Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in Ruby
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in Ruby
ID: USN-1603-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS, Ubuntu 11.04, Ubuntu 11.10, Ubuntu 12.04 LTS
Datum: Do, 11. Oktober 2012, 08:17
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4481
Applikationen: Ruby

Originalnachricht


--===============4703462074575930905==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="96YOpH+ONegL0A3E"
Content-Disposition: inline


--96YOpH+ONegL0A3E
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-1603-1
October 10, 2012

ruby1.8 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS

Summary:

Ruby could allow excessive access in untrusted programs.

Software Description:
- ruby1.8: Interpreter of object-oriented scripting language Ruby 1.8

Details:

Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted
strings to be modified in protective safe levels. An attacker could use this
flaw to bypass intended access restrictions. (CVE-2012-4466, CVE-2012-4481)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
libruby1.8 1.8.7.352-2ubuntu1.1

Ubuntu 11.10:
libruby1.8 1.8.7.352-2ubuntu0.2

Ubuntu 11.04:
libruby1.8 1.8.7.302-2ubuntu0.2

Ubuntu 10.04 LTS:
libruby1.8 1.8.7.249-2ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1603-1
CVE-2012-4466, CVE-2012-4481

Package Information:
https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.352-2ubuntu1.1
https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.352-2ubuntu0.2
https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.302-2ubuntu0.2
https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.249-2ubuntu0.2


--96YOpH+ONegL0A3E
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJQdfbbAAoJENaSAD2qAscKDfsP/j4YZb0f3nhPc046uHq6E1As
7wLQnzKu+iJ42QlwVf6GTjCdhw0Vb+xIEWg/BWbaZbtoc3LzntuUCXZcB8zusoYB
+SV8ToHUglCyBrhOFAZ/wSVMc3NLL61v29f1DHItB3iS6z8iM2iLZ4r6C+/MM4b3
6Mu9cy36wWrgFBoFEGCPddR9SQ91icP090jm45qGYeloLRUCv2PI5Zgr8VT31rD8
gVp7IZeLQ2dW+EhrYiYrwcm0V5AbtYy6iiuUujFbyMT67udky/KO71olZwwBWA2f
60qhwwMFpNV/W46b0PHVpP0EfYmcDZ8EWTPyBFu6CIXhMHdfkMCyoBEcQdngoxPP
eRMVY/xlP0/77YrPYqSMCbh8EudSC1n7OnCbnkvHBA9NxmKulY40VqyJ/u2BtOmW
PdLb1KMuRQ2SxMOtV90I9d0OLNWw+9I8ZINEu7VR1iPZW5trVn+m6L3Dj/CZyJxM
bL0vjhp7idSkit1H1vNOBIOguYaE4ijIJpJhnD2e166MExaU8+bnDKUi3Nqe2cQx
s3dm21EkQRWFHfCsmMttvvdLQfv5LdrS6kBW2+Tk2GkDIhzV20A+gsS83OF8LuYd
SnV3Bktu5NCdHc+AkE8rAFt4XRFOny3D7S/1H9KJa2LrfH49mH+k7OHSPEMldf/y
uArVrWs3zY16EH95L0Q0
=6zpc
-----END PGP SIGNATURE-----

--96YOpH+ONegL0A3E--


--===============4703462074575930905==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============4703462074575930905==--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung