Linux Security
    Linux Security
    Linux Security

    Debian: New ruby1.8 packages fix several vulnerabilities

    Date 12 Oct 2008
    Posted By LinuxSecurity Advisories
    Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. Christian Neukirchen discovered that the WebRick module uses inefficient algorithms for HTTP header splitting, resulting in denial of service through resource exhaustion.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1651-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                       Moritz Muehlenhoff
    October 12, 2008            
    - ------------------------------------------------------------------------
    Package        : ruby1.8
    Vulnerability  : several
    Problem-Type   : local(remote)
    Debian-specific: no
    CVE ID         : CVE-2008-3655 CVE-2008-3656 CVE-2008-3657 CVE-2008-3790 CVE-2008-3905
    Several vulnerabilities have been discovered in the interpreter for
    the Ruby language, which may lead to denial of service and other
    security problems. The Common Vulnerabilities and Exposures project
    identifies the following problems:
        Keita Yamaguchi discovered that several safe level restrictions
        are insufficiently enforced.
        Christian Neukirchen discovered that the WebRick module uses
        inefficient algorithms for HTTP header splitting, resulting in
        denial of service through resource exhaustion.
        It was discovered that the dl module doesn't perform taintness
        Luka Treiber and Mitja Kolsek discovered that recursively nested
        XML entities can lead to denial of service through resource
        exhaustion in rexml.
        Tanaka Akira discovered that the resolv module uses sequential
        transaction IDs and a fixed source port for DNS queries, which
        makes it more vulnerable to DNS spoofing attacks.
    For the stable distribution (etch), these problems have been fixed in
    version 1.8.5-4etch3. Packages for arm will be provided later.
    For the unstable distribution (sid), these problems have been fixed in
    We recommend that you upgrade your ruby1.8 packages.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    Source archives:
        Size/MD5 checksum:  4434227 aae9676332fcdd52f66c3d99b289878f
        Size/MD5 checksum:     1079 4c7df61bd710db620b87ae0a3b98d388
        Size/MD5 checksum:   142603 f7c9366a3e04f00f5d4e7deb5d27eaf9
    Architecture independent packages:
        Size/MD5 checksum:  1241006 d8312745f5bf656d950323c6c9761e1e
        Size/MD5 checksum:   211002 1b5eefc0ee08f8224b14e9cc887c408e
        Size/MD5 checksum:   245020 e16a6c9adf8603359b5031e46185bf25
        Size/MD5 checksum:   235612 69142939deabd04310455bb13f288c66
        Size/MD5 checksum:   310244 e321a815c462f98b404b8c1665d1b55f
    alpha architecture (DEC Alpha)
        Size/MD5 checksum:   903552 ad6a8ddd2bf50091f4379509c7b6cef4
        Size/MD5 checksum:  1869012 1a2090d92784326905495c96fe508bf2
        Size/MD5 checksum:   198226 b11408bce9fbb392955416fb76d3f6b8
        Size/MD5 checksum:   199160 e087c534968b3ee42d5c1a8eb271ffb0
        Size/MD5 checksum:  1638944 58b67c19df5d4394619792d1b8b40c03
        Size/MD5 checksum:   199128 5ff5a9ca775487dcd3eb6d1e1d4eb180
        Size/MD5 checksum:   219386 d12ee43d6a3f38b98852fedc2349d3d5
        Size/MD5 checksum:  1075242 ce403140ff57e22f5260226ff3d9325c
        Size/MD5 checksum:   301056 98e0e061f488d2b111f032a19d5a1060
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum:  1068652 90b93dcde06d9ddcdee05ace2c42bb9e
        Size/MD5 checksum:   217282 f7c81dbf89b107a334ecd4bb4da66ba6
        Size/MD5 checksum:   198082 006299a09bf2074c481322dfbce9dfe6
        Size/MD5 checksum:   302902 6ef6a2d83f8b158b62ea62f3c4bba3fa
        Size/MD5 checksum:  1586654 9d7b4530804e8089a08a95c39bdeabbe
        Size/MD5 checksum:   748606 c07117a39289e01786fb9ee7a27a1829
        Size/MD5 checksum:  1864338 a6e21b1b7dca462d5fb45689fe092150
        Size/MD5 checksum:   197638 f6bb914b21492cf68cb1c4558e4ac644
        Size/MD5 checksum:   198694 4757a7c9b578208d761fe2ccdce3fa41
    hppa architecture (HP PA RISC)
        Size/MD5 checksum:   200220 2d8704ff62159bb1e8c2fc635e9cb3b5
        Size/MD5 checksum:   199810 4e51aa246f1602dec04095780c0f5170
        Size/MD5 checksum:  1677464 394c17e4c1e40082701773314c3310e0
        Size/MD5 checksum:  1869130 04510cbc8347e4cd055f22b11a26b234
        Size/MD5 checksum:   824102 b40a7f34f9401e1461f2211c904d3153
        Size/MD5 checksum:  1042102 f7f16a8ffb6be3a6a874b49be5904da8
        Size/MD5 checksum:   316154 82f7dcc15c9ef9c542b12830910c72d4
        Size/MD5 checksum:   199118 6c2239c266c6e7653449780d6ab18f71
        Size/MD5 checksum:   219164 2ad50197b6cf436a728c5b615a52a046
    i386 architecture (Intel ia32)
        Size/MD5 checksum:   999668 64201f397337b7478893c08afc261e00
        Size/MD5 checksum:   293708 2327aefddae4e2dd58e9387e36a3934c
        Size/MD5 checksum:   219408 e3cef11245e5554bef15f5598df21a8f
        Size/MD5 checksum:   197598 56ccc12092d5296e8156c1bc4f411119
        Size/MD5 checksum:   719716 329bf36bc69b73ac908d6131e12a9933
        Size/MD5 checksum:   198252 e5df4a73eea74976f81949cfc085c722
        Size/MD5 checksum:  1856646 f839ef877cc1d905f20868ac29d8c6d6
        Size/MD5 checksum:   197916 221e994fe9132b0121ae1c1aef4d1a71
        Size/MD5 checksum:  1534674 aff183539b7a3ffb37078d263b4c0fc4
    ia64 architecture (Intel ia64)
        Size/MD5 checksum:   201426 7700f382729ccb1bf36b7361eda4e1e6
        Size/MD5 checksum:   330536 de290038777d785a40b96ecde67bcb79
        Size/MD5 checksum:   202400 425437ebd7a25ddcc24f0b00643e0e15
        Size/MD5 checksum:   971614 157129fd20a8e99bb060eb16d04b9b1e
        Size/MD5 checksum:  1895636 42981c9c01f3bfe0c29d9c89c67456ea
        Size/MD5 checksum:   218566 73418bc1a694edf6666a3bef64ab66b8
        Size/MD5 checksum:  1861876 81df0b92b58078d1414bca3298a801fd
        Size/MD5 checksum:   203346 861ceb05ebf6549fa2872f2f24eafdbd
        Size/MD5 checksum:  1026222 1c6b059f43c36a3d2195fb071a21c0c0
    mips architecture (MIPS (Big Endian))
        Size/MD5 checksum:   196588 0b12b7621be85e03e3ccf9bb8bf18252
        Size/MD5 checksum:   802442 2a8e096b0bdec5cf68ca800bab083058
        Size/MD5 checksum:   217920 f7ad5607292040314c621508996c10e3
        Size/MD5 checksum:   197376 ceef5241e870f21a04406000cfe861f7
        Size/MD5 checksum:   281460 585fe80dfa9e975314e6df5ec9f35490
        Size/MD5 checksum:  1085282 94a0aa16383ec7f2ab88d742cead73c2
        Size/MD5 checksum:  1850952 26828e1d9dc0b6d24cfc9a8f5ea1bb33
        Size/MD5 checksum:  1540352 a1c65ec2cd909491de849c9907d2eabc
        Size/MD5 checksum:   197514 118cfb3032dd4b79691ba0f79341bcc4
    mipsel architecture (MIPS (Little Endian))
        Size/MD5 checksum:   197666 42073374de4e32b274d2a485896d0734
        Size/MD5 checksum:  1060018 eb935e3e4592e2ac723b87227258526a
        Size/MD5 checksum:   279206 21f76e4afe491f2ceaaa90215e2e6dab
        Size/MD5 checksum:   198014 6ec3efd9b594a9cc2759d95b61f2a64a
        Size/MD5 checksum:  1538558 725d0012a98297cc4ae2c2aa6d76e73f
        Size/MD5 checksum:   218098 a75856178c8addc09ae0db8dd8349b88
        Size/MD5 checksum:   793332 fff033a8fde91eeaa458f2be3252a7bf
        Size/MD5 checksum:  1830324 a816a6d7bb2059cead4d5be647e66c03
        Size/MD5 checksum:   197072 cc83f3923ec214e99dfb87552813e524
    powerpc architecture (PowerPC)
        Size/MD5 checksum:   219368 5033aca578c0a97d044b136adf2120d2
        Size/MD5 checksum:   293966 13f4c179f750c4ef69229f5f8c714908
        Size/MD5 checksum:   199990 900f11656f1bbfb7143c96eb6eca55b2
        Size/MD5 checksum:   199672 b36fcd86eae4a996aceea9f51ed82b6f
        Size/MD5 checksum:  1592660 53543d9b925d742e2dd0bb21842d9484
        Size/MD5 checksum:   199450 7eecb4e14d914ef9ce18297dafeb4beb
        Size/MD5 checksum:  1837328 fc2549416dba4e379f56755dc11cf3d5
        Size/MD5 checksum:  1108684 93123428d72447a94854d3ffa7feba05
        Size/MD5 checksum:   718932 c59ae18feb43ed2dca6300adabb1a9e4
    s390 architecture (IBM S/390)
        Size/MD5 checksum:   305246 14e3e5cddc2398095a39f5e7db03d50d
        Size/MD5 checksum:   779454 22db8f14e5f3524693854a896d25dc73
        Size/MD5 checksum:  1620164 25eb518ccfa74c490cd894a96d464743
        Size/MD5 checksum:   199400 7f87e9c92d21d9f0cc27168c15b09e90
        Size/MD5 checksum:   198604 f9b34b538bd4fae60bf1cfd357d78977
        Size/MD5 checksum:   198918 8e6b256da2d93404909bffaf9741cb8a
        Size/MD5 checksum:   217956 e0603b2614b4402e24763265af2a69aa
        Size/MD5 checksum:  1838970 5eb6c09970d3a051d6fe1753893c7222
        Size/MD5 checksum:  1051972 d10d44795254610d6f4becff47d5c3a7
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum:   961570 c65f0632dc01bc50d209487741fc41f4
        Size/MD5 checksum:  1833402 426ef4a80f6c366231813b596c9bf46f
        Size/MD5 checksum:   197920 006e1097f7fdc7ac9a8b89413a56f2fe
        Size/MD5 checksum:  1543240 4c4c3f00fd078b2fa6778a3245569e87
        Size/MD5 checksum:   197144 2cd715ed20b9c63c0c264adb6ed1c000
        Size/MD5 checksum:   197866 71c08be787f0a4f683b91fc539ade3c3
        Size/MD5 checksum:   741182 9c970b4ccbba6cba80d8284218d33ef4
        Size/MD5 checksum:   296052 9567adab606aecadbee3006a572f0965
        Size/MD5 checksum:   217898 b375854870d898692db953c88bf80e53
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"15","type":"x","order":"1","pct":36.59,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"8","type":"x","order":"2","pct":19.51,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"18","type":"x","order":"3","pct":43.9,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.