- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200812-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Ruby: Multiple vulnerabilities
      Date: December 16, 2008
      Bugs: #225465, #236060
        ID: 200812-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
Multiple vulnerabilities have been discovered in Ruby that allow for
attacks including arbitrary code execution and Denial of Service.

Background
=========
Ruby is an interpreted object-oriented programming language. The
elaborate standard library includes an HTTP server ("WEBRick") and a
class for XML parsing ("REXML").

Affected packages
================
    -------------------------------------------------------------------
     Package        /     Vulnerable     /                  Unaffected
    -------------------------------------------------------------------
  1  dev-lang/ruby      < 1.8.6_p287-r1               >= 1.8.6_p287-r1

Description
==========
Multiple vulnerabilities have been discovered in the Ruby interpreter
and its standard libraries. Drew Yao of Apple Product Security
discovered the following flaws:

* Arbitrary code execution or Denial of Service (memory corruption)
  in the rb_str_buf_append() function (CVE-2008-2662).

* Arbitrary code execution or Denial of Service (memory corruption)
  in the rb_ary_stor() function (CVE-2008-2663).

* Memory corruption via alloca in the rb_str_format() function
  (CVE-2008-2664).

* Memory corruption ("REALLOC_N") in the rb_ary_splice() and
  rb_ary_replace() functions (CVE-2008-2725).

* Memory corruption ("beg + rlen") in the rb_ary_splice() and
  rb_ary_replace() functions (CVE-2008-2726).

Furthermore, several other vulnerabilities have been reported:

* Tanaka Akira reported an issue with resolv.rb that enables
  attackers to spoof DNS responses (CVE-2008-1447).

* Akira Tagoh of RedHat discovered a Denial of Service (crash) issue
  in the rb_ary_fill() function in array.c (CVE-2008-2376).

* Several safe level bypass vulnerabilities were discovered and
  reported by Keita Yamaguchi (CVE-2008-3655).

* Christian Neukirchen is credited for discovering a Denial of
  Service (CPU consumption) attack in the WEBRick HTTP server
  (CVE-2008-3656).

* A fault in the dl module allowed the circumvention of taintness
  checks which could possibly lead to insecure code execution was
  reported by "sheepman" (CVE-2008-3657).

* Tanaka Akira again found a DNS spoofing vulnerability caused by the
  resolv.rb implementation using poor randomness (CVE-2008-3905).

* Luka Treiber and Mitja Kolsek (ACROS Security) disclosed a Denial
  of Service (CPU consumption) vulnerability in the REXML module when
  dealing with recursive entity expansion (CVE-2008-3790).

Impact
=====
These vulnerabilities allow remote attackers to execute arbitrary code,
spoof DNS responses, bypass Ruby's built-in security and taintness
checks, and cause a Denial of Service via crash or CPU exhaustion.

Workaround
=========
There is no known workaround at this time.

Resolution
=========
All Ruby users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.6_p287-r1"

References
=========
  [ 1 ] CVE-2008-1447
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
  [ 2 ] CVE-2008-2376
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2376
  [ 3 ] CVE-2008-2662
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662
  [ 4 ] CVE-2008-2663
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663
  [ 5 ] CVE-2008-2664
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664
  [ 6 ] CVE-2008-2725
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725
  [ 7 ] CVE-2008-2726
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726
  [ 8 ] CVE-2008-3655
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3655
  [ 9 ] CVE-2008-3656
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3656
  [ 10 ] CVE-2008-3657
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3657
  [ 11 ] CVE-2008-3790
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790
  [ 12 ] CVE-2008-3905
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3905

Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  https://security.gentoo.org/glsa/200812-17

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org/.

License
======
Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5/

Gentoo: GLSA-200812-17: Ruby: Multiple vulnerabilities

Multiple vulnerabilities have been discovered in Ruby that allow for attacks including arbitrary code execution and Denial of Service.

Summary

Gentoo Linux Security Advisory GLSA 200812-17 https://security.gentoo.org/ Severity: Normal Title: Ruby: Multiple vulnerabilities Date: December 16, 2008 Bugs: #225465, #236060 ID: 200812-17

Synopsis ======= Multiple vulnerabilities have been discovered in Ruby that allow for attacks including arbitrary code execution and Denial of Service.
Background ========= Ruby is an interpreted object-oriented programming language. The elaborate standard library includes an HTTP server ("WEBRick") and a class for XML parsing ("REXML").
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/ruby < 1.8.6_p287-r1 >= 1.8.6_p287-r1
========== Multiple vulnerabilities have been discovered in the Ruby interpreter and its standard libraries. Drew Yao of Apple Product Security discovered the following flaws:
* Arbitrary code execution or Denial of Service (memory corruption) in the rb_str_buf_append() function (CVE-2008-2662).
* Arbitrary code execution or Denial of Service (memory corruption) in the rb_ary_stor() function (CVE-2008-2663).
* Memory corruption via alloca in the rb_str_format() function (CVE-2008-2664).
* Memory corruption ("REALLOC_N") in the rb_ary_splice() and rb_ary_replace() functions (CVE-2008-2725).
* Memory corruption ("beg + rlen") in the rb_ary_splice() and rb_ary_replace() functions (CVE-2008-2726).
Furthermore, several other vulnerabilities have been reported:
* Tanaka Akira reported an issue with resolv.rb that enables attackers to spoof DNS responses (CVE-2008-1447).
* Akira Tagoh of RedHat discovered a Denial of Service (crash) issue in the rb_ary_fill() function in array.c (CVE-2008-2376).
* Several safe level bypass vulnerabilities were discovered and reported by Keita Yamaguchi (CVE-2008-3655).
* Christian Neukirchen is credited for discovering a Denial of Service (CPU consumption) attack in the WEBRick HTTP server (CVE-2008-3656).
* A fault in the dl module allowed the circumvention of taintness checks which could possibly lead to insecure code execution was reported by "sheepman" (CVE-2008-3657).
* Tanaka Akira again found a DNS spoofing vulnerability caused by the resolv.rb implementation using poor randomness (CVE-2008-3905).
* Luka Treiber and Mitja Kolsek (ACROS Security) disclosed a Denial of Service (CPU consumption) vulnerability in the REXML module when dealing with recursive entity expansion (CVE-2008-3790).
Impact ===== These vulnerabilities allow remote attackers to execute arbitrary code, spoof DNS responses, bypass Ruby's built-in security and taintness checks, and cause a Denial of Service via crash or CPU exhaustion.
Workaround ========= There is no known workaround at this time.
Resolution ========= All Ruby users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.6_p287-r1"
References ========= [ 1 ] CVE-2008-1447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 [ 2 ] CVE-2008-2376 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2376 [ 3 ] CVE-2008-2662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662 [ 4 ] CVE-2008-2663 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663 [ 5 ] CVE-2008-2664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664 [ 6 ] CVE-2008-2725 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725 [ 7 ] CVE-2008-2726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726 [ 8 ] CVE-2008-3655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3655 [ 9 ] CVE-2008-3656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3656 [ 10 ] CVE-2008-3657 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3657 [ 11 ] CVE-2008-3790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790 [ 12 ] CVE-2008-3905 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3905
Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/200812-17
Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org/.
License ====== Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5/

Resolution

References

Availability

Concerns

Severity

Synopsis

Background

Affected Packages

Impact

Workaround

Related News

Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power
8 Expert-Recommended Security Practices to Fortify Your Linux Systems
4 - 8 min read
As a Linux admin or an infosec professional, you understand how the security landscape changes due to evolving threats, newly discovered
Open Source Strategies for Enhancing Security in Digital Business Operations
5 - 9 min read
Digital transformation, powered by the principles of open-source security , is vital for businesses looking to excel in today's technology-driven
Microsoft Update Mayhem: Rescuing Linux Dual-Boot Systems from Secure Boot Woes
2 - 4 min read
Microsoft's recent patch, intended to strengthen Secure Boot defenses, has resulted in an unexpected setback for Linux-Windows dual-boot setups

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved