Alerts This Week
Warning Icon 1 876
Alerts This Week
Warning Icon 1 876

Ubuntu: 2035-1 Critical Security Advisory for Ruby DoS Vulnerabilities

ubuntu
Calendar Grey November 27, 2013
Dist Ubuntu Esm H88
A number of vulnerabilities addressed in Ruby for Ubuntu 12.04, 12.10, 13.04, and 13.10. Urgent patch required for safeguarding.
Several security issues were fixed in Ruby.

Summary

Several security issues were fixed in Ruby.

Software Description:

- ruby1.8: Object-oriented scripting language

- ruby1.9.1: Object-oriented scripting language

Details:

Charlie Somerville discovered that Ruby incorrectly handled floating point

number conversion. An attacker could possibly use this issue with an

application that converts text to floating point numbers to cause the

application to crash, resulting in a denial of service, or possibly execute

arbitrary code. (CVE-2013-4164)

Vit Ondruch discovered that Ruby did not perform taint checking for certain

functions. An attacker could possibly use this issue to bypass certain

intended restrictions. (CVE-2013-2065)

Topics%20covered

Topics Covered

security advisory denial of service security issue critical ubuntu ruby update instruction

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
  libruby1.8                      1.8.7.358-7ubuntu2.1
  libruby1.9.1                    1.9.3.194-8.1ubuntu2.1
  ruby1.8                         1.8.7.358-7ubuntu2.1
  ruby1.9.1                       1.9.3.194-8.1ubuntu2.1

Ubuntu 13.04:
  libruby1.8                      1.8.7.358-7ubuntu1.2
  libruby1.9.1                    1.9.3.194-8.1ubuntu1.2
  ruby1.8                         1.8.7.358-7ubuntu1.2
  ruby1.9.1                       1.9.3.194-8.1ubuntu1.2

Ubuntu 12.10:
  libruby1.8                      1.8.7.358-4ubuntu0.4
  libruby1.9.1                    1.9.3.194-1ubuntu1.6
  ruby1.8                         1.8.7.358-4ubuntu0.4
  ruby1.9.1                       1.9.3.194-1ubuntu1.6

Ubuntu 12.04 LTS:
  libruby1.8                      1.8.7.352-2ubuntu1.4
  libruby1.9.1                    1.9.3.0-1ubuntu2.8
  ruby1.8                         1.8.7.352-2ubuntu1.4
  ruby1.9.1                       1.9.3.0-1ubuntu2.8

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2035-1

CVE-2013-2065, CVE-2013-4164

Severity
critical
Lowest
Low
Medium
High
Critical

November 27, 2013

Topics%20covered

Topics Covered

security advisory denial of service security issue critical ubuntu ruby update instruction

Package Information

https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.358-7ubuntu2.1
https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-8.1ubuntu2.1
https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.358-7ubuntu1.2
https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-8.1ubuntu1.2
https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.358-4ubuntu0.4
https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-1ubuntu1.6
https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.352-2ubuntu1.4
https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.0-1ubuntu2.8

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here