Linux Security
Linux Security
Linux Security

Debian: New ruby1.9 packages fix several vulnerabilities

Date 12 Oct 2008
Posted By LinuxSecurity Advisories
Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1652-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                       Moritz Muehlenhoff
October 12, 2008            
- ------------------------------------------------------------------------

Package        : ruby1.9
Vulnerability  : several
Problem-Type   : local(remote)
Debian-specific: no
CVE ID         : CVE-2008-3655 CVE-2008-3656 CVE-2008-3657 CVE-2008-3790 CVE-2008-3905

Several vulnerabilities have been discovered in the interpreter for
the Ruby language, which may lead to denial of service and other
security problems. The Common Vulnerabilities and Exposures project
identifies the following problems:


    Keita Yamaguchi discovered that several safe level restrictions
    are insufficiently enforced.

    Christian Neukirchen discovered that the WebRick module uses
    inefficient algorithms for HTTP header splitting, resulting in
    denial of service through resource exhaustion.


    It was discovered that the dl module doesn't perform taintness


    Luka Treiber and Mitja Kolsek discovered that recursively nested
    XML entities can lead to denial of service through resource
    exhaustion in rexml.


    Tanaka Akira discovered that the resolv module uses sequential
    transaction IDs and a fixed source port for DNS queries, which
    makes it more vulnerable to DNS spoofing attacks.

For the stable distribution (etch), these problems have been fixed in
version 1.9.0+20060609-1etch3. Packages for arm will be provided later.

For the unstable distribution (sid), these problems have been fixed in

We recommend that you upgrade your ruby1.9 packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:  4450198 483d9b46a973c7e14f7586f0b1129891
    Size/MD5 checksum:    32500 f9ecc42746b8a277f0adf684db941813
    Size/MD5 checksum:     1102 d9f8325a51dc85e7a592135602aa5adb

Architecture independent packages:
    Size/MD5 checksum:   318568 8829c7b1dc51b1694ec44c22df0b9aa2
    Size/MD5 checksum:   255728 98a8ba887948dad97e365d6fe4cd7365
    Size/MD5 checksum:   265788 baf95223f575afea5a19eda8931ab20f
    Size/MD5 checksum:   229404 5fd60bd0423a2bf3e7b7d9f2fdbf50f8
    Size/MD5 checksum:   694282 195e55b70aaf9f35ff0b3156460c05a0

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   217526 18e248f393c0157029127735d35ab58c
    Size/MD5 checksum:   237710 40f6ac2464dd488bcec0d9e705457071
    Size/MD5 checksum:   324622 3daf8b07570c96d9575c851ab21deae3
    Size/MD5 checksum:   340188 8e9d2e6f51f659ad6df94a11961b6429
    Size/MD5 checksum:  1890052 15fa703f9493159f200bc8719305f8f7
    Size/MD5 checksum:   216796 19318b591b6bce163cd767ccbc8e55a0
    Size/MD5 checksum:  1881332 5b980e23f25edf7bbc978bbdfb2ffa18
    Size/MD5 checksum:   217544 96ac4e52a0ddbf2a70ae8a49b8468338
    Size/MD5 checksum:   961014 16b8cfc9ec220aed8a4a6d83b7a903f3

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:   216496 a612ba557549caf4ba25abe252da8568
    Size/MD5 checksum:   346006 8ea61f15325461d26752621150af4c55
    Size/MD5 checksum:  1878306 97b41d5d6a9d13ceab9139faf6ec9f36
    Size/MD5 checksum:   235552 8767d4d810273a9f0177a47a0a08c073
    Size/MD5 checksum:  1850520 0750131f3c14ce426f121099858f02f0
    Size/MD5 checksum:   216560 5eb826cce7459050017b7085685e996c
    Size/MD5 checksum:   216012 d89ffb0add351472565804edf8dac758
    Size/MD5 checksum:   807498 f23ac4d1e46337667e6869d896a2c86a
    Size/MD5 checksum:   323396 fd36007f61327bb9e05127cd35e6a2d6

hppa architecture (HP PA RISC)
    Size/MD5 checksum:   888820 f2a52e9d4019c7c6e36df9a557bb2162
    Size/MD5 checksum:   217900 86d51cf0dc80bdbd9d25a39b17eee678
    Size/MD5 checksum:   217536 3ee4c34f85a0dd8b4f8a328a5e8fbc00
    Size/MD5 checksum:  1861420 68df4ad96fd1065b76bf391d753ad79e
    Size/MD5 checksum:   236956 e465433f9cb8186a8326455d59910cc2
    Size/MD5 checksum:  1880706 d811527595c9c70569d60581b0b540ea
    Size/MD5 checksum:   218086 0fc503ce1be877ddcf1ed5110ebc35f5
    Size/MD5 checksum:   333712 e26dd25bc69b683518214ffda7aa18fc
    Size/MD5 checksum:   395486 d89dec7193f96ac9ea999af10815b0e4

i386 architecture (Intel ia32)
    Size/MD5 checksum:   309582 1e3e3abbe9099df9839f022207104e4c
    Size/MD5 checksum:   216578 6c8c40b3bac4b3008ca37c11d1c15b71
    Size/MD5 checksum:   216352 7ad6c7c069d6922eadc2d51919f42346
    Size/MD5 checksum:  1752688 4c1a4ec5f90608f16b719070239f2dc8
    Size/MD5 checksum:  1867752 749baa15c5cdd78016acc2e4a4836f80
    Size/MD5 checksum:   237500 068288ec56066aad6cd3c0148fa9e6b1
    Size/MD5 checksum:   345708 f01d2d77673b54570e3afcf06afb7bb4
    Size/MD5 checksum:   215600 47671e30dd1a142519c40c1efc6559b9
    Size/MD5 checksum:   757964 c34682888461aa146d404c9dccb9f987

ia64 architecture (Intel ia64)
    Size/MD5 checksum:  2225874 c1f834cdd95279bbf5eca576c3511088
    Size/MD5 checksum:   220606 3c65aba37358087e1e26a16677e474f8
    Size/MD5 checksum:  1095774 6d57aff7a609eb69ea57dfeb60b9d831
    Size/MD5 checksum:   220140 46554d54bc95ad8bf90ec33d7c848358
    Size/MD5 checksum:   236300 1e4719db3ca36aa6b04dc3a66bb3b4f2
    Size/MD5 checksum:   220598 3cff195de849212b8bf1c0d2cb4f459b
    Size/MD5 checksum:   351424 99c548dbb54ad64f2f15ec9d6cd1157b
    Size/MD5 checksum:   351114 67c71c75847c6c24873a077214c6ddb8
    Size/MD5 checksum:  1863980 ba885ff9a4bee389cdda5439f9b8838d

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:   216034 540daf8a0a152b77cbabc0ebf2a6cbe6
    Size/MD5 checksum:   215910 08152af050881fd103cbd3c6283f4c5f
    Size/MD5 checksum:   215178 6189e81e3d1fcb8bc3aa64ae688c6736
    Size/MD5 checksum:  1862054 3f09c78df3df2ecafca65180509eeb30
    Size/MD5 checksum:   236092 0a9c0b2b8031289e850c3a2c9a026e92
    Size/MD5 checksum:   874098 447b15d2db96e1d6212b721b70289aa9
    Size/MD5 checksum:  1680114 aa610eb8728da1c4d45b7d54a4b09058
    Size/MD5 checksum:   372246 96a282c7252c4edef7ba6712a26dfe6f
    Size/MD5 checksum:   301600 3d528eda6e6da71c3dc5bfb92ac7a131

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:  1837274 08174e2e8d1128b3977dedcd49d88adf
    Size/MD5 checksum:   215368 c53207b03169c21fae94fc9a252030e0
    Size/MD5 checksum:   216122 217425b4ced3f5e260f7c3e16067ccc9
    Size/MD5 checksum:   367470 ad1121d68848d0dd69c37ede15c611b1
    Size/MD5 checksum:  1667940 7a061e90f07190e08cb1d7dd87ceba0b
    Size/MD5 checksum:   299388 46bc91d4748b41dc94e047bab5dedd51
    Size/MD5 checksum:   216268 d71b6f0a4b75fb7e1251e69d746ca7c6
    Size/MD5 checksum:   858514 9670a0b7dae56385110e24a689a2bba8
    Size/MD5 checksum:   235568 f81cd64d18fd7d9ad05be290eaa3a2f7

powerpc architecture (PowerPC)
    Size/MD5 checksum:   218494 e3554e99b745b152c5adceb8b792598b
    Size/MD5 checksum:   218182 5d950d3fe9d4144a4a113febc734a657
    Size/MD5 checksum:   312442 ba212e89d3ed795826291b8b83b755bf
    Size/MD5 checksum:  1808838 f27c1864da2a5f200eba5f856ab9ec4d
    Size/MD5 checksum:   217620 c293eeeff7ea8f7b2662543f1787e382
    Size/MD5 checksum:   237222 ba705f2b59847458ae944c9d88cfa29e
    Size/MD5 checksum:   777068 75b95c3a7627b97ed7cb6b65b2d430d4
    Size/MD5 checksum:   372912 2082b7a24c82d5c444d9a8e9971d153c
    Size/MD5 checksum:  1844652 17411d10899861a4e0db3f2b58aa2f04

s390 architecture (IBM S/390)
    Size/MD5 checksum:   327718 deaec089c668e98c3826f9c3f9c16906
    Size/MD5 checksum:   217444 091b5e0da9d7f8cab82fbaac51555800
    Size/MD5 checksum:  1849530 a4eb5998265e1c0d10e47d9b3fd3376a
    Size/MD5 checksum:   371458 38d13d9c042fa13cb83e056dd6f75876
    Size/MD5 checksum:  1855840 f311eafe38b79f66c8ed62d750516e3c
    Size/MD5 checksum:   235460 c8e69420f67a74626d536b1e0634a5ee
    Size/MD5 checksum:   884264 cb34a6a0e54e9699c2cc2527721e334a
    Size/MD5 checksum:   217506 f0ee0fdfef50c2442f8ef375e1830575
    Size/MD5 checksum:   217974 62409b7918e14178a04f381f14b0b009

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:   822856 9506219f2b044210b34532e0900c843d
    Size/MD5 checksum:   216666 1fdc236fbbcc05ec4dcb69f287e26d4a
    Size/MD5 checksum:   372806 a217f49c1f19fa3c8fdcebc6120b89e7
    Size/MD5 checksum:  1843374 5f6e40930829a86a4694231a1312e5b9
    Size/MD5 checksum:   216752 7e5681d7aa0e675b3fe26e83f146ac94
    Size/MD5 checksum:  1793464 023e643cbaca8191e5c213e228a59150
    Size/MD5 checksum:   317666 4e0e420084673e075456a2cc78102cf2
    Size/MD5 checksum:   215972 20c5e03b7c7cad010b849fdcd77f9dbf
    Size/MD5 checksum:   235354 2ce73be64e9f94b1beff935e7ffcba2f

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"45","type":"x","order":"1","pct":80.36,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"6","type":"x","order":"2","pct":10.71,"resources":[]},{"id":"181","title":"Hardly ever","votes":"5","type":"x","order":"3","pct":8.93,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.