Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: January 27th, 2015
Linux Advisory Watch: January 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: Ruby vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu An error was found in Ruby's CGI library that did not correctly quote the boundary of multipart MIME requests. Using a crafted HTTP request, a remote user could cause a denial of service, where Ruby CGI applications would end up in a loop, monopolizing a CPU.
Ubuntu Security Notice USN-394-1          December 08, 2006
ruby1.8 vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  libruby1.8                               1.8.2-9ubuntu1.4

Ubuntu 6.06 LTS:
  libruby1.8                               1.8.4-1ubuntu1.3

Ubuntu 6.10:
  libruby1.8                               1.8.4-5ubuntu1.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

An error was found in Ruby's CGI library that did not correctly quote 
the boundary of multipart MIME requests.  Using a crafted HTTP request, 
a remote user could cause a denial of service, where Ruby CGI 
applications would end up in a loop, monopolizing a CPU.

Updated packages for Ubuntu 5.10:

  Source archives:
      Size/MD5:   895120 147af555104a6a38cd084bb2d6829b43
      Size/MD5:     1030 f29857c00e806eb5e998893728594634
      Size/MD5:  3623780 4bc5254bec262d18cf1ceef03aae8bdf

  Architecture independent packages:
      Size/MD5:   179094 52c8adf6c346b23e5f29486541dac125
      Size/MD5:   244146 8767914c75697629e39e84359d19e16a
      Size/MD5:   719294 94aa64e938b6b5ac37b08880a5eaa427
      Size/MD5:   154454 0bb00f14f9fead6309e1662b25233d06
      Size/MD5:   189130 a527d4eb777f700072ec1f5ca978f483

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   141964 715e26d77a5ac1b8a2286e81d5ae28df
      Size/MD5:   143194 d6b06ad20e1f932d5724afb0c3d393f6
      Size/MD5:   245094 4ee7e8f89795511daba6e7abf6f35dfb
      Size/MD5:   142596 fe56369a390a1dc644d0bd6ea80784e6
      Size/MD5:  1005748 0ca73c064ea3dc48b8d33c270777a1a2
      Size/MD5:  1448452 c4c925f0ad3848743a7bdb7dcf6659f5
      Size/MD5:  1463364 cc051c6da544bf6c654a4bc3159044ff
      Size/MD5:   687028 c9d0897e1249cc17f481f0a657737125
      Size/MD5:   161362 35d03ad6dcbcaac8104f4d462d61430c

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   141240 01acf2174c9045824810659cc725364c
      Size/MD5:   141800 f4c1eb2a4ac0485bbbd655e51558ea21
      Size/MD5:   230876 72958e174746250419c045491ddfa25e
      Size/MD5:   141596 a5e349fbcfe8511cd32e951dd53bb6ac
      Size/MD5:   837602 b45bc82e59627a2bd2ec7792a6b1d119
      Size/MD5:  1365798 bd4dd677dc077846372e6b2ff769a2ab
      Size/MD5:  1453190 9b80503f3f102327e029bc5d5cb6ba92
      Size/MD5:   632806 0bbb7061492ffaf1495db674882f45d3
      Size/MD5:   161160 21b59072c75e22c7a1a388612c7b89d9

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   143510 2ff1f073efb10b901b90d02bcdf88dd1
      Size/MD5:   144000 776066ba70a8cc8ea895728c835dab2a
      Size/MD5:   236360 24b7e12b7f29543149c9e12a3bbfb1cf
      Size/MD5:   143702 ce4de64fa81946bdc02d1bbb870d848b
      Size/MD5:   995878 acf350e4f1c280c66f7c2bdeaa48590d
      Size/MD5:  1451092 e564260c45f8245fd41f091e7736836c
      Size/MD5:  1462726 7f1202201547e1dc256ec2596cb4f98e
      Size/MD5:   649916 cb81db640c8a0404ca97572eaa7c16dd
      Size/MD5:   163096 79cfbf95636e767e7e46f1a450b95d78

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:    35494 2e06d61a3ae071ce6e33436787a62f36
      Size/MD5:     1029 beb1bf46093b4892c71fb79b30e9e369
      Size/MD5:  4308915 2994203e0815ea978965de34287c5ea2

  Architecture independent packages:
      Size/MD5:   206754 d2b52d840e85942ff2494ada612c568e
      Size/MD5:   271610 b3141dd6c1722563b416356938dde094
      Size/MD5:   756860 250551599ed94711c7630a20fe8e307a
      Size/MD5:   181510 bf91eb56a1c9b9c44c7780fabb9fd9d7
      Size/MD5:   213762 f89016c3be6ed194a15be84a84ab6412

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   169188 c5bafdaf33b39e1732b3e68168a087e5
      Size/MD5:   170370 48d78390619f61f23d1ba0f86485666a
      Size/MD5:   273812 79d6ebcf20cb22d0886678c52cbb7f17
      Size/MD5:   169824 093698e69b0f7f889db96bfb93b74d16
      Size/MD5:  1041342 52706266727f798a11c04cd7d075a9cb
      Size/MD5:  1506186 627bc3084f4737bd18f7358170a800c7
      Size/MD5:  1797798 7f81fddf80ae18d35e5a9dada2f5c1f7
      Size/MD5:   717388 c4650fbbd872d7726ca92fccf6aef7e2
      Size/MD5:   188750 cae616d7892a76190ed645d286252075

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   168362 f4b3a29bbccc2913c1379d58a3eb6a68
      Size/MD5:   168950 0cb15b65a1f8df545756d5bfbdd7d5ef
      Size/MD5:   258244 9db34679b517d9a121886f7368614cd5
      Size/MD5:   168810 d3a49720119bdf144f56e06f2d66c593
      Size/MD5:   870758 2ffd9092d83ce43a8ea12d561a5aa54f
      Size/MD5:  1419924 65be41d4e34d042fa2c6230faf6dccb4
      Size/MD5:  1789620 40a21760387b4f567c7a17b442975599
      Size/MD5:   662342 2c77db7ebd7e427ddf4e9cbee9b3147d
      Size/MD5:   188518 9bcdaec0ea9931f4755823ca6164dbd1

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   170626 93ec1afd0c86ebb82d614b7593db849c
      Size/MD5:   171148 0a12b95ebfc2e2a5c5e94d3c7cefa010
      Size/MD5:   264182 eeddb336317506f6603b835a79f1a11f
      Size/MD5:   170916 cac9769a58b6342f8c3899be511c3ed5
      Size/MD5:  1030968 c07e36a6d9ad82df253498429af90194
      Size/MD5:  1507974 024b6a75642d9c980099fe5122db3926
      Size/MD5:  1797652 f866baf3e948e8c0cb82f8bc42164a22
      Size/MD5:   681354 6332169e99a1b8854f1fa49e222bbc39
      Size/MD5:   190534 0c3eec195c2af1ae11622349013f1b02

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:   168468 2feee2e23f42bc51196a34dfe887534a
      Size/MD5:   169308 065fbfef595dc1e71b7deb087112a9d3
      Size/MD5:   266540 856186fcac41e884293be044dc3b11b9
      Size/MD5:   169088 4123bcc0f25fe4176511d2a7cf49f753
      Size/MD5:   914846 c1db94b7243763c8f7f81d6157d15f5d
      Size/MD5:  1461434 b8b4a22294aa02db43d37d6236190cf3
      Size/MD5:  1793722 0ebc01fbaa7c26d1ac92cf456352e1de
      Size/MD5:   703112 d2de581e42b7924edc18d08738a60e43
      Size/MD5:   188756 563ae96a873592e356b9af469185c0d0

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:    78132 d1054615aea1e6d8f5ce85a5aeca7a20
      Size/MD5:     1056 1c9ecef57d6a54500e4c44eb54c4ab4b
      Size/MD5:  4308915 2994203e0815ea978965de34287c5ea2

  Architecture independent packages:
      Size/MD5:   209356 940cfd4f5adfebb97ebe6566d487b74d
      Size/MD5:   274256 97aacd569287256140ecb1f0baedeb7d
      Size/MD5:   776630 53fcad620ec4804d6c1bdaab0e84d369
      Size/MD5:   184108 9176d3556a58a0ef1267bd4e7f194872
      Size/MD5:   216396 6e16e795deebf7c996a6cc486092c5b1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   171788 7a1b57221e6d15bdf641d30140166e3e
      Size/MD5:   172912 88e25578e336442ab5bc2dcb492b6773
      Size/MD5:   276190 934eacca56349c916d8bffeebcde7440
      Size/MD5:   172408 3fb4b79dbfe2a59b032556b6a09bddb3
      Size/MD5:  1031924 04c179ab948ea9482edf29c83c4ec24e
      Size/MD5:  1513768 c39e5b9efa1dbf2f6db5bae881e498c6
      Size/MD5:  1799864 5cb8f2961b780786712e71ba524dab4a
      Size/MD5:   720830 6a57f20eba15da71bcbc7291b213debf
      Size/MD5:   191360 f12ec94efca32e1f5d2e071741d4b50b

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   171182 fe3ee1a862bc36bee2d2ac1d358a7d4b
      Size/MD5:   171774 d19aabd75d984b4ce0e7a6827e7a48e9
      Size/MD5:   263464 035daa12b3a422e75c476ecdd0aa8a8c
      Size/MD5:   171544 b6a7e4a12be94ceac0fe32fb6465d20e
      Size/MD5:   959940 207404c443999aa6f600b70506a39430
      Size/MD5:  1450948 ab350df20b70a1d8bfe39abb6c1d6c25
      Size/MD5:  1793708 3b1b202266d6f6c4802551b3865d4d48
      Size/MD5:   682612 a328c822974314a358d324032efa7dbf
      Size/MD5:   191132 52a0cc45a6c914d8266fc5edd0bf6648

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   173318 f926720946b2df30c66c62f7a66aaba8
      Size/MD5:   173864 04b680e0347869403a09cf9f630c9a55
      Size/MD5:   267234 17a196d0c1b485cd571c42adfc77689d
      Size/MD5:   173520 2dd8d2f8ce3c53c39fa820eaa2a9a0e0
      Size/MD5:  1069614 2280c70cdf9d1c98f659b4a58ccca045
      Size/MD5:  1520688 29af64f8ac3edc9a22c3d41df27ad5c7
      Size/MD5:  1800718 4bdef6264f711486ae09988fd8871282
      Size/MD5:   689070 42cebb7853832c61cc99ee7b4b9c02d8
      Size/MD5:   193214 12971cfc5aea7409c5c380b53446c547

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:   170924 6e57c642a819e0dc9b00a71585477865
      Size/MD5:   171704 476e1774fadd13553c6d64b21e27fd8c
      Size/MD5:   269338 139cd674bce5d4ed9d459741067ca5d4
      Size/MD5:   171648 3c0e1b84f467a5e2694a274f6fc6a366
      Size/MD5:   923638 619c17b5ce815a73b947f1bd86226528
      Size/MD5:  1472008 92f5af5dd58bcd09fc78325cadad002c
      Size/MD5:  1796578 eb84364062c5628ef87b1751bf3ad238
      Size/MD5:   711580 3a6932c9f94dae9b94cca8fd06643b3b
      Size/MD5:   191302 065b6e5984291cedcedcbb6ab8244f47

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
No, Department of Justice, 80 Percent of Tor Traffic Is Not Child Porn
Is your platform secure? Really?
'Mastermind' hacker steals 20 million credentials from dating website
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.