_sparc.deb
      Size/MD5:    10856 504a25a03a0a79818536e0f967b4b904
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libtcltk-ruby1.9_1.9.0.=
2-7ubuntu1.1_sparc.deb
      Size/MD5:  1740490 df138fac9cfb1d0b5cbab685e8738167



--=-e2uKS+RMIdU9OmIXdpSo
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAklHxtQACgkQLMAs/0C4zNpfPwCbBZiIDIpGtAQYuUCLFboosRVo
C7IAmwUIMDC+0Ay9aY6PYnHKREeDcLIj
=ZWBC
-----END PGP SIGNATURE-----

--=-e2uKS+RMIdU9OmIXdpSo--



<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру