Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

Ubuntu: 2035-1 Critical Security Advisory for Ruby DoS Vulnerabilities

Calendar Nov 27, 2013 User Avatar LinuxSecurity Advisories
2 - 3 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service security issue critical ubuntu ruby update instruction
Several security issues were fixed in Ruby. 
=========================================================================Ubuntu Security Notice USN-2035-1
November 27, 2013

ruby1.8, ruby1.9.1 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.10
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in Ruby.

Software Description:
- ruby1.8: Object-oriented scripting language
- ruby1.9.1: Object-oriented scripting language

Details:

Charlie Somerville discovered that Ruby incorrectly handled floating point
number conversion. An attacker could possibly use this issue with an
application that converts text to floating point numbers to cause the
application to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2013-4164)

Vit Ondruch discovered that Ruby did not perform taint checking for certain
functions. An attacker could possibly use this issue to bypass certain
intended restrictions. (CVE-2013-2065)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
  libruby1.8                      1.8.7.358-7ubuntu2.1
  libruby1.9.1                    1.9.3.194-8.1ubuntu2.1
  ruby1.8                         1.8.7.358-7ubuntu2.1
  ruby1.9.1                       1.9.3.194-8.1ubuntu2.1

Ubuntu 13.04:
  libruby1.8                      1.8.7.358-7ubuntu1.2
  libruby1.9.1                    1.9.3.194-8.1ubuntu1.2
  ruby1.8                         1.8.7.358-7ubuntu1.2
  ruby1.9.1                       1.9.3.194-8.1ubuntu1.2

Ubuntu 12.10:
  libruby1.8                      1.8.7.358-4ubuntu0.4
  libruby1.9.1                    1.9.3.194-1ubuntu1.6
  ruby1.8                         1.8.7.358-4ubuntu0.4
  ruby1.9.1                       1.9.3.194-1ubuntu1.6

Ubuntu 12.04 LTS:
  libruby1.8                      1.8.7.352-2ubuntu1.4
  libruby1.9.1                    1.9.3.0-1ubuntu2.8
  ruby1.8                         1.8.7.352-2ubuntu1.4
  ruby1.9.1                       1.9.3.0-1ubuntu2.8

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2035-1
  CVE-2013-2065, CVE-2013-4164

Package Information:
  https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.358-7ubuntu2.1
  https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-8.1ubuntu2.1
  https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.358-7ubuntu1.2
  https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-8.1ubuntu1.2
  https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.358-4ubuntu0.4
  https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-1ubuntu1.6
  https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.352-2ubuntu1.4
  https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.0-1ubuntu2.8

Ubuntu: 2035-1 Critical Security Advisory for Ruby DoS Vulnerabilities

ubuntu
Calendar Grey November 27, 2013
Dist Ubuntu Esm H88
A number of vulnerabilities addressed in Ruby for Ubuntu 12.04, 12.10, 13.04, and 13.10. Urgent patch required for safeguarding.
Several security issues were fixed in Ruby.

Summary

Topics%20covered

Topics Covered

security advisory denial of service security issue critical ubuntu ruby update instruction

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: libruby1.8 1.8.7.358-7ubuntu2.1 libruby1.9.1 1.9.3.194-8.1ubuntu2.1 ruby1.8 1.8.7.358-7ubuntu2.1 ruby1.9.1 1.9.3.194-8.1ubuntu2.1 Ubuntu 13.04: libruby1.8 1.8.7.358-7ubuntu1.2 libruby1.9.1 1.9.3.194-8.1ubuntu1.2 ruby1.8 1.8.7.358-7ubuntu1.2 ruby1.9.1 1.9.3.194-8.1ubuntu1.2 Ubuntu 12.10: libruby1.8 1.8.7.358-4ubuntu0.4 libruby1.9.1 1.9.3.194-1ubuntu1.6 ruby1.8 1.8.7.358-4ubuntu0.4 ruby1.9.1 1.9.3.194-1ubuntu1.6 Ubuntu 12.04 LTS: libruby1.8 1.8.7.352-2ubuntu1.4 libruby1.9.1 1.9.3.0-1ubuntu2.8 ruby1.8 1.8.7.352-2ubuntu1.4 ruby1.9.1 1.9.3.0-1ubuntu2.8 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2035-1

CVE-2013-2065, CVE-2013-4164

Severity
critical
Lowest
Low
Medium
High
Critical

November 27, 2013

Topics%20covered

Topics Covered

security advisory denial of service security issue critical ubuntu ruby update instruction

Package Information

https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.358-7ubuntu2.1 https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-8.1ubuntu2.1 https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.358-7ubuntu1.2 https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-8.1ubuntu1.2 https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.358-4ubuntu0.4 https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-1ubuntu1.6 https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.352-2ubuntu1.4 https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.0-1ubuntu2.8

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here