Linux Security
    Linux Security
    Linux Security

    Debian: New ruby1.9 packages fix several vulnerabilities

    Date 12 Oct 2008
    Posted By LinuxSecurity Advisories
    Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1652-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                       Moritz Muehlenhoff
    October 12, 2008            
    - ------------------------------------------------------------------------
    Package        : ruby1.9
    Vulnerability  : several
    Problem-Type   : local(remote)
    Debian-specific: no
    CVE ID         : CVE-2008-3655 CVE-2008-3656 CVE-2008-3657 CVE-2008-3790 CVE-2008-3905
    Several vulnerabilities have been discovered in the interpreter for
    the Ruby language, which may lead to denial of service and other
    security problems. The Common Vulnerabilities and Exposures project
    identifies the following problems:
        Keita Yamaguchi discovered that several safe level restrictions
        are insufficiently enforced.
        Christian Neukirchen discovered that the WebRick module uses
        inefficient algorithms for HTTP header splitting, resulting in
        denial of service through resource exhaustion.
        It was discovered that the dl module doesn't perform taintness
        Luka Treiber and Mitja Kolsek discovered that recursively nested
        XML entities can lead to denial of service through resource
        exhaustion in rexml.
        Tanaka Akira discovered that the resolv module uses sequential
        transaction IDs and a fixed source port for DNS queries, which
        makes it more vulnerable to DNS spoofing attacks.
    For the stable distribution (etch), these problems have been fixed in
    version 1.9.0+20060609-1etch3. Packages for arm will be provided later.
    For the unstable distribution (sid), these problems have been fixed in
    We recommend that you upgrade your ruby1.9 packages.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    Source archives:
        Size/MD5 checksum:  4450198 483d9b46a973c7e14f7586f0b1129891
        Size/MD5 checksum:    32500 f9ecc42746b8a277f0adf684db941813
        Size/MD5 checksum:     1102 d9f8325a51dc85e7a592135602aa5adb
    Architecture independent packages:
        Size/MD5 checksum:   318568 8829c7b1dc51b1694ec44c22df0b9aa2
        Size/MD5 checksum:   255728 98a8ba887948dad97e365d6fe4cd7365
        Size/MD5 checksum:   265788 baf95223f575afea5a19eda8931ab20f
        Size/MD5 checksum:   229404 5fd60bd0423a2bf3e7b7d9f2fdbf50f8
        Size/MD5 checksum:   694282 195e55b70aaf9f35ff0b3156460c05a0
    alpha architecture (DEC Alpha)
        Size/MD5 checksum:   217526 18e248f393c0157029127735d35ab58c
        Size/MD5 checksum:   237710 40f6ac2464dd488bcec0d9e705457071
        Size/MD5 checksum:   324622 3daf8b07570c96d9575c851ab21deae3
        Size/MD5 checksum:   340188 8e9d2e6f51f659ad6df94a11961b6429
        Size/MD5 checksum:  1890052 15fa703f9493159f200bc8719305f8f7
        Size/MD5 checksum:   216796 19318b591b6bce163cd767ccbc8e55a0
        Size/MD5 checksum:  1881332 5b980e23f25edf7bbc978bbdfb2ffa18
        Size/MD5 checksum:   217544 96ac4e52a0ddbf2a70ae8a49b8468338
        Size/MD5 checksum:   961014 16b8cfc9ec220aed8a4a6d83b7a903f3
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum:   216496 a612ba557549caf4ba25abe252da8568
        Size/MD5 checksum:   346006 8ea61f15325461d26752621150af4c55
        Size/MD5 checksum:  1878306 97b41d5d6a9d13ceab9139faf6ec9f36
        Size/MD5 checksum:   235552 8767d4d810273a9f0177a47a0a08c073
        Size/MD5 checksum:  1850520 0750131f3c14ce426f121099858f02f0
        Size/MD5 checksum:   216560 5eb826cce7459050017b7085685e996c
        Size/MD5 checksum:   216012 d89ffb0add351472565804edf8dac758
        Size/MD5 checksum:   807498 f23ac4d1e46337667e6869d896a2c86a
        Size/MD5 checksum:   323396 fd36007f61327bb9e05127cd35e6a2d6
    hppa architecture (HP PA RISC)
        Size/MD5 checksum:   888820 f2a52e9d4019c7c6e36df9a557bb2162
        Size/MD5 checksum:   217900 86d51cf0dc80bdbd9d25a39b17eee678
        Size/MD5 checksum:   217536 3ee4c34f85a0dd8b4f8a328a5e8fbc00
        Size/MD5 checksum:  1861420 68df4ad96fd1065b76bf391d753ad79e
        Size/MD5 checksum:   236956 e465433f9cb8186a8326455d59910cc2
        Size/MD5 checksum:  1880706 d811527595c9c70569d60581b0b540ea
        Size/MD5 checksum:   218086 0fc503ce1be877ddcf1ed5110ebc35f5
        Size/MD5 checksum:   333712 e26dd25bc69b683518214ffda7aa18fc
        Size/MD5 checksum:   395486 d89dec7193f96ac9ea999af10815b0e4
    i386 architecture (Intel ia32)
        Size/MD5 checksum:   309582 1e3e3abbe9099df9839f022207104e4c
        Size/MD5 checksum:   216578 6c8c40b3bac4b3008ca37c11d1c15b71
        Size/MD5 checksum:   216352 7ad6c7c069d6922eadc2d51919f42346
        Size/MD5 checksum:  1752688 4c1a4ec5f90608f16b719070239f2dc8
        Size/MD5 checksum:  1867752 749baa15c5cdd78016acc2e4a4836f80
        Size/MD5 checksum:   237500 068288ec56066aad6cd3c0148fa9e6b1
        Size/MD5 checksum:   345708 f01d2d77673b54570e3afcf06afb7bb4
        Size/MD5 checksum:   215600 47671e30dd1a142519c40c1efc6559b9
        Size/MD5 checksum:   757964 c34682888461aa146d404c9dccb9f987
    ia64 architecture (Intel ia64)
        Size/MD5 checksum:  2225874 c1f834cdd95279bbf5eca576c3511088
        Size/MD5 checksum:   220606 3c65aba37358087e1e26a16677e474f8
        Size/MD5 checksum:  1095774 6d57aff7a609eb69ea57dfeb60b9d831
        Size/MD5 checksum:   220140 46554d54bc95ad8bf90ec33d7c848358
        Size/MD5 checksum:   236300 1e4719db3ca36aa6b04dc3a66bb3b4f2
        Size/MD5 checksum:   220598 3cff195de849212b8bf1c0d2cb4f459b
        Size/MD5 checksum:   351424 99c548dbb54ad64f2f15ec9d6cd1157b
        Size/MD5 checksum:   351114 67c71c75847c6c24873a077214c6ddb8
        Size/MD5 checksum:  1863980 ba885ff9a4bee389cdda5439f9b8838d
    mips architecture (MIPS (Big Endian))
        Size/MD5 checksum:   216034 540daf8a0a152b77cbabc0ebf2a6cbe6
        Size/MD5 checksum:   215910 08152af050881fd103cbd3c6283f4c5f
        Size/MD5 checksum:   215178 6189e81e3d1fcb8bc3aa64ae688c6736
        Size/MD5 checksum:  1862054 3f09c78df3df2ecafca65180509eeb30
        Size/MD5 checksum:   236092 0a9c0b2b8031289e850c3a2c9a026e92
        Size/MD5 checksum:   874098 447b15d2db96e1d6212b721b70289aa9
        Size/MD5 checksum:  1680114 aa610eb8728da1c4d45b7d54a4b09058
        Size/MD5 checksum:   372246 96a282c7252c4edef7ba6712a26dfe6f
        Size/MD5 checksum:   301600 3d528eda6e6da71c3dc5bfb92ac7a131
    mipsel architecture (MIPS (Little Endian))
        Size/MD5 checksum:  1837274 08174e2e8d1128b3977dedcd49d88adf
        Size/MD5 checksum:   215368 c53207b03169c21fae94fc9a252030e0
        Size/MD5 checksum:   216122 217425b4ced3f5e260f7c3e16067ccc9
        Size/MD5 checksum:   367470 ad1121d68848d0dd69c37ede15c611b1
        Size/MD5 checksum:  1667940 7a061e90f07190e08cb1d7dd87ceba0b
        Size/MD5 checksum:   299388 46bc91d4748b41dc94e047bab5dedd51
        Size/MD5 checksum:   216268 d71b6f0a4b75fb7e1251e69d746ca7c6
        Size/MD5 checksum:   858514 9670a0b7dae56385110e24a689a2bba8
        Size/MD5 checksum:   235568 f81cd64d18fd7d9ad05be290eaa3a2f7
    powerpc architecture (PowerPC)
        Size/MD5 checksum:   218494 e3554e99b745b152c5adceb8b792598b
        Size/MD5 checksum:   218182 5d950d3fe9d4144a4a113febc734a657
        Size/MD5 checksum:   312442 ba212e89d3ed795826291b8b83b755bf
        Size/MD5 checksum:  1808838 f27c1864da2a5f200eba5f856ab9ec4d
        Size/MD5 checksum:   217620 c293eeeff7ea8f7b2662543f1787e382
        Size/MD5 checksum:   237222 ba705f2b59847458ae944c9d88cfa29e
        Size/MD5 checksum:   777068 75b95c3a7627b97ed7cb6b65b2d430d4
        Size/MD5 checksum:   372912 2082b7a24c82d5c444d9a8e9971d153c
        Size/MD5 checksum:  1844652 17411d10899861a4e0db3f2b58aa2f04
    s390 architecture (IBM S/390)
        Size/MD5 checksum:   327718 deaec089c668e98c3826f9c3f9c16906
        Size/MD5 checksum:   217444 091b5e0da9d7f8cab82fbaac51555800
        Size/MD5 checksum:  1849530 a4eb5998265e1c0d10e47d9b3fd3376a
        Size/MD5 checksum:   371458 38d13d9c042fa13cb83e056dd6f75876
        Size/MD5 checksum:  1855840 f311eafe38b79f66c8ed62d750516e3c
        Size/MD5 checksum:   235460 c8e69420f67a74626d536b1e0634a5ee
        Size/MD5 checksum:   884264 cb34a6a0e54e9699c2cc2527721e334a
        Size/MD5 checksum:   217506 f0ee0fdfef50c2442f8ef375e1830575
        Size/MD5 checksum:   217974 62409b7918e14178a04f381f14b0b009
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum:   822856 9506219f2b044210b34532e0900c843d
        Size/MD5 checksum:   216666 1fdc236fbbcc05ec4dcb69f287e26d4a
        Size/MD5 checksum:   372806 a217f49c1f19fa3c8fdcebc6120b89e7
        Size/MD5 checksum:  1843374 5f6e40930829a86a4694231a1312e5b9
        Size/MD5 checksum:   216752 7e5681d7aa0e675b3fe26e83f146ac94
        Size/MD5 checksum:  1793464 023e643cbaca8191e5c213e228a59150
        Size/MD5 checksum:   317666 4e0e420084673e075456a2cc78102cf2
        Size/MD5 checksum:   215972 20c5e03b7c7cad010b849fdcd77f9dbf
        Size/MD5 checksum:   235354 2ce73be64e9f94b1beff935e7ffcba2f
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"12","type":"x","order":"1","pct":36.36,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.18,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":45.45,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.