Linux Security
Linux Security
Linux Security

Debian: New ruby1.8 packages fix several vulnerabilities

Date 12 Oct 2008
Posted By LinuxSecurity Advisories
Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. Christian Neukirchen discovered that the WebRick module uses inefficient algorithms for HTTP header splitting, resulting in denial of service through resource exhaustion.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1651-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                       Moritz Muehlenhoff
October 12, 2008            
- ------------------------------------------------------------------------

Package        : ruby1.8
Vulnerability  : several
Problem-Type   : local(remote)
Debian-specific: no
CVE ID         : CVE-2008-3655 CVE-2008-3656 CVE-2008-3657 CVE-2008-3790 CVE-2008-3905

Several vulnerabilities have been discovered in the interpreter for
the Ruby language, which may lead to denial of service and other
security problems. The Common Vulnerabilities and Exposures project
identifies the following problems:


    Keita Yamaguchi discovered that several safe level restrictions
    are insufficiently enforced.

    Christian Neukirchen discovered that the WebRick module uses
    inefficient algorithms for HTTP header splitting, resulting in
    denial of service through resource exhaustion.


    It was discovered that the dl module doesn't perform taintness


    Luka Treiber and Mitja Kolsek discovered that recursively nested
    XML entities can lead to denial of service through resource
    exhaustion in rexml.


    Tanaka Akira discovered that the resolv module uses sequential
    transaction IDs and a fixed source port for DNS queries, which
    makes it more vulnerable to DNS spoofing attacks.

For the stable distribution (etch), these problems have been fixed in
version 1.8.5-4etch3. Packages for arm will be provided later.

For the unstable distribution (sid), these problems have been fixed in

We recommend that you upgrade your ruby1.8 packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:  4434227 aae9676332fcdd52f66c3d99b289878f
    Size/MD5 checksum:     1079 4c7df61bd710db620b87ae0a3b98d388
    Size/MD5 checksum:   142603 f7c9366a3e04f00f5d4e7deb5d27eaf9

Architecture independent packages:
    Size/MD5 checksum:  1241006 d8312745f5bf656d950323c6c9761e1e
    Size/MD5 checksum:   211002 1b5eefc0ee08f8224b14e9cc887c408e
    Size/MD5 checksum:   245020 e16a6c9adf8603359b5031e46185bf25
    Size/MD5 checksum:   235612 69142939deabd04310455bb13f288c66
    Size/MD5 checksum:   310244 e321a815c462f98b404b8c1665d1b55f

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   903552 ad6a8ddd2bf50091f4379509c7b6cef4
    Size/MD5 checksum:  1869012 1a2090d92784326905495c96fe508bf2
    Size/MD5 checksum:   198226 b11408bce9fbb392955416fb76d3f6b8
    Size/MD5 checksum:   199160 e087c534968b3ee42d5c1a8eb271ffb0
    Size/MD5 checksum:  1638944 58b67c19df5d4394619792d1b8b40c03
    Size/MD5 checksum:   199128 5ff5a9ca775487dcd3eb6d1e1d4eb180
    Size/MD5 checksum:   219386 d12ee43d6a3f38b98852fedc2349d3d5
    Size/MD5 checksum:  1075242 ce403140ff57e22f5260226ff3d9325c
    Size/MD5 checksum:   301056 98e0e061f488d2b111f032a19d5a1060

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:  1068652 90b93dcde06d9ddcdee05ace2c42bb9e
    Size/MD5 checksum:   217282 f7c81dbf89b107a334ecd4bb4da66ba6
    Size/MD5 checksum:   198082 006299a09bf2074c481322dfbce9dfe6
    Size/MD5 checksum:   302902 6ef6a2d83f8b158b62ea62f3c4bba3fa
    Size/MD5 checksum:  1586654 9d7b4530804e8089a08a95c39bdeabbe
    Size/MD5 checksum:   748606 c07117a39289e01786fb9ee7a27a1829
    Size/MD5 checksum:  1864338 a6e21b1b7dca462d5fb45689fe092150
    Size/MD5 checksum:   197638 f6bb914b21492cf68cb1c4558e4ac644
    Size/MD5 checksum:   198694 4757a7c9b578208d761fe2ccdce3fa41

hppa architecture (HP PA RISC)
    Size/MD5 checksum:   200220 2d8704ff62159bb1e8c2fc635e9cb3b5
    Size/MD5 checksum:   199810 4e51aa246f1602dec04095780c0f5170
    Size/MD5 checksum:  1677464 394c17e4c1e40082701773314c3310e0
    Size/MD5 checksum:  1869130 04510cbc8347e4cd055f22b11a26b234
    Size/MD5 checksum:   824102 b40a7f34f9401e1461f2211c904d3153
    Size/MD5 checksum:  1042102 f7f16a8ffb6be3a6a874b49be5904da8
    Size/MD5 checksum:   316154 82f7dcc15c9ef9c542b12830910c72d4
    Size/MD5 checksum:   199118 6c2239c266c6e7653449780d6ab18f71
    Size/MD5 checksum:   219164 2ad50197b6cf436a728c5b615a52a046

i386 architecture (Intel ia32)
    Size/MD5 checksum:   999668 64201f397337b7478893c08afc261e00
    Size/MD5 checksum:   293708 2327aefddae4e2dd58e9387e36a3934c
    Size/MD5 checksum:   219408 e3cef11245e5554bef15f5598df21a8f
    Size/MD5 checksum:   197598 56ccc12092d5296e8156c1bc4f411119
    Size/MD5 checksum:   719716 329bf36bc69b73ac908d6131e12a9933
    Size/MD5 checksum:   198252 e5df4a73eea74976f81949cfc085c722
    Size/MD5 checksum:  1856646 f839ef877cc1d905f20868ac29d8c6d6
    Size/MD5 checksum:   197916 221e994fe9132b0121ae1c1aef4d1a71
    Size/MD5 checksum:  1534674 aff183539b7a3ffb37078d263b4c0fc4

ia64 architecture (Intel ia64)
    Size/MD5 checksum:   201426 7700f382729ccb1bf36b7361eda4e1e6
    Size/MD5 checksum:   330536 de290038777d785a40b96ecde67bcb79
    Size/MD5 checksum:   202400 425437ebd7a25ddcc24f0b00643e0e15
    Size/MD5 checksum:   971614 157129fd20a8e99bb060eb16d04b9b1e
    Size/MD5 checksum:  1895636 42981c9c01f3bfe0c29d9c89c67456ea
    Size/MD5 checksum:   218566 73418bc1a694edf6666a3bef64ab66b8
    Size/MD5 checksum:  1861876 81df0b92b58078d1414bca3298a801fd
    Size/MD5 checksum:   203346 861ceb05ebf6549fa2872f2f24eafdbd
    Size/MD5 checksum:  1026222 1c6b059f43c36a3d2195fb071a21c0c0

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:   196588 0b12b7621be85e03e3ccf9bb8bf18252
    Size/MD5 checksum:   802442 2a8e096b0bdec5cf68ca800bab083058
    Size/MD5 checksum:   217920 f7ad5607292040314c621508996c10e3
    Size/MD5 checksum:   197376 ceef5241e870f21a04406000cfe861f7
    Size/MD5 checksum:   281460 585fe80dfa9e975314e6df5ec9f35490
    Size/MD5 checksum:  1085282 94a0aa16383ec7f2ab88d742cead73c2
    Size/MD5 checksum:  1850952 26828e1d9dc0b6d24cfc9a8f5ea1bb33
    Size/MD5 checksum:  1540352 a1c65ec2cd909491de849c9907d2eabc
    Size/MD5 checksum:   197514 118cfb3032dd4b79691ba0f79341bcc4

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:   197666 42073374de4e32b274d2a485896d0734
    Size/MD5 checksum:  1060018 eb935e3e4592e2ac723b87227258526a
    Size/MD5 checksum:   279206 21f76e4afe491f2ceaaa90215e2e6dab
    Size/MD5 checksum:   198014 6ec3efd9b594a9cc2759d95b61f2a64a
    Size/MD5 checksum:  1538558 725d0012a98297cc4ae2c2aa6d76e73f
    Size/MD5 checksum:   218098 a75856178c8addc09ae0db8dd8349b88
    Size/MD5 checksum:   793332 fff033a8fde91eeaa458f2be3252a7bf
    Size/MD5 checksum:  1830324 a816a6d7bb2059cead4d5be647e66c03
    Size/MD5 checksum:   197072 cc83f3923ec214e99dfb87552813e524

powerpc architecture (PowerPC)
    Size/MD5 checksum:   219368 5033aca578c0a97d044b136adf2120d2
    Size/MD5 checksum:   293966 13f4c179f750c4ef69229f5f8c714908
    Size/MD5 checksum:   199990 900f11656f1bbfb7143c96eb6eca55b2
    Size/MD5 checksum:   199672 b36fcd86eae4a996aceea9f51ed82b6f
    Size/MD5 checksum:  1592660 53543d9b925d742e2dd0bb21842d9484
    Size/MD5 checksum:   199450 7eecb4e14d914ef9ce18297dafeb4beb
    Size/MD5 checksum:  1837328 fc2549416dba4e379f56755dc11cf3d5
    Size/MD5 checksum:  1108684 93123428d72447a94854d3ffa7feba05
    Size/MD5 checksum:   718932 c59ae18feb43ed2dca6300adabb1a9e4

s390 architecture (IBM S/390)
    Size/MD5 checksum:   305246 14e3e5cddc2398095a39f5e7db03d50d
    Size/MD5 checksum:   779454 22db8f14e5f3524693854a896d25dc73
    Size/MD5 checksum:  1620164 25eb518ccfa74c490cd894a96d464743
    Size/MD5 checksum:   199400 7f87e9c92d21d9f0cc27168c15b09e90
    Size/MD5 checksum:   198604 f9b34b538bd4fae60bf1cfd357d78977
    Size/MD5 checksum:   198918 8e6b256da2d93404909bffaf9741cb8a
    Size/MD5 checksum:   217956 e0603b2614b4402e24763265af2a69aa
    Size/MD5 checksum:  1838970 5eb6c09970d3a051d6fe1753893c7222
    Size/MD5 checksum:  1051972 d10d44795254610d6f4becff47d5c3a7

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:   961570 c65f0632dc01bc50d209487741fc41f4
    Size/MD5 checksum:  1833402 426ef4a80f6c366231813b596c9bf46f
    Size/MD5 checksum:   197920 006e1097f7fdc7ac9a8b89413a56f2fe
    Size/MD5 checksum:  1543240 4c4c3f00fd078b2fa6778a3245569e87
    Size/MD5 checksum:   197144 2cd715ed20b9c63c0c264adb6ed1c000
    Size/MD5 checksum:   197866 71c08be787f0a4f683b91fc539ade3c3
    Size/MD5 checksum:   741182 9c970b4ccbba6cba80d8284218d33ef4
    Size/MD5 checksum:   296052 9567adab606aecadbee3006a572f0965
    Size/MD5 checksum:   217898 b375854870d898692db953c88bf80e53

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"42","type":"x","order":"1","pct":84,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"4","type":"x","order":"2","pct":8,"resources":[]},{"id":"181","title":"Hardly ever","votes":"4","type":"x","order":"3","pct":8,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.