This bug was fixed in the package ruby1.8 - 1.8.6.111-2ubuntu1.2 --------------- ruby1.8 (1.8.6.111-2ubuntu1.2) hardy-security; urgency=low
* SECURITY UPDATE: denial of service via resource exhaustion in the REXML module (LP: #261459) - debian/patches/102_CVE-2008-3790.dpatch: adjust rexml/document.rb and rexml/entity.rb to use expansion limits - CVE-2008-3790 * SECURITY UPDATE: integer overflow in rb_ary_fill may cause denial of service (LP: #246818) - debian/patches/103_CVE-2008-2376.dpatch: adjust array.c to properly check argument length - CVE-2008-2376 * SECURITY UPDATE: denial of service via multiple long requests to a Ruby socket - debian/patches/104_CVE-2008-3443.dpatch: adjust regex.c to not use ruby managed memory and check for allocation failures - CVE-2008-3443 * SECURITY UPDATE: denial of service via crafted HTTP request (LP: #257122) - debian/patches/105_CVE-2008-3656.dpatch: update webrick/httputils.rb to properly check paths ending with '.' - CVE-2008-3656 * SECURITY UPDATE: predictable transaction id and source port for DNS requests (separate vulnerability from CVE-2008-1447) - debian/patches/106_CVE-2008-3905.dpatch: adjust resolv.rb to use SecureRandom for transaction id and source port - CVE-2008-3905 * SECURITY UPDATE: safe level bypass via DL.dlopen - debian/patches/107_CVE-2008-3657.dpatch: adjust rb_str_to_ptr and rb_ary_to_ptr in ext/dl/dl.c and rb_dlsym_call in ext/dl/sym.c to propogate taint and check taintness of DLPtrData - CVE-2008-3657 * SECURITY UPDATE: safe level bypass via multiple vectors - debian/patches/108_CVE-2008-3655.dpatch: use rb_secure(4) in variable.c and syslog.c, check for secure level 3 or higher in eval.c and make sure PROGRAM_NAME can't be modified - CVE-2008-3655 -- Jamie Strandboge <[EMAIL PROTECTED]> Tue, 07 Oct 2008 13:34:00 -0500 ** Changed in: ruby1.8 (Ubuntu Hardy) Status: In Progress => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1447 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-3443 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-3655 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-3656 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-3657 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-3790 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-3905 ** Changed in: ruby1.8 (Ubuntu Gutsy) Status: In Progress => Fix Released -- [CVE-2008-2376] Integer overflow in the rb_ary_fill function in array.c in Ruby https://bugs.launchpad.net/bugs/246818 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs