Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Ruby
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Ruby
ID: USN-1614-1
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 LTS, Ubuntu 12.10
Datum: Di, 23. Oktober 2012, 07:05
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4522
Applikationen: Ruby

Originalnachricht


--===============5027907929272212180==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="qOrJKOH36bD5yhNe"
Content-Disposition: inline


--qOrJKOH36bD5yhNe
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-1614-1
October 23, 2012

ruby1.9.1 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in Ruby.

Software Description:
- ruby1.9.1: Interpreter of object-oriented scripting language Ruby

Details:

Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted
strings to be modified in protective safe levels. An attacker could use this
flaw to bypass intended access restrictions. USN-1602-1 fixed these
vulnerabilities in other Ubuntu releases. This update provides the
corresponding updates for Ubuntu 12.10. (CVE-2012-4464, CVE-2012-4466)

Peter Bex discovered that Ruby incorrectly handled file path strings when
opening files. An attacker could use this flaw to open or create unexpected
files. (CVE-2012-4522)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
libruby1.9.1 1.9.3.194-1ubuntu1.2

Ubuntu 12.04 LTS:
libruby1.9.1 1.9.3.0-1ubuntu2.4

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1614-1
CVE-2012-4464, CVE-2012-4466, CVE-2012-4522

Package Information:
https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-1ubuntu1.2
https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.0-1ubuntu2.4


--qOrJKOH36bD5yhNe
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJQheLbAAoJENaSAD2qAscKdeUQAIQoXMc7asVzKaNBqoft0HJX
jk7YXiixChG2R+SbV7kpeatf2SpE04QCiGpLfdSb/jpwOKdAS2Boy4pX6rb9nboh
0em24clhF+CfTZw/yUFq8Hy+D5HyeIloiFoNMrslBhfRhveMmSOFh5WaqKWUZOL+
GJE8tlJA8zAFDPOVqovHxkmJiimjm/Ohth7MmuqylemG6dI0VMoyLLfO1Cqedhs6
uW22h9QlXvavhLsy7aPD1So8FyvXjkMHdjo2edy6tzYQmbGL2VmmQTs9irm9cdCY
lU+smF/OHmAWrB9934nC0oRLQdfggmDtfmNQVwfOBNCv5iTmy0p0IM9huBiFXWbS
sNaIe25kj7RY6tVpLHkZYMh4R88Mn57wnRgMnVnmM7z1eQwJ3S/nBnryFxH/lTW/
6STfBt2QVWouOLMK2JEJwPv0cEV/B279g0uzNpioPU2z1N9HwmXQAhyAYhjRxWYJ
zVhXRP1HtbUNX37tbk+SKRGHpcCD47hdBSVL8qvoE1ErQbIpdVSVWA9F6UhROVTO
t69PlcryarclZ3DsEmNut26sfgOc39bzw3wJMZ5ngP0+Z8h5L1IPrlfp3yEVOlnO
eaJgYA5gCuu12gYPKPsC83N+2kd6/CyT2ij2D6uB0Qw9S9Y9CJitv1gxRfkOj1VN
h6Gf4Kk4We3Nz4Ok9Nfo
=iXGI
-----END PGP SIGNATURE-----

--qOrJKOH36bD5yhNe--


--===============5027907929272212180==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============5027907929272212180==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung