From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1652-1
[email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 12, 2008
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : ruby1.9
Vulnerability : several
Problem-Type : local(remote)
Debian-specific: no
CVE ID : CVE-2008-3655 CVE-2008-3656 CVE-2008-3657 CVE-2008-3790 CVE-2008-3905
Several vulnerabilities have been discovered in the interpreter for
the Ruby language, which may lead to denial of service and other
security problems. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2008-3655
Keita Yamaguchi discovered that several safe level restrictions
are insufficiently enforced.
CVE-2008-3656
Christian Neukirchen discovered that the WebRick module uses
inefficient algorithms for HTTP header splitting, resulting in
denial of service through resource exhaustion.
CVE-2008-3657
It was discovered that the dl module doesn't perform taintness
checks.
CVE-2008-3790
Luka Treiber and Mitja Kolsek discovered that recursively nested
XML entities can lead to denial of service through resource
exhaustion in rexml.
CVE-2008-3905
Tanaka Akira discovered that the resolv module uses sequential
transaction IDs and a fixed source port for DNS queries, which
makes it more vulnerable to DNS spoofing attacks.
For the stable distribution (etch), these problems have been fixed in
version 1.9.0+20060609-1etch3. Packages for arm will be provided later.
For the unstable distribution (sid), these problems have been fixed in
version 1.9.0.2-6.
We recommend that you upgrade your ruby1.9 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609.orig.tar.gz
Size/MD5 checksum: 4450198 483d9b46a973c7e14f7586f0b1129891
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3.diff.gz
Size/MD5 checksum: 32500 f9ecc42746b8a277f0adf684db941813
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3.dsc
Size/MD5 checksum: 1102 d9f8325a51dc85e7a592135602aa5adb
Architecture independent packages:
http://security.debian.org/pool/updates/main/r/ruby1.9/rdoc1.9_1.9.0+20060609-1etch3_all.deb
Size/MD5 checksum: 318568 8829c7b1dc51b1694ec44c22df0b9aa2
http://security.debian.org/pool/updates/main/r/ruby1.9/irb1.9_1.9.0+20060609-1etch3_all.deb
Size/MD5 checksum: 255728 98a8ba887948dad97e365d6fe4cd7365
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-examples_1.9.0+20060609-1etch3_all.deb
Size/MD5 checksum: 265788 baf95223f575afea5a19eda8931ab20f
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-elisp_1.9.0+20060609-1etch3_all.deb
Size/MD5 checksum: 229404 5fd60bd0423a2bf3e7b7d9f2fdbf50f8
http://security.debian.org/pool/updates/main/r/ruby1.9/ri1.9_1.9.0+20060609-1etch3_all.deb
Size/MD5 checksum: 694282 195e55b70aaf9f35ff0b3156460c05a0
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch3_alpha.deb
Size/MD5 checksum: 217526 18e248f393c0157029127735d35ab58c
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3_alpha.deb
Size/MD5 checksum: 237710 40f6ac2464dd488bcec0d9e705457071
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch3_alpha.deb
Size/MD5 checksum: 324622 3daf8b07570c96d9575c851ab21deae3
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch3_alpha.deb
Size/MD5 checksum: 340188 8e9d2e6f51f659ad6df94a11961b6429
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch3_alpha.deb
Size/MD5 checksum: 1890052 15fa703f9493159f200bc8719305f8f7
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch3_alpha.deb
Size/MD5 checksum: 216796 19318b591b6bce163cd767ccbc8e55a0
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch3_alpha.deb
Size/MD5 checksum: 1881332 5b980e23f25edf7bbc978bbdfb2ffa18
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch3_alpha.deb
Size/MD5 checksum: 217544 96ac4e52a0ddbf2a70ae8a49b8468338
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch3_alpha.deb
Size/MD5 checksum: 961014 16b8cfc9ec220aed8a4a6d83b7a903f3
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch3_amd64.deb
Size/MD5 checksum: 216496 a612ba557549caf4ba25abe252da8568
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch3_amd64.deb
Size/MD5 checksum: 346006 8ea61f15325461d26752621150af4c55
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch3_amd64.deb
Size/MD5 checksum: 1878306 97b41d5d6a9d13ceab9139faf6ec9f36
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3_amd64.deb
Size/MD5 checksum: 235552 8767d4d810273a9f0177a47a0a08c073
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)