[ubuntu/hardy-security] ruby1.8 1.8.6.111-2ubuntu1.2 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Fri Oct 10 02:55:45 BST 2008
ruby1.8 (1.8.6.111-2ubuntu1.2) hardy-security; urgency=low
* SECURITY UPDATE: denial of service via resource exhaustion in the REXML
module (LP: #261459)
- debian/patches/102_CVE-2008-3790.dpatch: adjust rexml/document.rb and
rexml/entity.rb to use expansion limits
- CVE-2008-3790
* SECURITY UPDATE: integer overflow in rb_ary_fill may cause denial of
service (LP: #246818)
- debian/patches/103_CVE-2008-2376.dpatch: adjust array.c to properly
check argument length
- CVE-2008-2376
* SECURITY UPDATE: denial of service via multiple long requests to a Ruby
socket
- debian/patches/104_CVE-2008-3443.dpatch: adjust regex.c to not use ruby
managed memory and check for allocation failures
- CVE-2008-3443
* SECURITY UPDATE: denial of service via crafted HTTP request (LP: #257122)
- debian/patches/105_CVE-2008-3656.dpatch: update webrick/httputils.rb to
properly check paths ending with '.'
- CVE-2008-3656
* SECURITY UPDATE: predictable transaction id and source port for DNS
requests (separate vulnerability from CVE-2008-1447)
- debian/patches/106_CVE-2008-3905.dpatch: adjust resolv.rb to use
SecureRandom for transaction id and source port
- CVE-2008-3905
* SECURITY UPDATE: safe level bypass via DL.dlopen
- debian/patches/107_CVE-2008-3657.dpatch: adjust rb_str_to_ptr and
rb_ary_to_ptr in ext/dl/dl.c and rb_dlsym_call in ext/dl/sym.c to
propogate taint and check taintness of DLPtrData
- CVE-2008-3657
* SECURITY UPDATE: safe level bypass via multiple vectors
- debian/patches/108_CVE-2008-3655.dpatch: use rb_secure(4) in variable.c
and syslog.c, check for secure level 3 or higher in eval.c and make
sure PROGRAM_NAME can't be modified
- CVE-2008-3655
Date: Tue, 07 Oct 2008 13:34:00 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Core developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/ruby1.8/1.8.6.111-2ubuntu1.2
-------------- next part --------------
Format: 1.7
Date: Tue, 07 Oct 2008 13:34:00 -0500
Source: ruby1.8
Binary: irb1.8 libdbm-ruby1.8 libgdbm-ruby1.8 libopenssl-ruby1.8 libreadline-ruby1.8 libruby1.8 libruby1.8-dbg libtcltk-ruby1.8 rdoc1.8 ri1.8 ruby1.8 ruby1.8-dev ruby1.8-elisp ruby1.8-examples
Architecture: amd64 hppa all i386 ia64 lpia powerpc source sparc
Version: 1.8.6.111-2ubuntu1.2
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Core developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
irb1.8 - Interactive Ruby (for Ruby 1.8)
libdbm-ruby1.8 - DBM interface for Ruby 1.8
libgdbm-ruby1.8 - GDBM interface for Ruby 1.8
libopenssl-ruby1.8 - OpenSSL interface for Ruby 1.8
libreadline-ruby1.8 - Readline interface for Ruby 1.8
libruby1.8 - Libraries necessary to run Ruby 1.8
libruby1.8-dbg - Debugging symbols for Ruby 1.8
libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8
rdoc1.8 - Generate documentation from Ruby source files (for Ruby 1.8)
ri1.8 - Ruby Interactive reference (for Ruby 1.8)
ruby1.8 - Interpreter of object-oriented scripting language Ruby 1.8
ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8
ruby1.8-elisp - ruby-mode for Emacsen
ruby1.8-examples - Examples for Ruby 1.8
Changes:
ruby1.8 (1.8.6.111-2ubuntu1.2) hardy-security; urgency=low
.
* SECURITY UPDATE: denial of service via resource exhaustion in the REXML
module (LP: #261459)
- debian/patches/102_CVE-2008-3790.dpatch: adjust rexml/document.rb and
rexml/entity.rb to use expansion limits
- CVE-2008-3790
* SECURITY UPDATE: integer overflow in rb_ary_fill may cause denial of
service (LP: #246818)
- debian/patches/103_CVE-2008-2376.dpatch: adjust array.c to properly
check argument length
- CVE-2008-2376
* SECURITY UPDATE: denial of service via multiple long requests to a Ruby
socket
- debian/patches/104_CVE-2008-3443.dpatch: adjust regex.c to not use ruby
managed memory and check for allocation failures
- CVE-2008-3443
* SECURITY UPDATE: denial of service via crafted HTTP request (LP: #257122)
- debian/patches/105_CVE-2008-3656.dpatch: update webrick/httputils.rb to
properly check paths ending with '.'
- CVE-2008-3656
* SECURITY UPDATE: predictable transaction id and source port for DNS
requests (separate vulnerability from CVE-2008-1447)
- debian/patches/106_CVE-2008-3905.dpatch: adjust resolv.rb to use
SecureRandom for transaction id and source port
- CVE-2008-3905
* SECURITY UPDATE: safe level bypass via DL.dlopen
- debian/patches/107_CVE-2008-3657.dpatch: adjust rb_str_to_ptr and
rb_ary_to_ptr in ext/dl/dl.c and rb_dlsym_call in ext/dl/sym.c to
propogate taint and check taintness of DLPtrData
- CVE-2008-3657
* SECURITY UPDATE: safe level bypass via multiple vectors
- debian/patches/108_CVE-2008-3655.dpatch: use rb_secure(4) in variable.c
and syslog.c, check for secure level 3 or higher in eval.c and make
sure PROGRAM_NAME can't be modified
- CVE-2008-3655
Files:
f37663c9bca31302062bb30ba5d6ce84 25134 interpreters optional ruby1.8_1.8.6.111-2ubuntu1.2_amd64.deb
60da3fe7a7d5ad5826fbad1f0cc1e2d8 1450332 libs optional libruby1.8_1.8.6.111-2ubuntu1.2_amd64.deb
df190716a3ba5f6211fe6f7b6d8fada7 1178580 libdevel extra libruby1.8-dbg_1.8.6.111-2ubuntu1.2_amd64.deb
1eb576f990f86405229272184386e27f 574844 devel optional ruby1.8-dev_1.8.6.111-2ubuntu1.2_amd64.deb
3b8002754887870255e0ea9fbfe86581 12326 interpreters optional libdbm-ruby1.8_1.8.6.111-2ubuntu1.2_amd64.deb
d8198d0d0eb32343a2f4a3a560c9d344 11948 interpreters optional libgdbm-ruby1.8_1.8.6.111-2ubuntu1.2_amd64.deb
bb546ec5c1273fb85dec9d35e923912c 11378 interpreters optional libreadline-ruby1.8_1.8.6.111-2ubuntu1.2_amd64.deb
eb8f32eb771deab2901aac313e2f09e5 1670560 interpreters optional libtcltk-ruby1.8_1.8.6.111-2ubuntu1.2_amd64.deb
d70ed654fa7eb7d3b27ec61751b8823a 121148 interpreters optional libopenssl-ruby1.8_1.8.6.111-2ubuntu1.2_amd64.deb
8f4b5c933fe2a039dfc47edf4bae7138 25436 interpreters optional ruby1.8_1.8.6.111-2ubuntu1.2_hppa.deb
3dc793a97fbcf110cbf03c2868818f86 1515060 libs optional libruby1.8_1.8.6.111-2ubuntu1.2_hppa.deb
8e0c143561f0a3d43710e34cde3c5b3d 1164240 libdevel extra libruby1.8-dbg_1.8.6.111-2ubuntu1.2_hppa.deb
9e844ac7e6526794860aa95c3ab45309 641798 devel optional ruby1.8-dev_1.8.6.111-2ubuntu1.2_hppa.deb
f549e4fe9325372e454cbe88ccd5a720 13098 interpreters optional libdbm-ruby1.8_1.8.6.111-2ubuntu1.2_hppa.deb
b46c5a6aa57385b55f0ea15dc87a1551 12706 interpreters optional libgdbm-ruby1.8_1.8.6.111-2ubuntu1.2_hppa.deb
b82016892d4419479893dadfaf9c919d 12194 interpreters optional libreadline-ruby1.8_1.8.6.111-2ubuntu1.2_hppa.deb
a2be3b37946a69943559dd4bb8292509 1677034 interpreters optional libtcltk-ruby1.8_1.8.6.111-2ubuntu1.2_hppa.deb
7e44f9aa511645151c8a9a9467dd4a16 128754 interpreters optional libopenssl-ruby1.8_1.8.6.111-2ubuntu1.2_hppa.deb
15caf210c8b823787c82b8de41095f39 77736 interpreters optional ruby1.8-examples_1.8.6.111-2ubuntu1.2_all.deb
28fdd0c0abeeecbb2f1f6bb44c8aaf5d 47958 interpreters optional ruby1.8-elisp_1.8.6.111-2ubuntu1.2_all.deb
4928e265125463f4d8c3c5f3c1720f41 1081228 interpreters optional ri1.8_1.8.6.111-2ubuntu1.2_all.deb
18f7d8f9a6197cc748dcb7d173f3394c 124630 doc optional rdoc1.8_1.8.6.111-2ubuntu1.2_all.deb
71b9579b2b6a846dede4ea355b334718 74072 interpreters optional irb1.8_1.8.6.111-2ubuntu1.2_all.deb
3d997c7ba13332c208f5d803cd232b01 24908 interpreters optional ruby1.8_1.8.6.111-2ubuntu1.2_i386.deb
c13a8c38e3a3a61aeccbdc599eaf91a9 1383854 libs optional libruby1.8_1.8.6.111-2ubuntu1.2_i386.deb
ab1eb0bf0b27ca17d77b4afed053ac8b 1113156 libdevel extra libruby1.8-dbg_1.8.6.111-2ubuntu1.2_i386.deb
4503f3d1d666b59b8979244b6440a8c7 535666 devel optional ruby1.8-dev_1.8.6.111-2ubuntu1.2_i386.deb
df4a0e011310836b38c2b6ca79996e18 11502 interpreters optional libdbm-ruby1.8_1.8.6.111-2ubuntu1.2_i386.deb
732650f63c4c1ef11d5ca17a78ac82cc 10768 interpreters optional libgdbm-ruby1.8_1.8.6.111-2ubuntu1.2_i386.deb
71e3f8f7876fefd5007e03e75af7ce1e 10472 interpreters optional libreadline-ruby1.8_1.8.6.111-2ubuntu1.2_i386.deb
763d08f62de2b56dfdf7beabb83e09c1 1663912 interpreters optional libtcltk-ruby1.8_1.8.6.111-2ubuntu1.2_i386.deb
1a658f4f8dc6a54b680d86316676f68e 107730 interpreters optional libopenssl-ruby1.8_1.8.6.111-2ubuntu1.2_i386.deb
fd91d3e40e22ff4cf1b71e5aaa416653 25802 interpreters optional ruby1.8_1.8.6.111-2ubuntu1.2_ia64.deb
52eabf112fe957cf48faa12587e227af 1768452 libs optional libruby1.8_1.8.6.111-2ubuntu1.2_ia64.deb
e325b6b4ef737937dd2dac9fc7459a3b 1109646 libdevel extra libruby1.8-dbg_1.8.6.111-2ubuntu1.2_ia64.deb
b70178ac238df141953ac201f9e603e3 794210 devel optional ruby1.8-dev_1.8.6.111-2ubuntu1.2_ia64.deb
2ad52ba8a7c97facd3cd778ffe9ccaa9 16556 interpreters optional libdbm-ruby1.8_1.8.6.111-2ubuntu1.2_ia64.deb
ca08cd53816efe06f82821747c77cf48 16180 interpreters optional libgdbm-ruby1.8_1.8.6.111-2ubuntu1.2_ia64.deb
6f6da35eab070158c38f9a8f5cd1609b 14004 interpreters optional libreadline-ruby1.8_1.8.6.111-2ubuntu1.2_ia64.deb
8bc88f104283bc9aff3146a668c5ebd1 1694972 interpreters optional libtcltk-ruby1.8_1.8.6.111-2ubuntu1.2_ia64.deb
e895e713a5030ea62cf4ddb1d9a97173 150506 interpreters optional libopenssl-ruby1.8_1.8.6.111-2ubuntu1.2_ia64.deb
4ade089d138173c081970d6606977094 24870 interpreters optional ruby1.8_1.8.6.111-2ubuntu1.2_lpia.deb
4a98a5127cdf41faf1d429afd552124e 1375866 libs optional libruby1.8_1.8.6.111-2ubuntu1.2_lpia.deb
378b82dba87dbf148f887e5acf853849 1134870 libdevel extra libruby1.8-dbg_1.8.6.111-2ubuntu1.2_lpia.deb
048f75bf0a38a24f38533dbaabf33c84 527176 devel optional ruby1.8-dev_1.8.6.111-2ubuntu1.2_lpia.deb
402d530351de75e4f3f054389a8ac43f 11310 interpreters optional libdbm-ruby1.8_1.8.6.111-2ubuntu1.2_lpia.deb
bd409050af1d007a46c75b5cb4eee9f2 10608 interpreters optional libgdbm-ruby1.8_1.8.6.111-2ubuntu1.2_lpia.deb
fa622b49a64c79c1192556240d7fdb21 10354 interpreters optional libreadline-ruby1.8_1.8.6.111-2ubuntu1.2_lpia.deb
a920189e44178d564c912fd413d72cf1 1663778 interpreters optional libtcltk-ruby1.8_1.8.6.111-2ubuntu1.2_lpia.deb
d84b3baf42b7a5b5c011a2aa539613ea 106940 interpreters optional libopenssl-ruby1.8_1.8.6.111-2ubuntu1.2_lpia.deb
82d2bd28fcdb35aea759f81a59ddc583 27260 interpreters optional ruby1.8_1.8.6.111-2ubuntu1.2_powerpc.deb
aa957e294c82bdc58ec0ef798f25b1c6 1489794 libs optional libruby1.8_1.8.6.111-2ubuntu1.2_powerpc.deb
6e1d0f55a02b1fdf018be4de6d8e8c3f 1192712 libdevel extra libruby1.8-dbg_1.8.6.111-2ubuntu1.2_powerpc.deb
5878e3ca79f5f1ebb977a90f7ee7b9f7 552414 devel optional ruby1.8-dev_1.8.6.111-2ubuntu1.2_powerpc.deb
0c3f2436d8a9b56a0e588093dd7ecd06 14368 interpreters optional libdbm-ruby1.8_1.8.6.111-2ubuntu1.2_powerpc.deb
a04ae1484a6e8695a1bf86fb2c2a9a31 13608 interpreters optional libgdbm-ruby1.8_1.8.6.111-2ubuntu1.2_powerpc.deb
3f52dd2af9842b07f447e66ef0d46756 13254 interpreters optional libreadline-ruby1.8_1.8.6.111-2ubuntu1.2_powerpc.deb
eaebb8bbb69e3c561cf3ae3e33f7f8dc 1673272 interpreters optional libtcltk-ruby1.8_1.8.6.111-2ubuntu1.2_powerpc.deb
9ad15576894f50addd9e0bf730f03a29 121176 interpreters optional libopenssl-ruby1.8_1.8.6.111-2ubuntu1.2_powerpc.deb
b20570ae7811691394cc8cc637a7c201 1163 interpreters optional ruby1.8_1.8.6.111-2ubuntu1.2.dsc
dfded78dac701b49287294ffdc009cbe 54434 interpreters optional ruby1.8_1.8.6.111-2ubuntu1.2.diff.gz
3a50f7acc4233818bf0ec06daa398f04 25052 interpreters optional ruby1.8_1.8.6.111-2ubuntu1.2_sparc.deb
89d3135223052583f4290cc9e0d625e0 1404558 libs optional libruby1.8_1.8.6.111-2ubuntu1.2_sparc.deb
52e9191aedcfd7849db5653126c34583 1046680 libdevel extra libruby1.8-dbg_1.8.6.111-2ubuntu1.2_sparc.deb
93df3fa514ca354ba7d79b82e03353f4 560264 devel optional ruby1.8-dev_1.8.6.111-2ubuntu1.2_sparc.deb
96231d393d94b3563c3bc9972da85f9a 11284 interpreters optional libdbm-ruby1.8_1.8.6.111-2ubuntu1.2_sparc.deb
9a95e27efdd7508969073b785e99bcc6 10640 interpreters optional libgdbm-ruby1.8_1.8.6.111-2ubuntu1.2_sparc.deb
b3eda113650aeff0b95055ce2c979ed2 10534 interpreters optional libreadline-ruby1.8_1.8.6.111-2ubuntu1.2_sparc.deb
ff1f3203f4609efabcf04145cbbca143 1665984 interpreters optional libtcltk-ruby1.8_1.8.6.111-2ubuntu1.2_sparc.deb
f7031a3def1760bafd76a07b6887eeb7 112404 interpreters optional libopenssl-ruby1.8_1.8.6.111-2ubuntu1.2_sparc.deb
Launchpad-Bugs-Fixed: 246818 257122 261459
Original-Maintainer: akira yamada <akira at debian.org>
More information about the Hardy-changes
mailing list