[ubuntu/feisty-security] ruby1.8 1.8.5-4ubuntu2.3 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Fri Oct 10 02:56:11 BST 2008
ruby1.8 (1.8.5-4ubuntu2.3) feisty-security; urgency=low
* SECURITY UPDATE: denial of service via resource exhaustion in the REXML
module (LP: #261459)
- debian/patches/953_CVE-2008-3790.patch: adjust rexml/document.rb and
rexml/entity.rb to use expansion limits
- CVE-2008-3790
* SECURITY UPDATE: integer overflow in rb_ary_fill may cause denial of
service (LP: #246818)
- debian/patches/954_CVE-2008-2376.patch: adjust array.c to properly
check argument length
- CVE-2008-2376
* SECURITY UPDATE: denial of service via multiple long requests to a Ruby
socket
- debian/patches/955_CVE-2008-3443.patch: adjust regex.c to not use ruby
managed memory and check for allocation failures
- CVE-2008-3443
* SECURITY UPDATE: denial of service via crafted HTTP request (LP: #257122)
- debian/patches/956_CVE-2008-3656.patch: update webrick/httputils.rb to
properly check paths ending with '.'
- CVE-2008-3656
* SECURITY UPDATE: predictable transaction id and source port for DNS
requests (separate vulnerability from CVE-2008-1447)
- debian/patches/957_CVE-2008-3905.patch: adjust resolv.rb to use
SecureRandom for transaction id and source port
- CVE-2008-3905
* SECURITY UPDATE: safe level bypass via DL.dlopen
- debian/patches/958_CVE-2008-3657.patch: adjust rb_str_to_ptr and
rb_ary_to_ptr in ext/dl/dl.c and rb_dlsym_call in ext/dl/sym.c to
propogate taint and check taintness of DLPtrData
- CVE-2008-3657
* SECURITY UPDATE: safe level bypass via multiple vectors
- debian/patches/959_CVE-2008-3655.patch: use rb_secure(4) in variable.c
and syslog.c, check for secure level 3 or higher in eval.c and make
sure PROGRAM_NAME can't be modified
- CVE-2008-3655
Date: Thu, 09 Oct 2008 09:28:03 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/feisty/+source/ruby1.8/1.8.5-4ubuntu2.3
-------------- next part --------------
Format: 1.7
Date: Thu, 09 Oct 2008 09:28:03 -0500
Source: ruby1.8
Binary: irb1.8 libdbm-ruby1.8 libgdbm-ruby1.8 libopenssl-ruby1.8 libreadline-ruby1.8 libruby1.8 libruby1.8-dbg libtcltk-ruby1.8 rdoc1.8 ri1.8 ruby1.8 ruby1.8-dev ruby1.8-elisp ruby1.8-examples
Architecture: amd64 i386 all ia64 powerpc source sparc
Version: 1.8.5-4ubuntu2.3
Distribution: feisty-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
libdbm-ruby1.8 - DBM interface for Ruby 1.8
libgdbm-ruby1.8 - GDBM interface for Ruby 1.8
libopenssl-ruby1.8 - OpenSSL interface for Ruby 1.8
libreadline-ruby1.8 - Readline interface for Ruby 1.8
libruby1.8 - Libraries necessary to run Ruby 1.8
libruby1.8-dbg - Debugging symbols for Ruby 1.8
libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8
ruby1.8 - Interpreter of object-oriented scripting language Ruby 1.8
ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8
irb1.8 - Interactive Ruby (for Ruby 1.8)
rdoc1.8 - Generate documentation from Ruby source files (for Ruby 1.8)
ri1.8 - Ruby Interactive reference (for Ruby 1.8)
ruby1.8-elisp - ruby-mode for Emacsen
ruby1.8-examples - Examples for Ruby 1.8
Changes:
ruby1.8 (1.8.5-4ubuntu2.3) feisty-security; urgency=low
.
* SECURITY UPDATE: denial of service via resource exhaustion in the REXML
module (LP: #261459)
- debian/patches/953_CVE-2008-3790.patch: adjust rexml/document.rb and
rexml/entity.rb to use expansion limits
- CVE-2008-3790
* SECURITY UPDATE: integer overflow in rb_ary_fill may cause denial of
service (LP: #246818)
- debian/patches/954_CVE-2008-2376.patch: adjust array.c to properly
check argument length
- CVE-2008-2376
* SECURITY UPDATE: denial of service via multiple long requests to a Ruby
socket
- debian/patches/955_CVE-2008-3443.patch: adjust regex.c to not use ruby
managed memory and check for allocation failures
- CVE-2008-3443
* SECURITY UPDATE: denial of service via crafted HTTP request (LP: #257122)
- debian/patches/956_CVE-2008-3656.patch: update webrick/httputils.rb to
properly check paths ending with '.'
- CVE-2008-3656
* SECURITY UPDATE: predictable transaction id and source port for DNS
requests (separate vulnerability from CVE-2008-1447)
- debian/patches/957_CVE-2008-3905.patch: adjust resolv.rb to use
SecureRandom for transaction id and source port
- CVE-2008-3905
* SECURITY UPDATE: safe level bypass via DL.dlopen
- debian/patches/958_CVE-2008-3657.patch: adjust rb_str_to_ptr and
rb_ary_to_ptr in ext/dl/dl.c and rb_dlsym_call in ext/dl/sym.c to
propogate taint and check taintness of DLPtrData
- CVE-2008-3657
* SECURITY UPDATE: safe level bypass via multiple vectors
- debian/patches/959_CVE-2008-3655.patch: use rb_secure(4) in variable.c
and syslog.c, check for secure level 3 or higher in eval.c and make
sure PROGRAM_NAME can't be modified
- CVE-2008-3655
Files:
bb10a00299574adfcb18bf06b4701348 218364 interpreters optional ruby1.8_1.8.5-4ubuntu2.3_amd64.deb
e9f65661585bb46986378212eb4c399b 1596968 libs optional libruby1.8_1.8.5-4ubuntu2.3_amd64.deb
aaaf8076bc670ce0535d52f7e06024c4 1072174 libdevel extra libruby1.8-dbg_1.8.5-4ubuntu2.3_amd64.deb
02f76304967648106724d05499276716 752802 devel optional ruby1.8-dev_1.8.5-4ubuntu2.3_amd64.deb
8d5669bedb33bfea32f34f86e36c6505 198308 interpreters optional libdbm-ruby1.8_1.8.5-4ubuntu2.3_amd64.deb
d35132cc43a8801a5e0483ceb1386a4c 199390 interpreters optional libgdbm-ruby1.8_1.8.5-4ubuntu2.3_amd64.deb
2d78163a804754f71d7780b6915e8972 198882 interpreters optional libreadline-ruby1.8_1.8.5-4ubuntu2.3_amd64.deb
c32a373a6c76370ebc64e68a44aec3fd 1837318 interpreters optional libtcltk-ruby1.8_1.8.5-4ubuntu2.3_amd64.deb
61e9f34641856e9c4f1f5e934f1abc1f 304414 interpreters optional libopenssl-ruby1.8_1.8.5-4ubuntu2.3_amd64.deb
80c3fc9ce336e3e31709193722710c58 218162 interpreters optional ruby1.8_1.8.5-4ubuntu2.3_i386.deb
33f84f7bfef17c884486806708712cd5 1533772 libs optional libruby1.8_1.8.5-4ubuntu2.3_i386.deb
f61e54d00bb7cf2349dad73a122c5d94 1001378 libdevel extra libruby1.8-dbg_1.8.5-4ubuntu2.3_i386.deb
f5620860e67d98dfd8aa3146170bc148 713510 devel optional ruby1.8-dev_1.8.5-4ubuntu2.3_i386.deb
4a2d387350e2cbe262c45767059c7fe7 197696 interpreters optional libdbm-ruby1.8_1.8.5-4ubuntu2.3_i386.deb
420ce67840aadf015341be8f793b23ec 198280 interpreters optional libgdbm-ruby1.8_1.8.5-4ubuntu2.3_i386.deb
141253532ac46400ade9cdd37d78985e 198024 interpreters optional libreadline-ruby1.8_1.8.5-4ubuntu2.3_i386.deb
468e41566fa40d3e64a8866369cd14ea 1830970 interpreters optional libtcltk-ruby1.8_1.8.5-4ubuntu2.3_i386.deb
c8615b6ade4e55db33ab34b4b91bf15b 291838 interpreters optional libopenssl-ruby1.8_1.8.5-4ubuntu2.3_i386.deb
6a25881ecffabbe8013e2d50bc5e8e30 243034 interpreters optional ruby1.8-examples_1.8.5-4ubuntu2.3_all.deb
577bfbf7b33503ca80e2031883d92a6f 210580 interpreters optional ruby1.8-elisp_1.8.5-4ubuntu2.3_all.deb
4694d489187b762b7dec5640c876e77e 1230230 interpreters optional ri1.8_1.8.5-4ubuntu2.3_all.deb
412f5bca0c2d966993dfb9044f0ddf0b 310702 doc optional rdoc1.8_1.8.5-4ubuntu2.3_all.deb
eefdf8cdb203548f982dc74ed4f8fea1 235932 interpreters optional irb1.8_1.8.5-4ubuntu2.3_all.deb
9c064709d0fc6307eeb03ece33f1226d 218990 interpreters optional ruby1.8_1.8.5-4ubuntu2.3_ia64.deb
a9e3db7972a357f9d789202755db0c87 1904092 libs optional libruby1.8_1.8.5-4ubuntu2.3_ia64.deb
85f889aff7c190586446d779d13917f3 1026184 libdevel extra libruby1.8-dbg_1.8.5-4ubuntu2.3_ia64.deb
0a6b8a68054e510264272d8654149128 972170 devel optional ruby1.8-dev_1.8.5-4ubuntu2.3_ia64.deb
ed476ccb99a1bc7c2e0b7b3237b3905f 202690 interpreters optional libdbm-ruby1.8_1.8.5-4ubuntu2.3_ia64.deb
43600f57a715796912d4b70f1369bfeb 203640 interpreters optional libgdbm-ruby1.8_1.8.5-4ubuntu2.3_ia64.deb
0d504c1c9dc164a43b3f1fb4e5d096cf 201740 interpreters optional libreadline-ruby1.8_1.8.5-4ubuntu2.3_ia64.deb
4b53588e992041f6e41251a9f4ad0d33 1862230 interpreters optional libtcltk-ruby1.8_1.8.5-4ubuntu2.3_ia64.deb
ebc27f5986b839a57516d2bcc42ebd4c 332746 interpreters optional libopenssl-ruby1.8_1.8.5-4ubuntu2.3_ia64.deb
15fb25df796250bc96d2df711ec32a8d 220466 interpreters optional ruby1.8_1.8.5-4ubuntu2.3_powerpc.deb
2dd7a5ab224abe569dd15b399b7adc12 1638104 libs optional libruby1.8_1.8.5-4ubuntu2.3_powerpc.deb
0285045d8c86c80f57a7e1387e3886c8 1111450 libdevel extra libruby1.8-dbg_1.8.5-4ubuntu2.3_powerpc.deb
26a28f686ccdc27639f28bded1ecfe8c 734818 devel optional ruby1.8-dev_1.8.5-4ubuntu2.3_powerpc.deb
2c80162e51db86d37002c0a24baa1d4f 200694 interpreters optional libdbm-ruby1.8_1.8.5-4ubuntu2.3_powerpc.deb
0cd572d70acb5674705fb49d1c223e64 201266 interpreters optional libgdbm-ruby1.8_1.8.5-4ubuntu2.3_powerpc.deb
13940e77aa7995c605bed98bcd6a1a25 200872 interpreters optional libreadline-ruby1.8_1.8.5-4ubuntu2.3_powerpc.deb
dbdfbe711e7d999f25ce1f27430af9a3 1840538 interpreters optional libtcltk-ruby1.8_1.8.5-4ubuntu2.3_powerpc.deb
0acb855b22964be130afd34b2114d64e 305914 interpreters optional libopenssl-ruby1.8_1.8.5-4ubuntu2.3_powerpc.deb
956be22b057cc8616dc983769b63bfdf 1171 interpreters optional ruby1.8_1.8.5-4ubuntu2.3.dsc
bff2be8f11e65dcb092f1c613bc52b3d 108435 interpreters optional ruby1.8_1.8.5-4ubuntu2.3.diff.gz
6f68aef25004ca71f0db472a7a48cdff 218338 interpreters optional ruby1.8_1.8.5-4ubuntu2.3_sparc.deb
aebb00d3a199fe62ef6ca1d50843a579 1555780 libs optional libruby1.8_1.8.5-4ubuntu2.3_sparc.deb
09119400dee20b10ac4af6d639c6fac3 969856 libdevel extra libruby1.8-dbg_1.8.5-4ubuntu2.3_sparc.deb
0010ee7bb2a876d35009d1cf1a40052c 742750 devel optional ruby1.8-dev_1.8.5-4ubuntu2.3_sparc.deb
44a5d2631b29c4785f637333ef67e91e 197414 interpreters optional libdbm-ruby1.8_1.8.5-4ubuntu2.3_sparc.deb
84e38811122a7999c00926881cb86db9 198236 interpreters optional libgdbm-ruby1.8_1.8.5-4ubuntu2.3_sparc.deb
644a945494713312dbb307ed3c05b6a3 198150 interpreters optional libreadline-ruby1.8_1.8.5-4ubuntu2.3_sparc.deb
b4c89388e842459fa89a98c30815efa0 1833688 interpreters optional libtcltk-ruby1.8_1.8.5-4ubuntu2.3_sparc.deb
550eb057d1003903d61da7e8b16d2f22 297376 interpreters optional libopenssl-ruby1.8_1.8.5-4ubuntu2.3_sparc.deb
Launchpad-Bugs-Fixed: 246818 257122 261459
Original-Maintainer: akira yamada <akira at debian.org>
More information about the feisty-changes
mailing list