LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: Ruby vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Laurent Gaffie discovered that Ruby did not properly check for memory allocation failures. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service. (CVE-2008-3443)
===========================================================
Ubuntu Security Notice USN-691-1          December 16, 2008
ruby1.9 vulnerability
CVE-2008-3443, CVE-2008-3790
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
  ruby1.9                         1.9.0.2-7ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Laurent Gaffie discovered that Ruby did not properly check for memory
allocation failures. If a user or automated system were tricked into
running a malicious script, an attacker could cause a denial of
service. (CVE-2008-3443)

This update also fixes a regression in the upstream patch previously
applied to fix CVE-2008-3790. The regression would cause parsing of
some XML documents to fail.


Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/ruby1.9_1.9.0.2-7ubuntu1.1.diff.gz
      Size/MD5:    49454 02828291d0b8db94d06dbc6be804b58b
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/ruby1.9_1.9.0.2-7ubuntu1.1.dsc
      Size/MD5:     1771 5d3434eeadde20df96b78b4a959112f2
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/ruby1.9_1.9.0.2.orig.tar.gz
      Size/MD5:  6407910 2a848b81ed1d6393b88eec8aa6173b75

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/irb1.9_1.9.0.2-7ubuntu1.1_all.deb
      Size/MD5:    57440 7c3c984736fd87485a9dfa0e8065afcc
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/rdoc1.9_1.9.0.2-7ubuntu1.1_all.deb
      Size/MD5:   112262 a2afb0c815463a14b51eff6199d10661
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/ri1.9_1.9.0.2-7ubuntu1.1_all.deb
      Size/MD5:   971786 57646618dddada4562990b3eb1c787b6
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/ruby1.9-elisp_1.9.0.2-7ubuntu1.1_all.deb
      Size/MD5:    31094 4e2ac93f161570ff11b5d39d5912bfce
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/ruby1.9-examples_1.9.0.2-7ubuntu1.1_all.deb
      Size/MD5:    64354 8a9aca7db601358141fd19d85ea45751

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-7ubuntu1.1_amd64.deb
      Size/MD5:  2113618 bc410c5116879cd05234451e2fbc1447
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/libruby1.9_1.9.0.2-7ubuntu1.1_amd64.deb
      Size/MD5:  2275308 5863e492367db5313ac068c5dde703e9
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-7ubuntu1.1_amd64.deb
      Size/MD5:   943252 1c8a27569a60edf9e4aabb7b7716967f
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/ruby1.9_1.9.0.2-7ubuntu1.1_amd64.deb
      Size/MD5:    26536 86aa87a261a57d1d67edb397671b20b4
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-7ubuntu1.1_amd64.deb
      Size/MD5:    12544 eeb030e448f92081b3c05fe696011142
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-7ubuntu1.1_amd64.deb
      Size/MD5:    11838 b8c61c3b7435de2752b46bb75331ca3c
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-7ubuntu1.1_amd64.deb
      Size/MD5:   134340 258bed110d062a4b96b02b558b08a412
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-7ubuntu1.1_amd64.deb
      Size/MD5:    11638 6e3898a64f7dcccf444be54599313a17
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-7ubuntu1.1_amd64.deb
      Size/MD5:  1745708 58a02a0dfa5d27ff0bb011acb635ed80

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-7ubuntu1.1_i386.deb
      Size/MD5:  1921126 690079b204fc118f99876ed462371de5
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/libruby1.9_1.9.0.2-7ubuntu1.1_i386.deb
      Size/MD5:  2127706 3dd6e4cd3c8adf46db14d45574ffd0ec
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-7ubuntu1.1_i386.deb
      Size/MD5:   889504 c2fe2150cb1c8a15f855c42a52c424ef
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/ruby1.9_1.9.0.2-7ubuntu1.1_i386.deb
      Size/MD5:    26324 97f33c71e37213e31af3e400e3687a9d
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-7ubuntu1.1_i386.deb
      Size/MD5:    11186 4f749b40168d0b0235d49082b981694f
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-7ubuntu1.1_i386.deb
      Size/MD5:    10598 44b212294eb892c174bde278bb9e97cb
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-7ubuntu1.1_i386.deb
      Size/MD5:   118168 178e91fd4562e351835bfb9902ba4c61
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-7ubuntu1.1_i386.deb
      Size/MD5:    10818 8c041f2499bb45935b185e82a8e40b3a
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-7ubuntu1.1_i386.deb
      Size/MD5:  1738394 8c37885e72e5f00d7b4281885478bc6c

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-7ubuntu1.1_lpia.deb
      Size/MD5:  1951024 4f5e0733a3f49d53ca008ffcecf0c2de
    http://ports.ubuntu.com/pool/main/r/ruby1.9/libruby1.9_1.9.0.2-7ubuntu1.1_lpia.deb
      Size/MD5:  2105434 535e2f90d7471df4fbdb766e48bf8c91
    http://ports.ubuntu.com/pool/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-7ubuntu1.1_lpia.deb
      Size/MD5:   874130 473f3817d976736b04d4237e179a9c6f
    http://ports.ubuntu.com/pool/main/r/ruby1.9/ruby1.9_1.9.0.2-7ubuntu1.1_lpia.deb
      Size/MD5:    26300 6d016c54f454eb4654facd88c1ae0a13
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-7ubuntu1.1_lpia.deb
      Size/MD5:    11248 44a9b7e75e49660021284d7d6604ccff
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-7ubuntu1.1_lpia.deb
      Size/MD5:    10420 4f3e626250d8d16256e771135f80f4f4
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-7ubuntu1.1_lpia.deb
      Size/MD5:   117570 b62300ef68d2655d837a0aed5d0bd054
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-7ubuntu1.1_lpia.deb
      Size/MD5:    10746 a82cc7f12682aba7b583ec86cd13f55e
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-7ubuntu1.1_lpia.deb
      Size/MD5:  1737900 60a1f240342ab4ec317c1c0cf9c6e288

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-7ubuntu1.1_powerpc.deb
      Size/MD5:  2091776 d37a509a3fc9bcbc145e645f7766f269
    http://ports.ubuntu.com/pool/main/r/ruby1.9/libruby1.9_1.9.0.2-7ubuntu1.1_powerpc.deb
      Size/MD5:  2243518 af2e9a1ec3ca58e27f1f450d73fd9610
    http://ports.ubuntu.com/pool/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-7ubuntu1.1_powerpc.deb
      Size/MD5:   901944 a7d7281252ec2325d634dd9857a80159
    http://ports.ubuntu.com/pool/main/r/ruby1.9/ruby1.9_1.9.0.2-7ubuntu1.1_powerpc.deb
      Size/MD5:    28734 0ecd088dcfe450dc224550ff4cb2846a
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-7ubuntu1.1_powerpc.deb
      Size/MD5:    14040 e5d5eb44f95ab85d5219a98e1ef3ae37
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-7ubuntu1.1_powerpc.deb
      Size/MD5:    13318 e7e41a81b7155e3a8ab28f0905b0d084
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-7ubuntu1.1_powerpc.deb
      Size/MD5:   133012 25e742b2556294b87f8563be9f622f56
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-7ubuntu1.1_powerpc.deb
      Size/MD5:    13556 f1f4a0574e284023b1734d48db0f19c8
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-7ubuntu1.1_powerpc.deb
      Size/MD5:  1747252 33ef64fd198e65ee8919e8409aaea08d

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-7ubuntu1.1_sparc.deb
      Size/MD5:  1803982 09d9b480b214361a46549de31f99e849
    http://ports.ubuntu.com/pool/main/r/ruby1.9/libruby1.9_1.9.0.2-7ubuntu1.1_sparc.deb
      Size/MD5:  2109258 731ae4bcad17cf2f0fa70a3bbc0ed490
    http://ports.ubuntu.com/pool/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-7ubuntu1.1_sparc.deb
      Size/MD5:   883296 2ee2efc0f3c6d42bbc3ef765e346bd7b
    http://ports.ubuntu.com/pool/main/r/ruby1.9/ruby1.9_1.9.0.2-7ubuntu1.1_sparc.deb
      Size/MD5:    26526 b2af0ad31ed80fa28cbdd24f5fabe6b7
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-7ubuntu1.1_sparc.deb
      Size/MD5:    11212 c6dd5248b2680527df86081bbd7f58cc
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-7ubuntu1.1_sparc.deb
      Size/MD5:    10430 e24df579da217e1a47a2d7010c9408f9
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-7ubuntu1.1_sparc.deb
      Size/MD5:   124360 52fbc1543bdc80153b92113320a324c5
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-7ubuntu1.1_sparc.deb
      Size/MD5:    10856 504a25a03a0a79818536e0f967b4b904
    http://ports.ubuntu.com/pool/universe/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-7ubuntu1.1_sparc.deb
      Size/MD5:  1740490 df138fac9cfb1d0b5cbab685e8738167



--=-e2uKS+RMIdU9OmIXdpSo
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAklHxtQACgkQLMAs/0C4zNpfPwCbBZiIDIpGtAQYuUCLFboosRVo
C7IAmwUIMDC+0Ay9aY6PYnHKREeDcLIj
=ZWBC
-----END PGP SIGNATURE-----

--=-e2uKS+RMIdU9OmIXdpSo--



--==============S63821696347551377=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============S63821696347551377==--
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
The Hacktivist as Angry Young Man
The Hacker Wars Hits NYC
CAINE Linux Distribution Helps Investigators With Forensic Analysis
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.