drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebigen Codes in ruby
Name: |
Ausführen beliebigen Codes in ruby
|
|
ID: |
DSA-748-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Di, 12. Juli 2005, 13:00 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1992 |
|
Applikationen: |
Ruby |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
------------------------------------------------------------------------ Debian Security Advisory DSA 748-1 security@debian.org http://www.debian.org/security/ Michael Stone July 10, 2005 http://www.debian.org/security/faq ------------------------------------------------------------------------
Package : ruby1.8 Vulnerability : arbitrary command execution Problem type : bad default value Debian-specific: no CVE ID : CAN-2005-1992
A vulnerability has been discovered in ruby1.8 that could allow arbitrary command execution on a server running the ruby xmlrpc server.
The old stable distribution (woody) did not include ruby1.8.
This problem is fixed for the current stable distribution (sarge) in version 1.8.2-7sarge1.
This problem is fixed for the unstable distribution in version 1.8.2-8.
We recommend that you upgrade your ruby1.8 package.
Upgrade instructions --------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian 3.1 (sarge) ------------------
sarge was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.
Source archives:
ruby1.8_1.8.2-7sarge1.dsc Size/MD5 checksum: 1024 d14377473cdeb0a26538b6137faa5c66 ruby1.8_1.8.2-7sarge1.diff.gz Size/MD5 checksum: 529167 25de3bdf1775f90246f76e50a6aba24a ruby1.8_1.8.2.orig.tar.gz Size/MD5 checksum: 3623780 4bc5254bec262d18cf1ceef03aae8bdf
Architecture independent packages:
ri1.8_1.8.2-7sarge1_all.deb Size/MD5 checksum: 704400 f9004f2fedac63615c50bf6dab046fda irb1.8_1.8.2-7sarge1_all.deb Size/MD5 checksum: 166072 60511fe4d9427eaf5a1d8df2ecba2e36 ruby1.8-examples_1.8.2-7sarge1_all.deb Size/MD5 checksum: 216196 b08d57bed7996624c1a601e866329fc0 rdoc1.8_1.8.2-7sarge1_all.deb Size/MD5 checksum: 234004 47a6c5a62e9f73f4a34d04824874bc99 ruby1.8-elisp_1.8.2-7sarge1_all.deb Size/MD5 checksum: 142196 bcf34b40ab001265127728099452f800
alpha architecture (DEC Alpha)
ruby1.8_1.8.2-7sarge1_alpha.deb Size/MD5 checksum: 151536 7ad683fac513e46996628a20ff6d3356 libdbm-ruby1.8_1.8.2-7sarge1_alpha.deb Size/MD5 checksum: 135552 c553fb4dce8871a275bb896848355bbb libgdbm-ruby1.8_1.8.2-7sarge1_alpha.deb Size/MD5 checksum: 137110 920de906ca471e12ced86b56ff8f9366 libruby1.8_1.8.2-7sarge1_alpha.deb Size/MD5 checksum: 1468148 8a3ac95d4886583af1b97d937d849370 ruby1.8-dev_1.8.2-7sarge1_alpha.deb Size/MD5 checksum: 795320 d8d640aab99c18fa596b09f03c8c4d2d libruby1.8-dbg_1.8.2-7sarge1_alpha.deb Size/MD5 checksum: 826790 c148490eceaa8969e138592020813f6f libreadline-ruby1.8_1.8.2-7sarge1_alpha.deb Size/MD5 checksum: 133032 b7c0d0e594dc012ecc73c8490f1b9ba6 libtcltk-ruby1.8_1.8.2-7sarge1_alpha.deb Size/MD5 checksum: 1449782 56d55e6c9df86dd7fb46c2fd939408ea libopenssl-ruby1.8_1.8.2-7sarge1_alpha.deb Size/MD5 checksum: 237188 7d45e77345bc580ca8382f29203c7cb1
arm architecture (ARM)
libruby1.8-dbg_1.8.2-7sarge1_arm.deb Size/MD5 checksum: 743330 564d6353a5d64d77417f5a6ffcf9a9e7 libtcltk-ruby1.8_1.8.2-7sarge1_arm.deb Size/MD5 checksum: 1440694 24737b7854ab18b09bb9e6b4f303c2a3 libruby1.8_1.8.2-7sarge1_arm.deb Size/MD5 checksum: 1347836 8f79580b86d089a5b43236c756dd471e ruby1.8_1.8.2-7sarge1_arm.deb Size/MD5 checksum: 151074 7846a4af8f3038d0b54c9e31979ddaa8 libreadline-ruby1.8_1.8.2-7sarge1_arm.deb Size/MD5 checksum: 131352 69bccef101a65da4e60f46fc7cdebc3d ruby1.8-dev_1.8.2-7sarge1_arm.deb Size/MD5 checksum: 659604 ed60810b767dbac00807c055dffb077c libdbm-ruby1.8_1.8.2-7sarge1_arm.deb Size/MD5 checksum: 133974 03f175228880f3e67884278964af9c44 libgdbm-ruby1.8_1.8.2-7sarge1_arm.deb Size/MD5 checksum: 135070 f0c48c0fcded7fad805d52c9ba11a374 libopenssl-ruby1.8_1.8.2-7sarge1_arm.deb Size/MD5 checksum: 221986 59fea0388c3f8d69e5665d67686e419f
hppa architecture (HP PA RISC)
libdbm-ruby1.8_1.8.2-7sarge1_hppa.deb Size/MD5 checksum: 136124 aa4ec29a5603524a3a99068328bd2890 libreadline-ruby1.8_1.8.2-7sarge1_hppa.deb Size/MD5 checksum: 133314 06831884efd70902c8aaad45bf6418a9 libopenssl-ruby1.8_1.8.2-7sarge1_hppa.deb Size/MD5 checksum: 246472 e18f8e843b24a50f132667ffdd37b066 libruby1.8_1.8.2-7sarge1_hppa.deb Size/MD5 checksum: 1500408 0f9edd9f4b205e7b9ca0cad505229564 libtcltk-ruby1.8_1.8.2-7sarge1_hppa.deb Size/MD5 checksum: 1453302 f6ae09a3da2cef1f52baead88a7fe8eb libruby1.8-dbg_1.8.2-7sarge1_hppa.deb Size/MD5 checksum: 839358 ed8caa18b5becb20c142ca5f5f4b3d10 ruby1.8-dev_1.8.2-7sarge1_hppa.deb Size/MD5 checksum: 735292 747451a46dcd4b2f4eab683ecbfb1b1a ruby1.8_1.8.2-7sarge1_hppa.deb Size/MD5 checksum: 151662 d86c380a9955d76caa3c5f926ffab9c9 libgdbm-ruby1.8_1.8.2-7sarge1_hppa.deb Size/MD5 checksum: 137786 a3289420dcbf65defb518e7baa9e5664
i386 architecture (Intel ia32)
libruby1.8-dbg_1.8.2-7sarge1_i386.deb Size/MD5 checksum: 757634 1c4eacc0d440daf346b9840ff4906a02 libtcltk-ruby1.8_1.8.2-7sarge1_i386.deb Size/MD5 checksum: 1439660 16ebd5860eb7ce78e2c5207269abd1ae ruby1.8-dev_1.8.2-7sarge1_i386.deb Size/MD5 checksum: 621934 5ff7f6069562d4552425b42d5f36a44b ruby1.8_1.8.2-7sarge1_i386.deb Size/MD5 checksum: 151160 09a9272d40c33d8405609c0e0ce9f6ff libgdbm-ruby1.8_1.8.2-7sarge1_i386.deb Size/MD5 checksum: 135784 9d2429dc457718bd993150d535b72992 libdbm-ruby1.8_1.8.2-7sarge1_i386.deb Size/MD5 checksum: 134530 e3bd1cfa5f649d7a20bb51ef66a348de libopenssl-ruby1.8_1.8.2-7sarge1_i386.deb Size/MD5 checksum: 224488 3b87ea10a0cc9caebc2fdb6b57298dae libreadline-ruby1.8_1.8.2-7sarge1_i386.deb Size/MD5 checksum: 131534 3b90f35710b1f797ca33ec942bbdc061 libruby1.8_1.8.2-7sarge1_i386.deb Size/MD5 checksum: 1349126 1ee770bca87a88e399c8c4f77a3ccfdf
ia64 architecture (Intel ia64)
ruby1.8-dev_1.8.2-7sarge1_ia64.deb Size/MD5 checksum: 866786 4062c4ab81135dd456ab1e7db46557f1 ruby1.8_1.8.2-7sarge1_ia64.deb Size/MD5 checksum: 151990 0097a803bdb56626f3c1875fd5befd4f libdbm-ruby1.8_1.8.2-7sarge1_ia64.deb Size/MD5 checksum: 138178 fc8c3461455ffbf6592a5eacf5972a42 libopenssl-ruby1.8_1.8.2-7sarge1_ia64.deb Size/MD5 checksum: 265250 3872b4240e71ab5a86c3ebfe00c5749c libruby1.8_1.8.2-7sarge1_ia64.deb Size/MD5 checksum: 1703116 d7f9a2384dd0db85e342916155b68740 libtcltk-ruby1.8_1.8.2-7sarge1_ia64.deb Size/MD5 checksum: 1462560 d7a7c73d4e83e59b803828adde5f097d libreadline-ruby1.8_1.8.2-7sarge1_ia64.deb Size/MD5 checksum: 135386 13759baab835003fddbac010632c867d libgdbm-ruby1.8_1.8.2-7sarge1_ia64.deb Size/MD5 checksum: 140004 7dd9e61a7abbdeacd3264250d9d9cf78 libruby1.8-dbg_1.8.2-7sarge1_ia64.deb Size/MD5 checksum: 997468 8357023376acc0f4363f6d7d986562f8
m68k architecture (Motorola Mc680x0)
libopenssl-ruby1.8_1.8.2-7sarge1_m68k.deb Size/MD5 checksum: 230308 48024963051c3ccf8458b9ee4b6e5ab1 libdbm-ruby1.8_1.8.2-7sarge1_m68k.deb Size/MD5 checksum: 134000 58b3e21ca9e7c1b06d5ae24cf7d1fcb6 libruby1.8_1.8.2-7sarge1_m68k.deb Size/MD5 checksum: 1332362 35568fb709d0a8bb45a18ef93133b4dd libtcltk-ruby1.8_1.8.2-7sarge1_m68k.deb Size/MD5 checksum: 1438972 bb805f3e9f2db92d1c2d5d0e3feb6901 ruby1.8_1.8.2-7sarge1_m68k.deb Size/MD5 checksum: 151028 02689b83b0d0dc0cc8755a062a2527c3 libgdbm-ruby1.8_1.8.2-7sarge1_m68k.deb Size/MD5 checksum: 135380 21db9337dae209c4e49ec6acb1fcfcf6 libruby1.8-dbg_1.8.2-7sarge1_m68k.deb Size/MD5 checksum: 729576 f94a068b39584d74537e5f65cfaa9a99 libreadline-ruby1.8_1.8.2-7sarge1_m68k.deb Size/MD5 checksum: 131684 3ad3d523ebeee21d80f719e9a787cefe ruby1.8-dev_1.8.2-7sarge1_m68k.deb Size/MD5 checksum: 552530 74670dad735e6a189b0d47789e1e2a43
mips architecture (MIPS (Big Endian))
ruby1.8-dev_1.8.2-7sarge1_mips.deb Size/MD5 checksum: 683568 56200fb8806a1375f0e6bcc95accb229 libruby1.8-dbg_1.8.2-7sarge1_mips.deb Size/MD5 checksum: 763272 8f8ae4dd98b5c2636db18ad2f759526f libdbm-ruby1.8_1.8.2-7sarge1_mips.deb Size/MD5 checksum: 133774 4b975e5153049d8ed451b62fda972f98 libtcltk-ruby1.8_1.8.2-7sarge1_mips.deb Size/MD5 checksum: 1435686 b519dffb4ea63ce422676a9726d5a293 ruby1.8_1.8.2-7sarge1_mips.deb Size/MD5 checksum: 151812 14b9bc2f30a6b1bbbbdd488f67089507 libopenssl-ruby1.8_1.8.2-7sarge1_mips.deb Size/MD5 checksum: 215090 383d30a807b65a4d640362c0a17d61ec libruby1.8_1.8.2-7sarge1_mips.deb Size/MD5 checksum: 1355828 1ceede1d947d90aa282f691125e772d1 libgdbm-ruby1.8_1.8.2-7sarge1_mips.deb Size/MD5 checksum: 135142 7b4848c09eb350b78a21f20c31f0d037 libreadline-ruby1.8_1.8.2-7sarge1_mips.deb Size/MD5 checksum: 131258 650422e74a3224c83febcc808f12dfad
mipsel architecture (MIPS (Little Endian))
libruby1.8-dbg_1.8.2-7sarge1_mipsel.deb Size/MD5 checksum: 756344 0902f6e34ac2da00ccb6a8f497785a51 libdbm-ruby1.8_1.8.2-7sarge1_mipsel.deb Size/MD5 checksum: 133792 a156c60a8da03d4fb2a5a6d2a543f099 libgdbm-ruby1.8_1.8.2-7sarge1_mipsel.deb Size/MD5 checksum: 135158 8e97465aa547f8101a351df74617adfe ruby1.8_1.8.2-7sarge1_mipsel.deb Size/MD5 checksum: 151796 1d678358ebb525b0ad99e1e21c0678b6 libtcltk-ruby1.8_1.8.2-7sarge1_mipsel.deb Size/MD5 checksum: 1435836 99e1916c1e373d607b181be087e20c0d ruby1.8-dev_1.8.2-7sarge1_mipsel.deb Size/MD5 checksum: 677402 335fd9c10febcccf380ac6483611485b libopenssl-ruby1.8_1.8.2-7sarge1_mipsel.deb Size/MD5 checksum: 214298 32568fc97cb013a5ae69269364236dd6 libruby1.8_1.8.2-7sarge1_mipsel.deb Size/MD5 checksum: 1357300 c9139962bd699085ce93af7e7e38bea8 libreadline-ruby1.8_1.8.2-7sarge1_mipsel.deb Size/MD5 checksum: 131204 01c4c965d5806407775720c4aa7c6758
powerpc architecture (PowerPC)
libdbm-ruby1.8_1.8.2-7sarge1_powerpc.deb Size/MD5 checksum: 136366 307c39c6ba0b8859c926add812959f1b libopenssl-ruby1.8_1.8.2-7sarge1_powerpc.deb Size/MD5 checksum: 224690 d6cbd4ea63e218a9f7d3ffd885ca5812 libgdbm-ruby1.8_1.8.2-7sarge1_powerpc.deb Size/MD5 checksum: 137434 df4659294003b02b2775b1fc06241a02 libruby1.8_1.8.2-7sarge1_powerpc.deb Size/MD5 checksum: 1405706 8e1764862dc1a8bd4dab3ce803d46c97 libruby1.8-dbg_1.8.2-7sarge1_powerpc.deb Size/MD5 checksum: 969804 ad56b9d0845fae35ad9d2c355e097e0e libtcltk-ruby1.8_1.8.2-7sarge1_powerpc.deb Size/MD5 checksum: 1444018 e72ce9936c5f1fa7e2f03685f575678e ruby1.8-dev_1.8.2-7sarge1_powerpc.deb Size/MD5 checksum: 620414 b5c4a9ee758871b12ade251370acdafa ruby1.8_1.8.2-7sarge1_powerpc.deb Size/MD5 checksum: 152960 208e5b3c9eea867bf5f22a157f1780a3 libreadline-ruby1.8_1.8.2-7sarge1_powerpc.deb Size/MD5 checksum: 133426 a3085fd784eb8ffa69433fbbc7989e2e
s390 architecture (IBM S/390)
ruby1.8-dev_1.8.2-7sarge1_s390.deb Size/MD5 checksum: 674136 1c8f6d61b5c1a5b64f739356cab851b1 libruby1.8_1.8.2-7sarge1_s390.deb Size/MD5 checksum: 1430890 391dc5d38b4296d1d130a7e3180fcb8b libgdbm-ruby1.8_1.8.2-7sarge1_s390.deb Size/MD5 checksum: 136752 afca1f7aad665e4ef2eaf575063568df libopenssl-ruby1.8_1.8.2-7sarge1_s390.deb Size/MD5 checksum: 239460 31b887aab09ddcd2e4c73b59a763e9f7 libtcltk-ruby1.8_1.8.2-7sarge1_s390.deb Size/MD5 checksum: 1446898 c68eebe3a5aefd2481c5f2be11d1b288 libruby1.8-dbg_1.8.2-7sarge1_s390.deb Size/MD5 checksum: 907170 ef7a778b5c3ff7d7018249d12ed1cc42 ruby1.8_1.8.2-7sarge1_s390.deb Size/MD5 checksum: 151324 7b6eef790b8521af70caccc2222648b1 libreadline-ruby1.8_1.8.2-7sarge1_s390.deb Size/MD5 checksum: 132744 9ad294790e0671a9554f51e9e98dcfae libdbm-ruby1.8_1.8.2-7sarge1_s390.deb Size/MD5 checksum: 135400 9316718a838de0e4eb70d2219f62deda
sparc architecture (Sun SPARC/UltraSPARC)
ruby1.8_1.8.2-7sarge1_sparc.deb Size/MD5 checksum: 151092 6c8703faeef65dbe01c8bc3ca58eb21c libopenssl-ruby1.8_1.8.2-7sarge1_sparc.deb Size/MD5 checksum: 228680 f42008816718184b32ed9fbc9e9792de libdbm-ruby1.8_1.8.2-7sarge1_sparc.deb Size/MD5 checksum: 134242 1454796bb631a487b1a09c0b79f74612 libtcltk-ruby1.8_1.8.2-7sarge1_sparc.deb Size/MD5 checksum: 1441658 a8f4b6b51a04f34d5af8e42b9aaca089 libgdbm-ruby1.8_1.8.2-7sarge1_sparc.deb Size/MD5 checksum: 135444 e863c95f206b5f962f6e54cacd4d86d1 ruby1.8-dev_1.8.2-7sarge1_sparc.deb Size/MD5 checksum: 645918 f37ee519426241b04c45696ebec8e0fe libruby1.8-dbg_1.8.2-7sarge1_sparc.deb Size/MD5 checksum: 747554 475e9a0ca6eb5bda8f902aa072a83778 libreadline-ruby1.8_1.8.2-7sarge1_sparc.deb Size/MD5 checksum: 131602 5e7709c25e545b412f7dfda412b35e6d libruby1.8_1.8.2-7sarge1_sparc.deb Size/MD5 checksum: 1372542 1afe6cef5b2a0bde500017af7f8fab05
------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux)
iQCVAwUBQtJbLg0hVr09l8FJAQIM/QQAoeoGqVugoBJmeElz3n98cgrgO0TpeAs0 wNlF8usNl7rdcsimJF6MIBJsbvCPtTIbbqwDKegNqi6rJKvDBCSBBZ7HEiDx/2iE rkjUNYs8XVUq/5BZYnv2tk7g3IfEhdzbVs0Rohiz0EoC4Y7WYgpzbUJ0B13hd824 JLPqMOc1v+M= =FQJL -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|
|
|
|