Package : ruby1.8 Vulnerability : several Problem-Type : local/remote Debian-specific: no CVE ID : CVE-2006-3694 CVE-2006-1931 Debian Bug : 378029 365520
Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to the bypass of security restrictions or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2006-1931
It was discovered that the use of blocking sockets can lead to denial of service.
CVE-2006-3964
It was discovered that Ruby does not properly maintain "safe levels" for aliasing, directory accesses and regular expressions, which might lead to a bypass of security restrictions.
For the stable distribution (sarge) these problem have been fixed in version 1.8.2-7sarge4.
For the stable distribution (sarge) these problem have been fixed in version 1.8.4-3.
We recommend that you upgrade your Ruby packages.
Upgrade Instructions - --------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge - --------------------------------