Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in Ruby
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in Ruby
ID: USN-1602-1
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 LTS
Datum: Do, 11. Oktober 2012, 08:16
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4466
Applikationen: Ruby

Originalnachricht


--===============1004634205572181593==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="Fba/0zbH8Xs+Fj9o"
Content-Disposition: inline


--Fba/0zbH8Xs+Fj9o
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-1602-1
October 10, 2012

ruby1.9.1 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

Ruby could allow excessive access in untrusted programs.

Software Description:
- ruby1.9.1: Interpreter of object-oriented scripting language Ruby

Details:

Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted
strings to be modified in protective safe levels. An attacker could use this
flaw to bypass intended access restrictions. (CVE-2012-4464, CVE-2012-4466)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
libruby1.9.1 1.9.3.0-1ubuntu2.3

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1602-1
CVE-2012-4464, CVE-2012-4466

Package Information:
https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.0-1ubuntu2.3


--Fba/0zbH8Xs+Fj9o
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJQde3KAAoJENaSAD2qAscKE9gP/0rGRo7uRrvsyC3ugqsWznfo
5PN47ot37fpibZFKYG5ij1M8JXv+ssikruLvaT5SgCt9iFf1dl5XniXaLoB7pHjO
sgxDrsEpNQ1C6asbcS4WgBnT9HHqOKALSMLpJ5+0rGXGSewE7ClTUCHgtqVWc5fT
nnD8UmNhsrECjnbesv1q5ir46D8O0XkU0JuG8MW3MrKl0yXtKnSsrR0ibQOIIwza
GSQoCFhul8H0GK/D3Stskvy0lbRSQYMRQbz1WlgCe/mHZ8pZE7m89NH4SMUsDo4U
CT2YCwcZK+jMLttEY6zAxhK1OisqxJhaNGDuP7yTGbEYzrEsdWqUEFLR1CyfakFF
KmoD/gL+/uPoJ+jYQ0VzJOy417w0RMNqMVpc90yG8om6rqL5pUMgN5Agyjp2fOqF
yeCKI3DuzivM/JZ4/0QBhxwKr9wFGLQQ8cPppXnehl+YFBjANQcMkP0wwBzKfOE6
cGHh8yBx3Mxsg2AHjVfbkGlhyABuJgW7MZVGbE1bBXhD9m3O9KfmeBpzk5bxY4eA
zrXWwN4sf1E1ivmIl9yeXVwlZyMTtNo3WuxvQqe9zvs8bZyqQPK3VlDet1pxiJAz
58RDcaWXchg/i5vbJUYC4wOK1NFqiN442pKtR6IceM5IWHe0JXpe+bgRaAPlB+u9
3twLmdVtCsZnxIAcmHd7
=YoB/
-----END PGP SIGNATURE-----

--Fba/0zbH8Xs+Fj9o--


--===============1004634205572181593==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============1004634205572181593==--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung