From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1612-1
[email protected] http://www.debian.org/security/ Moritz Muehlenhoff
July 21, 2008
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : ruby1.8
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726 CVE-2008-2376
Several vulnerabilities have been discovered in the interpreter for
the Ruby language, which may lead to denial of service or the
execution of arbitrary code. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2006-2662
Drew Yao discovered that multiple integer overflows in the string
processing code may lead to denial of service and potentially the
execution of arbitrary code.
CVE-2008-2663
Drew Yao discovered that multiple integer overflows in the string
processing code may lead to denial of service and potentially the
execution of arbitrary code.
CVE-2008-2664
Drew Yao discovered that a programming error in the string
processing code may lead to denial of service and potentially the
execution of arbitrary code.
CVE-2008-2725
Drew Yao discovered that an integer overflow in the array handling
code may lead to denial of service and potentially the execution
of arbitrary code.
CVE-2008-2726
Drew Yao discovered that an integer overflow in the array handling
code may lead to denial of service and potentially the execution
of arbitrary code.
CVE-2008-2376
It was discovered that an integer overflow in the array handling
code may lead to denial of service and potentially the execution
of arbitrary code.
For the stable distribution (etch), these problems have been fixed in
version 1.8.5-4etch2.
For the unstable distribution (sid), these problems have been fixed in
version 1.8.7.22-2.
We recommend that you upgrade your ruby1.8 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Stable updates are available for amd64, arm, hppa, i386, ia64, mipsel, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5.orig.tar.gz
Size/MD5 checksum: 4434227 aae9676332fcdd52f66c3d99b289878f
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch2.diff.gz
Size/MD5 checksum: 100878 f55f4e2a0ca298d6312a8e3c4618da0f
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch2.dsc
Size/MD5 checksum: 1079 02286e0f1885c65a9d1fdad5bd933ac7
Architecture independent packages:
http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.5-4etch2_all.deb
Size/MD5 checksum: 309932 0d08bd3d9b467f82df59811dcb4ffd10
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.5-4etch2_all.deb
Size/MD5 checksum: 209874 76ab42ff282540121b1ffa23b8c34208
http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.5-4etch2_all.deb
Size/MD5 checksum: 235238 d1f242b11d00199ecedf64cac2c6ac44
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.5-4etch2_all.deb
Size/MD5 checksum: 242330 11359f9774006c02ca68402b1a6c021e
http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.5-4etch2_all.deb
Size/MD5 checksum: 1228716 cacd1dfc0b53e163adf3090175d85260
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch2_amd64.deb
Size/MD5 checksum: 302500 42fb912eed252ddf0c0e0d1ded838375
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch2_amd64.deb
Size/MD5 checksum: 197696 9388576f466a8d757a261653be326a64
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch2_amd64.deb
Size/MD5 checksum: 198304 6dd9e7ffc83e0a343acc5d9360233724
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch2_amd64.deb
Size/MD5 checksum: 1584450 7bfff8f2effc86fefd21cad2ad7aefe2
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch2_amd64.deb
Size/MD5 checksum: 197264 34559ddb2772bd4e4b4e9438da43b012
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch2_amd64.deb
Size/MD5 checksum: 1068156 13587924fe8611ee3248d69615b77ff9
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch2_amd64.deb
Size/MD5 checksum: 1863884 c9f007e6a0388f91463d422e9f88af00
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch2_amd64.deb
Size/MD5 checksum: 748210 55373ce2ec797ad0334761d19e21ed04
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch2_amd64.deb
Size/MD5 checksum: 216876 c45424af2eff7d0894d8b45f02531ae0
arm architecture (ARM)
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch2_arm.deb
Size/MD5 checksum: 196940 a62011688ef13cbc74632695d8360744
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch2_arm.deb
Size/MD5 checksum: 197322 edf088cbecf6685fcd8455b9f787e207
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch2_arm.deb
Size/MD5 checksum: 1858580 7ccb22d6b10c2d2f8016c4a37488354e
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)