drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in Ruby
Name: |
Zwei Probleme in Ruby |
|
ID: |
USN-691-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 8.10 |
|
Datum: |
Di, 16. Dezember 2008, 16:21 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790 |
|
Applikationen: |
Ruby |
|
Originalnachricht |
--===============5363821696347551377== Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-e2uKS+RMIdU9OmIXdpSo"
--=-e2uKS+RMIdU9OmIXdpSo Content-Type: text/plain Content-Transfer-Encoding: quoted-printable
Ubuntu Security Notice USN-691-1 December 16, 2008========================================================== ruby1.9 vulnerability CVE-2008-3443, CVE-2008-3790 ========================================================== A security issue affects the following Ubuntu releases:
Ubuntu 8.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 8.10: ruby1.9 1.9.0.2-7ubuntu1.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Laurent Gaffie discovered that Ruby did not properly check for memory allocation failures. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service. (CVE-2008-3443)
This update also fixes a regression in the upstream patch previously applied to fix CVE-2008-3790. The regression would cause parsing of some XML documents to fail.
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/ruby1.9_1.9.0.2-7= ubuntu1.1.diff.gz Size/MD5: 49454 02828291d0b8db94d06dbc6be804b58b http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/ruby1.9_1.9.0.2-7= ubuntu1.1.dsc Size/MD5: 1771 5d3434eeadde20df96b78b4a959112f2 http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/ruby1.9_1.9.0.2.o= rig.tar.gz Size/MD5: 6407910 2a848b81ed1d6393b88eec8aa6173b75
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/irb1.9_1.9.0.= 2-7ubuntu1.1_all.deb Size/MD5: 57440 7c3c984736fd87485a9dfa0e8065afcc http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/rdoc1.9_1.9.0= .2-7ubuntu1.1_all.deb Size/MD5: 112262 a2afb0c815463a14b51eff6199d10661 http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/ri1.9_1.9.0.2= -7ubuntu1.1_all.deb Size/MD5: 971786 57646618dddada4562990b3eb1c787b6 http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/ruby1.9-elisp= _1.9.0.2-7ubuntu1.1_all.deb Size/MD5: 31094 4e2ac93f161570ff11b5d39d5912bfce http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/ruby1.9-examp= les_1.9.0.2-7ubuntu1.1_all.deb Size/MD5: 64354 8a9aca7db601358141fd19d85ea45751
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/libruby1.9-dbg_1.= 9.0.2-7ubuntu1.1_amd64.deb Size/MD5: 2113618 bc410c5116879cd05234451e2fbc1447 http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/libruby1.9_1.9.0.= 2-7ubuntu1.1_amd64.deb Size/MD5: 2275308 5863e492367db5313ac068c5dde703e9 http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/ruby1.9-dev_1.9.0= .2-7ubuntu1.1_amd64.deb Size/MD5: 943252 1c8a27569a60edf9e4aabb7b7716967f http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/ruby1.9_1.9.0.2-7= ubuntu1.1_amd64.deb Size/MD5: 26536 86aa87a261a57d1d67edb397671b20b4 http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libdbm-ruby1.= 9_1.9.0.2-7ubuntu1.1_amd64.deb Size/MD5: 12544 eeb030e448f92081b3c05fe696011142 http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libgdbm-ruby1= .9_1.9.0.2-7ubuntu1.1_amd64.deb Size/MD5: 11838 b8c61c3b7435de2752b46bb75331ca3c http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libopenssl-ru= by1.9_1.9.0.2-7ubuntu1.1_amd64.deb Size/MD5: 134340 258bed110d062a4b96b02b558b08a412 http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libreadline-r= uby1.9_1.9.0.2-7ubuntu1.1_amd64.deb Size/MD5: 11638 6e3898a64f7dcccf444be54599313a17 http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libtcltk-ruby= 1.9_1.9.0.2-7ubuntu1.1_amd64.deb Size/MD5: 1745708 58a02a0dfa5d27ff0bb011acb635ed80
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/libruby1.9-dbg_1.= 9.0.2-7ubuntu1.1_i386.deb Size/MD5: 1921126 690079b204fc118f99876ed462371de5 http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/libruby1.9_1.9.0.= 2-7ubuntu1.1_i386.deb Size/MD5: 2127706 3dd6e4cd3c8adf46db14d45574ffd0ec http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/ruby1.9-dev_1.9.0= .2-7ubuntu1.1_i386.deb Size/MD5: 889504 c2fe2150cb1c8a15f855c42a52c424ef http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.9/ruby1.9_1.9.0.2-7= ubuntu1.1_i386.deb Size/MD5: 26324 97f33c71e37213e31af3e400e3687a9d http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libdbm-ruby1.= 9_1.9.0.2-7ubuntu1.1_i386.deb Size/MD5: 11186 4f749b40168d0b0235d49082b981694f http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libgdbm-ruby1= .9_1.9.0.2-7ubuntu1.1_i386.deb Size/MD5: 10598 44b212294eb892c174bde278bb9e97cb http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libopenssl-ru= by1.9_1.9.0.2-7ubuntu1.1_i386.deb Size/MD5: 118168 178e91fd4562e351835bfb9902ba4c61 http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libreadline-r= uby1.9_1.9.0.2-7ubuntu1.1_i386.deb Size/MD5: 10818 8c041f2499bb45935b185e82a8e40b3a http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.9/libtcltk-ruby= 1.9_1.9.0.2-7ubuntu1.1_i386.deb Size/MD5: 1738394 8c37885e72e5f00d7b4281885478bc6c
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-7ubu= ntu1.1_lpia.deb Size/MD5: 1951024 4f5e0733a3f49d53ca008ffcecf0c2de http://ports.ubuntu.com/pool/main/r/ruby1.9/libruby1.9_1.9.0.2-7ubuntu1= .1_lpia.deb Size/MD5: 2105434 535e2f90d7471df4fbdb766e48bf8c91 http://ports.ubuntu.com/pool/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-7ubuntu= 1.1_lpia.deb Size/MD5: 874130 473f3817d976736b04d4237e179a9c6f http://ports.ubuntu.com/pool/main/r/ruby1.9/ruby1.9_1.9.0.2-7ubuntu1.1_= lpia.deb Size/MD5: 26300 6d016c54f454eb4654facd88c1ae0a13 http://ports.ubuntu.com/pool/universe/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-= 7ubuntu1.1_lpia.deb Size/MD5: 11248 44a9b7e75e49660021284d7d6604ccff http://ports.ubuntu.com/pool/universe/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2= -7ubuntu1.1_lpia.deb Size/MD5: 10420 4f3e626250d8d16256e771135f80f4f4 http://ports.ubuntu.com/pool/universe/r/ruby1.9/libopenssl-ruby1.9_1.9.= 0.2-7ubuntu1.1_lpia.deb Size/MD5: 117570 b62300ef68d2655d837a0aed5d0bd054 http://ports.ubuntu.com/pool/universe/r/ruby1.9/libreadline-ruby1.9_1.9= .0.2-7ubuntu1.1_lpia.deb Size/MD5: 10746 a82cc7f12682aba7b583ec86cd13f55e http://ports.ubuntu.com/pool/universe/r/ruby1.9/libtcltk-ruby1.9_1.9.0.= 2-7ubuntu1.1_lpia.deb Size/MD5: 1737900 60a1f240342ab4ec317c1c0cf9c6e288
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-7ubu= ntu1.1_powerpc.deb Size/MD5: 2091776 d37a509a3fc9bcbc145e645f7766f269 http://ports.ubuntu.com/pool/main/r/ruby1.9/libruby1.9_1.9.0.2-7ubuntu1= .1_powerpc.deb Size/MD5: 2243518 af2e9a1ec3ca58e27f1f450d73fd9610 http://ports.ubuntu.com/pool/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-7ubuntu= 1.1_powerpc.deb Size/MD5: 901944 a7d7281252ec2325d634dd9857a80159 http://ports.ubuntu.com/pool/main/r/ruby1.9/ruby1.9_1.9.0.2-7ubuntu1.1_= powerpc.deb Size/MD5: 28734 0ecd088dcfe450dc224550ff4cb2846a http://ports.ubuntu.com/pool/universe/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-= 7ubuntu1.1_powerpc.deb Size/MD5: 14040 e5d5eb44f95ab85d5219a98e1ef3ae37 http://ports.ubuntu.com/pool/universe/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2= -7ubuntu1.1_powerpc.deb Size/MD5: 13318 e7e41a81b7155e3a8ab28f0905b0d084 http://ports.ubuntu.com/pool/universe/r/ruby1.9/libopenssl-ruby1.9_1.9.= 0.2-7ubuntu1.1_powerpc.deb Size/MD5: 133012 25e742b2556294b87f8563be9f622f56 http://ports.ubuntu.com/pool/universe/r/ruby1.9/libreadline-ruby1.9_1.9= .0.2-7ubuntu1.1_powerpc.deb Size/MD5: 13556 f1f4a0574e284023b1734d48db0f19c8 http://ports.ubuntu.com/pool/universe/r/ruby1.9/libtcltk-ruby1.9_1.9.0.= 2-7ubuntu1.1_powerpc.deb Size/MD5: 1747252 33ef64fd198e65ee8919e8409aaea08d
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-7ubu= ntu1.1_sparc.deb Size/MD5: 1803982 09d9b480b214361a46549de31f99e849 http://ports.ubuntu.com/pool/main/r/ruby1.9/libruby1.9_1.9.0.2-7ubuntu1= .1_sparc.deb Size/MD5: 2109258 731ae4bcad17cf2f0fa70a3bbc0ed490 http://ports.ubuntu.com/pool/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-7ubuntu= 1.1_sparc.deb Size/MD5: 883296 2ee2efc0f3c6d42bbc3ef765e346bd7b http://ports.ubuntu.com/pool/main/r/ruby1.9/ruby1.9_1.9.0.2-7ubuntu1.1_= sparc.deb Size/MD5: 26526 b2af0ad31ed80fa28cbdd24f5fabe6b7 http://ports.ubuntu.com/pool/universe/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-= 7ubuntu1.1_sparc.deb Size/MD5: 11212 c6dd5248b2680527df86081bbd7f58cc http://ports.ubuntu.com/pool/universe/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2= -7ubuntu1.1_sparc.deb Size/MD5: 10430 e24df579da217e1a47a2d7010c9408f9 http://ports.ubuntu.com/pool/universe/r/ruby1.9/libopenssl-ruby1.9_1.9.= 0.2-7ubuntu1.1_sparc.deb Size/MD5: 124360 52fbc1543bdc80153b92113320a324c5 http://ports.ubuntu.com/pool/universe/r/ruby1.9/libreadline-ruby1.9_1.9= .0.2-7ubuntu1.1_sparc.deb Size/MD5: 10856 504a25a03a0a79818536e0f967b4b904 http://ports.ubuntu.com/pool/universe/r/ruby1.9/libtcltk-ruby1.9_1.9.0.= 2-7ubuntu1.1_sparc.deb Size/MD5: 1740490 df138fac9cfb1d0b5cbab685e8738167
--=-e2uKS+RMIdU9OmIXdpSo Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAklHxtQACgkQLMAs/0C4zNpfPwCbBZiIDIpGtAQYuUCLFboosRVo C7IAmwUIMDC+0Ay9aY6PYnHKREeDcLIj =ZWBC -----END PGP SIGNATURE-----
--=-e2uKS+RMIdU9OmIXdpSo--
--===============5363821696347551377== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============5363821696347551377==--
|
|
|
|