Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Ubuntu 12.04 LTS USN-1603-1 Moderate: Ruby Excessive Access Threat

Calendar Oct 10, 2012 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory access flaw Ubuntu update instructions moderate issue ruby access
Ruby could allow excessive access in untrusted programs. 
=========================================================================Ubuntu Security Notice USN-1603-1
October 10, 2012

ruby1.8 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS

Summary:

Ruby could allow excessive access in untrusted programs.

Software Description:
- ruby1.8: Interpreter of object-oriented scripting language Ruby 1.8

Details:

Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted
strings to be modified in protective safe levels. An attacker could use this
flaw to bypass intended access restrictions. (CVE-2012-4466, CVE-2012-4481)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  libruby1.8                      1.8.7.352-2ubuntu1.1

Ubuntu 11.10:
  libruby1.8                      1.8.7.352-2ubuntu0.2

Ubuntu 11.04:
  libruby1.8                      1.8.7.302-2ubuntu0.2

Ubuntu 10.04 LTS:
  libruby1.8                      1.8.7.249-2ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
  
  CVE-2012-4466, CVE-2012-4481

Package Information:
  https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.352-2ubuntu1.1
  https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.352-2ubuntu0.2
  https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.302-2ubuntu0.2
  https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.249-2ubuntu0.2

Ubuntu 12.04 LTS USN-1603-1 Moderate: Ruby Excessive Access Threat

ubuntu
Calendar Grey October 10, 2012
Dist Ubuntu Esm H88
Overuse of Ruby in unreliable applications compromises Ubuntu distributions. Implement patches to maintain security standards.
Ruby could allow excessive access in untrusted programs.

Summary

Topics%20covered

Topics Covered

security advisory access flaw Ubuntu update instructions moderate issue ruby access

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libruby1.8 1.8.7.352-2ubuntu1.1 Ubuntu 11.10: libruby1.8 1.8.7.352-2ubuntu0.2 Ubuntu 11.04: libruby1.8 1.8.7.302-2ubuntu0.2 Ubuntu 10.04 LTS: libruby1.8 1.8.7.249-2ubuntu0.2 In general, a standard system update will make all the necessary changes.

References

CVE-2012-4466, CVE-2012-4481

October 10, 2012

Topics%20covered

Topics Covered

security advisory access flaw Ubuntu update instructions moderate issue ruby access

Package Information

https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.352-2ubuntu1.1 https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.352-2ubuntu0.2 https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.302-2ubuntu0.2 https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.249-2ubuntu0.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here