[ubuntu/gutsy-security] ruby1.8 1.8.6.36-1ubuntu3.3 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Fri Oct 10 02:55:26 BST 2008
ruby1.8 (1.8.6.36-1ubuntu3.3) gutsy-security; urgency=low
* SECURITY UPDATE: denial of service via resource exhaustion in the REXML
module (LP: #261459)
- debian/patches/103_CVE-2008-3790.dpatch: adjust rexml/document.rb and
rexml/entity.rb to use expansion limits
- CVE-2008-3790
* SECURITY UPDATE: integer overflow in rb_ary_fill may cause denial of
service (LP: #246818)
- debian/patches/104_CVE-2008-2376.dpatch: adjust array.c to properly
check argument length
- CVE-2008-2376
* SECURITY UPDATE: denial of service via multiple long requests to a Ruby
socket
- debian/patches/105_CVE-2008-3443.dpatch: adjust regex.c to not use ruby
managed memory and check for allocation failures
- CVE-2008-3443
* SECURITY UPDATE: denial of service via crafted HTTP request (LP: #257122)
- debian/patches/106_CVE-2008-3656.dpatch: update webrick/httputils.rb to
properly check paths ending with '.'
- CVE-2008-3656
* SECURITY UPDATE: predictable transaction id and source port for DNS
requests (separate vulnerability from CVE-2008-1447)
- debian/patches/107_CVE-2008-3905.dpatch: adjust resolv.rb to use
SecureRandom for transaction id and source port
- CVE-2008-3905
* SECURITY UPDATE: safe level bypass via DL.dlopen
- debian/patches/108_CVE-2008-3657.dpatch: adjust rb_str_to_ptr and
rb_ary_to_ptr in ext/dl/dl.c and rb_dlsym_call in ext/dl/sym.c to
propogate taint and check taintness of DLPtrData
- CVE-2008-3657
* SECURITY UPDATE: safe level bypass via multiple vectors
- debian/patches/109_CVE-2008-3655.dpatch: use rb_secure(4) in variable.c
and syslog.c, check for secure level 3 or higher in eval.c and make
sure PROGRAM_NAME can't be modified
- CVE-2008-3655
Date: Thu, 09 Oct 2008 08:47:35 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Core developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/gutsy/+source/ruby1.8/1.8.6.36-1ubuntu3.3
-------------- next part --------------
Format: 1.7
Date: Thu, 09 Oct 2008 08:47:35 -0500
Source: ruby1.8
Binary: irb1.8 libdbm-ruby1.8 libgdbm-ruby1.8 libopenssl-ruby1.8 libreadline-ruby1.8 libruby1.8 libruby1.8-dbg libtcltk-ruby1.8 rdoc1.8 ri1.8 ruby1.8 ruby1.8-dev ruby1.8-elisp ruby1.8-examples
Architecture: amd64 hppa i386 all ia64 lpia powerpc source sparc
Version: 1.8.6.36-1ubuntu3.3
Distribution: gutsy-security
Urgency: low
Maintainer: Ubuntu Core developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
libdbm-ruby1.8 - DBM interface for Ruby 1.8
libgdbm-ruby1.8 - GDBM interface for Ruby 1.8
libopenssl-ruby1.8 - OpenSSL interface for Ruby 1.8
libreadline-ruby1.8 - Readline interface for Ruby 1.8
libruby1.8 - Libraries necessary to run Ruby 1.8
libruby1.8-dbg - Debugging symbols for Ruby 1.8
libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8
ruby1.8 - Interpreter of object-oriented scripting language Ruby 1.8
ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8
irb1.8 - Interactive Ruby (for Ruby 1.8)
rdoc1.8 - Generate documentation from Ruby source files (for Ruby 1.8)
ri1.8 - Ruby Interactive reference (for Ruby 1.8)
ruby1.8-elisp - ruby-mode for Emacsen
ruby1.8-examples - Examples for Ruby 1.8
Changes:
ruby1.8 (1.8.6.36-1ubuntu3.3) gutsy-security; urgency=low
.
* SECURITY UPDATE: denial of service via resource exhaustion in the REXML
module (LP: #261459)
- debian/patches/103_CVE-2008-3790.dpatch: adjust rexml/document.rb and
rexml/entity.rb to use expansion limits
- CVE-2008-3790
* SECURITY UPDATE: integer overflow in rb_ary_fill may cause denial of
service (LP: #246818)
- debian/patches/104_CVE-2008-2376.dpatch: adjust array.c to properly
check argument length
- CVE-2008-2376
* SECURITY UPDATE: denial of service via multiple long requests to a Ruby
socket
- debian/patches/105_CVE-2008-3443.dpatch: adjust regex.c to not use ruby
managed memory and check for allocation failures
- CVE-2008-3443
* SECURITY UPDATE: denial of service via crafted HTTP request (LP: #257122)
- debian/patches/106_CVE-2008-3656.dpatch: update webrick/httputils.rb to
properly check paths ending with '.'
- CVE-2008-3656
* SECURITY UPDATE: predictable transaction id and source port for DNS
requests (separate vulnerability from CVE-2008-1447)
- debian/patches/107_CVE-2008-3905.dpatch: adjust resolv.rb to use
SecureRandom for transaction id and source port
- CVE-2008-3905
* SECURITY UPDATE: safe level bypass via DL.dlopen
- debian/patches/108_CVE-2008-3657.dpatch: adjust rb_str_to_ptr and
rb_ary_to_ptr in ext/dl/dl.c and rb_dlsym_call in ext/dl/sym.c to
propogate taint and check taintness of DLPtrData
- CVE-2008-3657
* SECURITY UPDATE: safe level bypass via multiple vectors
- debian/patches/109_CVE-2008-3655.dpatch: use rb_secure(4) in variable.c
and syslog.c, check for secure level 3 or higher in eval.c and make
sure PROGRAM_NAME can't be modified
- CVE-2008-3655
Files:
15020997dda4eff17154e0980c9df2e8 240362 interpreters optional ruby1.8_1.8.6.36-1ubuntu3.3_amd64.deb
2016b7627794664636bcda565abc9995 1635046 libs optional libruby1.8_1.8.6.36-1ubuntu3.3_amd64.deb
4489891057cfd502bd53b385b178c670 1379040 libdevel extra libruby1.8-dbg_1.8.6.36-1ubuntu3.3_amd64.deb
514d194e548a891638a6ebdc8eb493c7 782124 devel optional ruby1.8-dev_1.8.6.36-1ubuntu3.3_amd64.deb
e06d75dd017b7ece94719961780ef855 220522 interpreters optional libdbm-ruby1.8_1.8.6.36-1ubuntu3.3_amd64.deb
55aabb68d8f24fd3721fc5735e393d77 220006 interpreters optional libgdbm-ruby1.8_1.8.6.36-1ubuntu3.3_amd64.deb
4a65b393661c3cb4efba970f1708bc70 219472 interpreters optional libreadline-ruby1.8_1.8.6.36-1ubuntu3.3_amd64.deb
8c436c2d5902c0b153b98f6c062826da 1877622 interpreters optional libtcltk-ruby1.8_1.8.6.36-1ubuntu3.3_amd64.deb
2b957781f606de958ee0732dc148e8c2 330400 interpreters optional libopenssl-ruby1.8_1.8.6.36-1ubuntu3.3_amd64.deb
e685569102496a9ad2e2e1d421b60537 240772 interpreters optional ruby1.8_1.8.6.36-1ubuntu3.3_hppa.deb
f02da07da60584fd3743b470c3d5b008 1707958 libs optional libruby1.8_1.8.6.36-1ubuntu3.3_hppa.deb
32e941d6fbbe555be11191d407f0a0f8 1360428 libdevel extra libruby1.8-dbg_1.8.6.36-1ubuntu3.3_hppa.deb
5a6f5470bc4d0d1432c921450fd95c5f 847270 devel optional ruby1.8-dev_1.8.6.36-1ubuntu3.3_hppa.deb
5aa27cbc563542d011b1788dcfda450c 221598 interpreters optional libdbm-ruby1.8_1.8.6.36-1ubuntu3.3_hppa.deb
2fdbb2a0ba3dcf4dd2abffd3f1aa8b1a 221022 interpreters optional libgdbm-ruby1.8_1.8.6.36-1ubuntu3.3_hppa.deb
d7f2ad6e3e06b6cc9dc1ea5693caa879 220584 interpreters optional libreadline-ruby1.8_1.8.6.36-1ubuntu3.3_hppa.deb
ec3b1ab911bba11f32fc72e9585e9c2a 1883754 interpreters optional libtcltk-ruby1.8_1.8.6.36-1ubuntu3.3_hppa.deb
6d003b3ee2db53bcb0c54b42c63bbe38 341334 interpreters optional libopenssl-ruby1.8_1.8.6.36-1ubuntu3.3_hppa.deb
01318a358484331e0c5ea15a562319f6 264360 interpreters optional ruby1.8-examples_1.8.6.36-1ubuntu3.3_all.deb
8bf804151701d083cc04e321ad16cb79 232604 interpreters optional ruby1.8-elisp_1.8.6.36-1ubuntu3.3_all.deb
3a137656e493b9c70503eab4ed92710d 1286688 interpreters optional ri1.8_1.8.6.36-1ubuntu3.3_all.deb
c9a6b8b64bcdd6a1651fb85f6623f3ca 332302 doc optional rdoc1.8_1.8.6.36-1ubuntu3.3_all.deb
0e30f3c78572763c328d0105e3660546 258790 interpreters optional irb1.8_1.8.6.36-1ubuntu3.3_all.deb
d23dceeb06b24bacc7db3cca86fb1cee 240122 interpreters optional ruby1.8_1.8.6.36-1ubuntu3.3_i386.deb
a11116a290db82ab590546e7d92f54c4 1567320 libs optional libruby1.8_1.8.6.36-1ubuntu3.3_i386.deb
0503a1f66a10bbb31490002a259930c4 1304424 libdevel extra libruby1.8-dbg_1.8.6.36-1ubuntu3.3_i386.deb
e8c5576972ca0526ee15c87fde222c09 741850 devel optional ruby1.8-dev_1.8.6.36-1ubuntu3.3_i386.deb
2c94c7e6d5588abc7a87fa60698c8292 219940 interpreters optional libdbm-ruby1.8_1.8.6.36-1ubuntu3.3_i386.deb
40557e65a79bb391e758301edf3b1469 218874 interpreters optional libgdbm-ruby1.8_1.8.6.36-1ubuntu3.3_i386.deb
4e2110484a9e5565c00de87ef40f4a0e 218628 interpreters optional libreadline-ruby1.8_1.8.6.36-1ubuntu3.3_i386.deb
bffc7d347142583f3f0e08c57c5c0f62 1870898 interpreters optional libtcltk-ruby1.8_1.8.6.36-1ubuntu3.3_i386.deb
bb3936b613017ef40f8d511cf608bf99 317140 interpreters optional libopenssl-ruby1.8_1.8.6.36-1ubuntu3.3_i386.deb
386b85b1acc00c68b6ab1369ca4c5f2b 241038 interpreters optional ruby1.8_1.8.6.36-1ubuntu3.3_ia64.deb
b2b726dd92a5de1c47360befcad86e6e 1947754 libs optional libruby1.8_1.8.6.36-1ubuntu3.3_ia64.deb
8e43f322ba4d8209000c3cbfa45771ea 1299842 libdevel extra libruby1.8-dbg_1.8.6.36-1ubuntu3.3_ia64.deb
032495b191e23c8ff8c005139942036e 1005120 devel optional ruby1.8-dev_1.8.6.36-1ubuntu3.3_ia64.deb
e67f87c85b240e295da4839b72fb632c 224684 interpreters optional libdbm-ruby1.8_1.8.6.36-1ubuntu3.3_ia64.deb
91c681b7d9da79d29d4f2379f1a30f3b 224160 interpreters optional libgdbm-ruby1.8_1.8.6.36-1ubuntu3.3_ia64.deb
4f64a4fe992872336740b519a405b77a 222210 interpreters optional libreadline-ruby1.8_1.8.6.36-1ubuntu3.3_ia64.deb
fd5997d00ecb6e7e3223b034962e336f 1902210 interpreters optional libtcltk-ruby1.8_1.8.6.36-1ubuntu3.3_ia64.deb
48fceccaeb703026aa07f1c3ff47cca0 360788 interpreters optional libopenssl-ruby1.8_1.8.6.36-1ubuntu3.3_ia64.deb
84efc0ec1392fae2012e763e78f1144a 240084 interpreters optional ruby1.8_1.8.6.36-1ubuntu3.3_lpia.deb
7081b55e62374d94b8511c4eb83f09dd 1558496 libs optional libruby1.8_1.8.6.36-1ubuntu3.3_lpia.deb
35c65fb2d6d670de9f304f95a5779028 1341222 libdevel extra libruby1.8-dbg_1.8.6.36-1ubuntu3.3_lpia.deb
376b76a901c7017f22f6d0f8f9eef766 732550 devel optional ruby1.8-dev_1.8.6.36-1ubuntu3.3_lpia.deb
91b01ae34002bf4a05488320b450c4b3 219614 interpreters optional libdbm-ruby1.8_1.8.6.36-1ubuntu3.3_lpia.deb
88630bf704c1f3caf3961569576c8045 218696 interpreters optional libgdbm-ruby1.8_1.8.6.36-1ubuntu3.3_lpia.deb
67a37674ab1ff956169cff5249db1edc 218544 interpreters optional libreadline-ruby1.8_1.8.6.36-1ubuntu3.3_lpia.deb
0feed95d67248245046484e38c35d9a7 1870430 interpreters optional libtcltk-ruby1.8_1.8.6.36-1ubuntu3.3_lpia.deb
1096a28cba4f9d21ca257e42bc4437a1 315982 interpreters optional libopenssl-ruby1.8_1.8.6.36-1ubuntu3.3_lpia.deb
b8519299840aaabd1ea858600e43243e 242506 interpreters optional ruby1.8_1.8.6.36-1ubuntu3.3_powerpc.deb
4ff55d9e845e773536e7fe4c214bc90b 1674420 libs optional libruby1.8_1.8.6.36-1ubuntu3.3_powerpc.deb
a49b7b0a087e44344dd2074912487271 1409554 libdevel extra libruby1.8-dbg_1.8.6.36-1ubuntu3.3_powerpc.deb
de99804f03320ad578ee277d79e3baab 761192 devel optional ruby1.8-dev_1.8.6.36-1ubuntu3.3_powerpc.deb
9be53e393564f825e8ea68929a6d5b96 222866 interpreters optional libdbm-ruby1.8_1.8.6.36-1ubuntu3.3_powerpc.deb
fb30daebc8aa9bc85f907264ad97ade0 221896 interpreters optional libgdbm-ruby1.8_1.8.6.36-1ubuntu3.3_powerpc.deb
df69c64a97bbc862f21fc2b4417f28bf 221480 interpreters optional libreadline-ruby1.8_1.8.6.36-1ubuntu3.3_powerpc.deb
ebac624926c0814509f1af3c783b5f84 1880788 interpreters optional libtcltk-ruby1.8_1.8.6.36-1ubuntu3.3_powerpc.deb
8429603756cc9a9a887b90ca9715be63 331240 interpreters optional libopenssl-ruby1.8_1.8.6.36-1ubuntu3.3_powerpc.deb
b2d7a8376ffb31eb8c03e328aab69f86 1157 interpreters optional ruby1.8_1.8.6.36-1ubuntu3.3.dsc
4b05319e8c2fdb2f1659d09a58cae82c 54864 interpreters optional ruby1.8_1.8.6.36-1ubuntu3.3.diff.gz
be5c337a466ddfaa01877ed2f09c5c31 240338 interpreters optional ruby1.8_1.8.6.36-1ubuntu3.3_sparc.deb
a12406fc2cb1a62515aea4615d5894ca 1590832 libs optional libruby1.8_1.8.6.36-1ubuntu3.3_sparc.deb
a7dffaab959e598f8362b5faa87554c0 1247986 libdevel extra libruby1.8-dbg_1.8.6.36-1ubuntu3.3_sparc.deb
e5af72e778a2ccadd949f3dd61ac9695 770162 devel optional ruby1.8-dev_1.8.6.36-1ubuntu3.3_sparc.deb
3e9b580317643f5cc07ddc924db7c968 219694 interpreters optional libdbm-ruby1.8_1.8.6.36-1ubuntu3.3_sparc.deb
1018b1a878b2102bbe4bb8150a51d7a0 218888 interpreters optional libgdbm-ruby1.8_1.8.6.36-1ubuntu3.3_sparc.deb
87c5473f65d28b5ce7a6f695ec06b8a3 218806 interpreters optional libreadline-ruby1.8_1.8.6.36-1ubuntu3.3_sparc.deb
4ff5253bed07ea6a4a54a36733fe42a7 1873702 interpreters optional libtcltk-ruby1.8_1.8.6.36-1ubuntu3.3_sparc.deb
24992ada15755696d16a68864f6ad40f 322832 interpreters optional libopenssl-ruby1.8_1.8.6.36-1ubuntu3.3_sparc.deb
Launchpad-Bugs-Fixed: 246818 257122 261459
Original-Maintainer: akira yamada <akira at debian.org>
More information about the gutsy-changes
mailing list