=========================================================== 
Ubuntu Security Notice USN-394-1          December 08, 2006
ruby1.8 vulnerability
CVE-2006-6303
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  libruby1.8                               1.8.2-9ubuntu1.4

Ubuntu 6.06 LTS:
  libruby1.8                               1.8.4-1ubuntu1.3

Ubuntu 6.10:
  libruby1.8                               1.8.4-5ubuntu1.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

An error was found in Ruby's CGI library that did not correctly quote 
the boundary of multipart MIME requests.  Using a crafted HTTP request, 
a remote user could cause a denial of service, where Ruby CGI 
applications would end up in a loop, monopolizing a CPU.


Updated packages for Ubuntu 5.10:

  Source archives:

          Size/MD5:   895120 147af555104a6a38cd084bb2d6829b43
          Size/MD5:     1030 f29857c00e806eb5e998893728594634
          Size/MD5:  3623780 4bc5254bec262d18cf1ceef03aae8bdf

  Architecture independent packages:

          Size/MD5:   179094 52c8adf6c346b23e5f29486541dac125
          Size/MD5:   244146 8767914c75697629e39e84359d19e16a
          Size/MD5:   719294 94aa64e938b6b5ac37b08880a5eaa427
          Size/MD5:   154454 0bb00f14f9fead6309e1662b25233d06
          Size/MD5:   189130 a527d4eb777f700072ec1f5ca978f483

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:   141964 715e26d77a5ac1b8a2286e81d5ae28df
          Size/MD5:   143194 d6b06ad20e1f932d5724afb0c3d393f6
          Size/MD5:   245094 4ee7e8f89795511daba6e7abf6f35dfb
          Size/MD5:   142596 fe56369a390a1dc644d0bd6ea80784e6
          Size/MD5:  1005748 0ca73c064ea3dc48b8d33c270777a1a2
          Size/MD5:  1448452 c4c925f0ad3848743a7bdb7dcf6659f5
          Size/MD5:  1463364 cc051c6da544bf6c654a4bc3159044ff
          Size/MD5:   687028 c9d0897e1249cc17f481f0a657737125
          Size/MD5:   161362 35d03ad6dcbcaac8104f4d462d61430c

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:   141240 01acf2174c9045824810659cc725364c
          Size/MD5:   141800 f4c1eb2a4ac0485bbbd655e51558ea21
          Size/MD5:   230876 72958e174746250419c045491ddfa25e
          Size/MD5:   141596 a5e349fbcfe8511cd32e951dd53bb6ac
          Size/MD5:   837602 b45bc82e59627a2bd2ec7792a6b1d119
          Size/MD5:  1365798 bd4dd677dc077846372e6b2ff769a2ab
          Size/MD5:  1453190 9b80503f3f102327e029bc5d5cb6ba92
          Size/MD5:   632806 0bbb7061492ffaf1495db674882f45d3
          Size/MD5:   161160 21b59072c75e22c7a1a388612c7b89d9

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:   143510 2ff1f073efb10b901b90d02bcdf88dd1
          Size/MD5:   144000 776066ba70a8cc8ea895728c835dab2a
          Size/MD5:   236360 24b7e12b7f29543149c9e12a3bbfb1cf
          Size/MD5:   143702 ce4de64fa81946bdc02d1bbb870d848b
          Size/MD5:   995878 acf350e4f1c280c66f7c2bdeaa48590d
          Size/MD5:  1451092 e564260c45f8245fd41f091e7736836c
          Size/MD5:  1462726 7f1202201547e1dc256ec2596cb4f98e
          Size/MD5:   649916 cb81db640c8a0404ca97572eaa7c16dd
          Size/MD5:   163096 79cfbf95636e767e7e46f1a450b95d78

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:    35494 2e06d61a3ae071ce6e33436787a62f36
          Size/MD5:     1029 beb1bf46093b4892c71fb79b30e9e369
          Size/MD5:  4308915 2994203e0815ea978965de34287c5ea2

  Architecture independent packages:

          Size/MD5:   206754 d2b52d840e85942ff2494ada612c568e
          Size/MD5:   271610 b3141dd6c1722563b416356938dde094
          Size/MD5:   756860 250551599ed94711c7630a20fe8e307a
          Size/MD5:   181510 bf91eb56a1c9b9c44c7780fabb9fd9d7
          Size/MD5:   213762 f89016c3be6ed194a15be84a84ab6412

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:   169188 c5bafdaf33b39e1732b3e68168a087e5
          Size/MD5:   170370 48d78390619f61f23d1ba0f86485666a
          Size/MD5:   273812 79d6ebcf20cb22d0886678c52cbb7f17
          Size/MD5:   169824 093698e69b0f7f889db96bfb93b74d16
          Size/MD5:  1041342 52706266727f798a11c04cd7d075a9cb
          Size/MD5:  1506186 627bc3084f4737bd18f7358170a800c7
          Size/MD5:  1797798 7f81fddf80ae18d35e5a9dada2f5c1f7
          Size/MD5:   717388 c4650fbbd872d7726ca92fccf6aef7e2
          Size/MD5:   188750 cae616d7892a76190ed645d286252075

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:   168362 f4b3a29bbccc2913c1379d58a3eb6a68
          Size/MD5:   168950 0cb15b65a1f8df545756d5bfbdd7d5ef
          Size/MD5:   258244 9db34679b517d9a121886f7368614cd5
          Size/MD5:   168810 d3a49720119bdf144f56e06f2d66c593
          Size/MD5:   870758 2ffd9092d83ce43a8ea12d561a5aa54f
          Size/MD5:  1419924 65be41d4e34d042fa2c6230faf6dccb4
          Size/MD5:  1789620 40a21760387b4f567c7a17b442975599
          Size/MD5:   662342 2c77db7ebd7e427ddf4e9cbee9b3147d
          Size/MD5:   188518 9bcdaec0ea9931f4755823ca6164dbd1

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:   170626 93ec1afd0c86ebb82d614b7593db849c
          Size/MD5:   171148 0a12b95ebfc2e2a5c5e94d3c7cefa010
          Size/MD5:   264182 eeddb336317506f6603b835a79f1a11f
          Size/MD5:   170916 cac9769a58b6342f8c3899be511c3ed5
          Size/MD5:  1030968 c07e36a6d9ad82df253498429af90194
          Size/MD5:  1507974 024b6a75642d9c980099fe5122db3926
          Size/MD5:  1797652 f866baf3e948e8c0cb82f8bc42164a22
          Size/MD5:   681354 6332169e99a1b8854f1fa49e222bbc39
          Size/MD5:   190534 0c3eec195c2af1ae11622349013f1b02

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:   168468 2feee2e23f42bc51196a34dfe887534a
          Size/MD5:   169308 065fbfef595dc1e71b7deb087112a9d3
          Size/MD5:   266540 856186fcac41e884293be044dc3b11b9
          Size/MD5:   169088 4123bcc0f25fe4176511d2a7cf49f753
          Size/MD5:   914846 c1db94b7243763c8f7f81d6157d15f5d
          Size/MD5:  1461434 b8b4a22294aa02db43d37d6236190cf3
          Size/MD5:  1793722 0ebc01fbaa7c26d1ac92cf456352e1de
          Size/MD5:   703112 d2de581e42b7924edc18d08738a60e43
          Size/MD5:   188756 563ae96a873592e356b9af469185c0d0

Updated packages for Ubuntu 6.10:

  Source archives:

          Size/MD5:    78132 d1054615aea1e6d8f5ce85a5aeca7a20
          Size/MD5:     1056 1c9ecef57d6a54500e4c44eb54c4ab4b
          Size/MD5:  4308915 2994203e0815ea978965de34287c5ea2

  Architecture independent packages:

          Size/MD5:   209356 940cfd4f5adfebb97ebe6566d487b74d
          Size/MD5:   274256 97aacd569287256140ecb1f0baedeb7d
          Size/MD5:   776630 53fcad620ec4804d6c1bdaab0e84d369
          Size/MD5:   184108 9176d3556a58a0ef1267bd4e7f194872
          Size/MD5:   216396 6e16e795deebf7c996a6cc486092c5b1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:   171788 7a1b57221e6d15bdf641d30140166e3e
          Size/MD5:   172912 88e25578e336442ab5bc2dcb492b6773
          Size/MD5:   276190 934eacca56349c916d8bffeebcde7440
          Size/MD5:   172408 3fb4b79dbfe2a59b032556b6a09bddb3
          Size/MD5:  1031924 04c179ab948ea9482edf29c83c4ec24e
          Size/MD5:  1513768 c39e5b9efa1dbf2f6db5bae881e498c6
          Size/MD5:  1799864 5cb8f2961b780786712e71ba524dab4a
          Size/MD5:   720830 6a57f20eba15da71bcbc7291b213debf
          Size/MD5:   191360 f12ec94efca32e1f5d2e071741d4b50b

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:   171182 fe3ee1a862bc36bee2d2ac1d358a7d4b
          Size/MD5:   171774 d19aabd75d984b4ce0e7a6827e7a48e9
          Size/MD5:   263464 035daa12b3a422e75c476ecdd0aa8a8c
          Size/MD5:   171544 b6a7e4a12be94ceac0fe32fb6465d20e
          Size/MD5:   959940 207404c443999aa6f600b70506a39430
          Size/MD5:  1450948 ab350df20b70a1d8bfe39abb6c1d6c25
          Size/MD5:  1793708 3b1b202266d6f6c4802551b3865d4d48
          Size/MD5:   682612 a328c822974314a358d324032efa7dbf
          Size/MD5:   191132 52a0cc45a6c914d8266fc5edd0bf6648

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:   173318 f926720946b2df30c66c62f7a66aaba8
          Size/MD5:   173864 04b680e0347869403a09cf9f630c9a55
          Size/MD5:   267234 17a196d0c1b485cd571c42adfc77689d
          Size/MD5:   173520 2dd8d2f8ce3c53c39fa820eaa2a9a0e0
          Size/MD5:  1069614 2280c70cdf9d1c98f659b4a58ccca045
          Size/MD5:  1520688 29af64f8ac3edc9a22c3d41df27ad5c7
          Size/MD5:  1800718 4bdef6264f711486ae09988fd8871282
          Size/MD5:   689070 42cebb7853832c61cc99ee7b4b9c02d8
          Size/MD5:   193214 12971cfc5aea7409c5c380b53446c547

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:   170924 6e57c642a819e0dc9b00a71585477865
          Size/MD5:   171704 476e1774fadd13553c6d64b21e27fd8c
          Size/MD5:   269338 139cd674bce5d4ed9d459741067ca5d4
          Size/MD5:   171648 3c0e1b84f467a5e2694a274f6fc6a366
          Size/MD5:   923638 619c17b5ce815a73b947f1bd86226528
          Size/MD5:  1472008 92f5af5dd58bcd09fc78325cadad002c
          Size/MD5:  1796578 eb84364062c5628ef87b1751bf3ad238
          Size/MD5:   711580 3a6932c9f94dae9b94cca8fd06643b3b
          Size/MD5:   191302 065b6e5984291cedcedcbb6ab8244f47

Ubuntu: Ruby vulnerability USN-394-1

December 8, 2006
An error was found in Ruby's CGI library that did not correctly quote the boundary of multipart MIME requests

Summary

Update Instructions

References

Severity
Ubuntu Security Notice USN-394-1 December 08, 2006

Package Information

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved