[ubuntu/dapper-security] ruby1.8 1.8.4-1ubuntu1.6 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Fri Oct 10 02:55:57 BST 2008
ruby1.8 (1.8.4-1ubuntu1.6) dapper-security; urgency=low
* SECURITY UPDATE: denial of service via resource exhaustion in the REXML
module (LP: #261459)
- debian/patches/917_CVE-2008-3790.patch: adjust rexml/document.rb and
rexml/entity.rb to use expansion limits
- CVE-2008-3790
* SECURITY UPDATE: integer overflow in rb_ary_fill may cause denial of
service (LP: #246818)
- debian/patches/918_CVE-2008-2376.patch: adjust array.c to properly
check argument length
- CVE-2008-2376
* SECURITY UPDATE: denial of service via multiple long requests to a Ruby
socket
- debian/patches/919_CVE-2008-3443.patch: adjust regex.c to not use ruby
managed memory and check for allocation failures
- CVE-2008-3443
* SECURITY UPDATE: denial of service via crafted HTTP request (LP: #257122)
- debian/patches/920_CVE-2008-3656.patch: update webrick/httputils.rb to
properly check paths ending with '.'
- CVE-2008-3656
* SECURITY UPDATE: predictable transaction id and source port for DNS
requests (separate vulnerability from CVE-2008-1447)
- debian/patches/921_CVE-2008-3905.patch: adjust resolv.rb to use
SecureRandom for transaction id and source port
- CVE-2008-3905
* SECURITY UPDATE: safe level bypass via DL.dlopen
- debian/patches/922_CVE-2008-3657.patch: adjust rb_str_to_ptr and
rb_ary_to_ptr in ext/dl/dl.c and rb_dlsym_call in ext/dl/sym.c to
propogate taint and check taintness of DLPtrData
- CVE-2008-3657
* SECURITY UPDATE: safe level bypass via multiple vectors
- debian/patches/923_CVE-2008-3655.patch: use rb_secure(4) in variable.c
and syslog.c, check for secure level 3 or higher in eval.c and make
sure PROGRAM_NAME can't be modified
- CVE-2008-3655
Date: Thu, 09 Oct 2008 10:32:41 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: akira yamada <akira at debian.org>
https://launchpad.net/ubuntu/dapper/+source/ruby1.8/1.8.4-1ubuntu1.6
-------------- next part --------------
Format: 1.7
Date: Thu, 09 Oct 2008 10:32:41 -0500
Source: ruby1.8
Binary: irb1.8 libdbm-ruby1.8 libgdbm-ruby1.8 libopenssl-ruby1.8 libreadline-ruby1.8 libruby1.8 libruby1.8-dbg libtcltk-ruby1.8 rdoc1.8 ri1.8 ruby1.8 ruby1.8-dev ruby1.8-elisp ruby1.8-examples
Architecture: amd64 i386 all ia64 powerpc source sparc
Version: 1.8.4-1ubuntu1.6
Distribution: dapper-security
Urgency: low
Maintainer: akira yamada <akira at debian.org>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
libdbm-ruby1.8 - DBM interface for Ruby 1.8
libgdbm-ruby1.8 - GDBM interface for Ruby 1.8
libopenssl-ruby1.8 - OpenSSL interface for Ruby 1.8
libreadline-ruby1.8 - Readline interface for Ruby 1.8
libruby1.8 - Libraries necessary to run Ruby 1.8
libruby1.8-dbg - Debugging libraries for Ruby 1.8
libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8
ruby1.8 - Interpreter of object-oriented scripting language Ruby 1.8
ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8
irb1.8 - Interactive Ruby (for Ruby 1.8)
rdoc1.8 - Generate documentation from Ruby source files (for Ruby 1.8)
ri1.8 - Ruby Interactive reference (for Ruby 1.8)
ruby1.8-elisp - ruby-mode for Emacsen
ruby1.8-examples - Examples for Ruby 1.8
Changes:
ruby1.8 (1.8.4-1ubuntu1.6) dapper-security; urgency=low
.
* SECURITY UPDATE: denial of service via resource exhaustion in the REXML
module (LP: #261459)
- debian/patches/917_CVE-2008-3790.patch: adjust rexml/document.rb and
rexml/entity.rb to use expansion limits
- CVE-2008-3790
* SECURITY UPDATE: integer overflow in rb_ary_fill may cause denial of
service (LP: #246818)
- debian/patches/918_CVE-2008-2376.patch: adjust array.c to properly
check argument length
- CVE-2008-2376
* SECURITY UPDATE: denial of service via multiple long requests to a Ruby
socket
- debian/patches/919_CVE-2008-3443.patch: adjust regex.c to not use ruby
managed memory and check for allocation failures
- CVE-2008-3443
* SECURITY UPDATE: denial of service via crafted HTTP request (LP: #257122)
- debian/patches/920_CVE-2008-3656.patch: update webrick/httputils.rb to
properly check paths ending with '.'
- CVE-2008-3656
* SECURITY UPDATE: predictable transaction id and source port for DNS
requests (separate vulnerability from CVE-2008-1447)
- debian/patches/921_CVE-2008-3905.patch: adjust resolv.rb to use
SecureRandom for transaction id and source port
- CVE-2008-3905
* SECURITY UPDATE: safe level bypass via DL.dlopen
- debian/patches/922_CVE-2008-3657.patch: adjust rb_str_to_ptr and
rb_ary_to_ptr in ext/dl/dl.c and rb_dlsym_call in ext/dl/sym.c to
propogate taint and check taintness of DLPtrData
- CVE-2008-3657
* SECURITY UPDATE: safe level bypass via multiple vectors
- debian/patches/923_CVE-2008-3655.patch: use rb_secure(4) in variable.c
and syslog.c, check for secure level 3 or higher in eval.c and make
sure PROGRAM_NAME can't be modified
- CVE-2008-3655
Files:
e685df2818366115694e31bf212895e0 189758 interpreters optional ruby1.8_1.8.4-1ubuntu1.6_amd64.deb
06599ab080d810f1a7ef6982d5e1ec1f 1508216 libs optional libruby1.8_1.8.4-1ubuntu1.6_amd64.deb
9af0f93f2be69fa1f55427d3adda8849 1041044 libdevel extra libruby1.8-dbg_1.8.4-1ubuntu1.6_amd64.deb
a4b3d91889d504cd846b40967357a4ad 718534 devel optional ruby1.8-dev_1.8.4-1ubuntu1.6_amd64.deb
0e63f0dfb6145a51dade02a85849a7ac 170200 interpreters optional libdbm-ruby1.8_1.8.4-1ubuntu1.6_amd64.deb
d79aaacd48a548f2f941b3a68a9be59b 171382 interpreters optional libgdbm-ruby1.8_1.8.4-1ubuntu1.6_amd64.deb
0d91a288cd1d0191e932c35d8ee96252 170824 interpreters optional libreadline-ruby1.8_1.8.4-1ubuntu1.6_amd64.deb
37ce3ec27c169b5c76878c898aae425c 1798668 interpreters optional libtcltk-ruby1.8_1.8.4-1ubuntu1.6_amd64.deb
145baebb77a1855175b90a95942d271a 275002 interpreters optional libopenssl-ruby1.8_1.8.4-1ubuntu1.6_amd64.deb
1343ee30f887d8395d4d367de8cc3665 189532 interpreters optional ruby1.8_1.8.4-1ubuntu1.6_i386.deb
cf6656a49c4c6cbbc95001cc19111b65 1421664 libs optional libruby1.8_1.8.4-1ubuntu1.6_i386.deb
05b5a85671258af0a424950d3fdabed6 871264 libdevel extra libruby1.8-dbg_1.8.4-1ubuntu1.6_i386.deb
61776c52e06b76f114f820947d31bc45 663728 devel optional ruby1.8-dev_1.8.4-1ubuntu1.6_i386.deb
8ff24924b89217ec5d6d3314da9f0907 169434 interpreters optional libdbm-ruby1.8_1.8.4-1ubuntu1.6_i386.deb
98bdf48385e715deb1d8ca349f5a112b 169970 interpreters optional libgdbm-ruby1.8_1.8.4-1ubuntu1.6_i386.deb
8429b8a191b188e0cc024b72fa810982 169848 interpreters optional libreadline-ruby1.8_1.8.4-1ubuntu1.6_i386.deb
1d4a67a5b57b25f4b46a76de948d8a1a 1790638 interpreters optional libtcltk-ruby1.8_1.8.4-1ubuntu1.6_i386.deb
0ef3485d2f777f852f148097033089b2 259368 interpreters optional libopenssl-ruby1.8_1.8.4-1ubuntu1.6_i386.deb
a5cea4984ad695e6c6847373caa1ac6f 214768 interpreters optional ruby1.8-examples_1.8.4-1ubuntu1.6_all.deb
60c62fcfcfcf948e9a226b549f549b86 182528 interpreters optional ruby1.8-elisp_1.8.4-1ubuntu1.6_all.deb
e67337bbfe714de20254282f9a76aa6f 758550 interpreters optional ri1.8_1.8.4-1ubuntu1.6_all.deb
2d260b7726e4df4fdc1926aa9ca6acaa 272628 doc optional rdoc1.8_1.8.4-1ubuntu1.6_all.deb
f70d912e1a23e973a996ea7bb3091927 207750 interpreters optional irb1.8_1.8.4-1ubuntu1.6_all.deb
08784f39ccc458a07ed7a5c3f6e91968 190622 interpreters optional ruby1.8_1.8.4-1ubuntu1.6_ia64.deb
c4e665ff737d59fa46fcddaf9c2a01e6 1827990 libs optional libruby1.8_1.8.4-1ubuntu1.6_ia64.deb
2f4ace625cbe050154528e4ee49db362 1206984 libdevel extra libruby1.8-dbg_1.8.4-1ubuntu1.6_ia64.deb
c89762018f03a11ec021c0546b75dc79 942740 devel optional ruby1.8-dev_1.8.4-1ubuntu1.6_ia64.deb
0679fa21ff57b5b27a0dadedd5ebcc1d 174840 interpreters optional libdbm-ruby1.8_1.8.4-1ubuntu1.6_ia64.deb
e823b9d712b1280d487172ef226d5b77 175966 interpreters optional libgdbm-ruby1.8_1.8.4-1ubuntu1.6_ia64.deb
b81a951853a21508e3aa72cbb647992d 173824 interpreters optional libreadline-ruby1.8_1.8.4-1ubuntu1.6_ia64.deb
af0077634219e57b614af28452af4003 1824454 interpreters optional libtcltk-ruby1.8_1.8.4-1ubuntu1.6_ia64.deb
cd9fb3ba04057b7f86ee81fe41296f49 304820 interpreters optional libopenssl-ruby1.8_1.8.4-1ubuntu1.6_ia64.deb
3e065c17689b4bd3612baf4a73740c67 191556 interpreters optional ruby1.8_1.8.4-1ubuntu1.6_powerpc.deb
70fa6e114cdbbecf8f4f3e8648cdce07 1510704 libs optional libruby1.8_1.8.4-1ubuntu1.6_powerpc.deb
bb525a74b072f114466b1e0ce2ee28c7 1031122 libdevel extra libruby1.8-dbg_1.8.4-1ubuntu1.6_powerpc.deb
6c586b55b98a853ef8548a9c02509f92 682666 devel optional ruby1.8-dev_1.8.4-1ubuntu1.6_powerpc.deb
9c43a078609b44625f13c0448aad7b28 171646 interpreters optional libdbm-ruby1.8_1.8.4-1ubuntu1.6_powerpc.deb
c8313adbd8803bafea1f53233876436a 172174 interpreters optional libgdbm-ruby1.8_1.8.4-1ubuntu1.6_powerpc.deb
c31d26c9fe886dfcb610007eacaaa047 171932 interpreters optional libreadline-ruby1.8_1.8.4-1ubuntu1.6_powerpc.deb
5476ada0c3e63733c51cbea5e0c45844 1798684 interpreters optional libtcltk-ruby1.8_1.8.4-1ubuntu1.6_powerpc.deb
8a28ff46310e4f8435752e58e6940497 265306 interpreters optional libopenssl-ruby1.8_1.8.4-1ubuntu1.6_powerpc.deb
7074495b271591010fba16b96cb69b5d 1029 interpreters optional ruby1.8_1.8.4-1ubuntu1.6.dsc
5c3015046d04d53042ef782ea12875c3 46252 interpreters optional ruby1.8_1.8.4-1ubuntu1.6.diff.gz
422a017405e00e3fae4810f35e243712 189776 interpreters optional ruby1.8_1.8.4-1ubuntu1.6_sparc.deb
579b2e16f3c9ad5cffdc1437ca64df5f 1463472 libs optional libruby1.8_1.8.4-1ubuntu1.6_sparc.deb
8e3f474826874e4e3f4c1ede833c8141 916006 libdevel extra libruby1.8-dbg_1.8.4-1ubuntu1.6_sparc.deb
77c56d4c500ce1f0174f459927c18ce8 704558 devel optional ruby1.8-dev_1.8.4-1ubuntu1.6_sparc.deb
f5aef7cb164b9625dda2294c52e3f6ee 169516 interpreters optional libdbm-ruby1.8_1.8.4-1ubuntu1.6_sparc.deb
b838d4215a73b5d1a494df7c3bb46437 170332 interpreters optional libgdbm-ruby1.8_1.8.4-1ubuntu1.6_sparc.deb
9482de83e6f751162b1cb89f9f14caeb 170124 interpreters optional libreadline-ruby1.8_1.8.4-1ubuntu1.6_sparc.deb
4a119ebccaddb1935daabaaa6f38d2ca 1794628 interpreters optional libtcltk-ruby1.8_1.8.4-1ubuntu1.6_sparc.deb
53ab67bd21cb711590a64bf6b096b0fd 267658 interpreters optional libopenssl-ruby1.8_1.8.4-1ubuntu1.6_sparc.deb
More information about the dapper-changes
mailing list