Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1695-1] New Ruby packages fix denial of service (1/6)

From Florian Weimer@1:229/2 to All on Fri Jan 2 22:50:07 2009

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1695-1 [email protected] http://www.debian.org/security/ Florian Weimer January 02, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : ruby1.8, ruby1.9
Vulnerability : memory leak
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-3443
Debian Bug : 494401

The regular expression engine of Ruby, a scripting language, contains a
memory leak which can be triggered remotely under certain circumstances, leading to a denial of service condition (CVE-2008-3443).

In addition, this security update addresses a regression in the REXML
XML parser of the ruby1.8 package; the regression was introduced in
DSA-1651-1.

For the stable distribution (etch), this problem has been fixed in version 1.8.5-4etch4 of the ruby1.8 package, and version 1.9.0+20060609-1etch4
of the ruby1.9 package.

For the unstable distribution (sid), this problem has been fixed in
version 1.8.7.72-1 of the ruby1.8 package. The ruby1.9 package will be
fixed soon.

We recommend that you upgrade your Ruby packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5.orig.tar.gz
Size/MD5 checksum: 4434227 aae9676332fcdd52f66c3d99b289878f
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4.dsc
Size/MD5 checksum: 1102 1c38e939e74513153ee6677ef9f85b0d
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4.diff.gz
Size/MD5 checksum: 176939 2fea21ebd5e29d26714843fa415d6310
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4.diff.gz
Size/MD5 checksum: 32843 859c9ba559722e156d6931f3c8c347a4
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609.orig.tar.gz
Size/MD5 checksum: 4450198 483d9b46a973c7e14f7586f0b1129891
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4.dsc
Size/MD5 checksum: 1379 cbcf9f41397f2658e1db5ebae0178ccd

Architecture independent packages:

http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-examples_1.9.0+20060609-1etch4_all.deb
Size/MD5 checksum: 265870 fc302abc0465ab56ccd16fc0e724885c
http://security.debian.org/pool/updates/main/r/ruby1.9/irb1.9_1.9.0+20060609-1etch4_all.deb
Size/MD5 checksum: 255764 40a840e93b23abfe83f06fb68e411ecc
http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.5-4etch4_all.deb
Size/MD5 checksum: 309788 1a32b37a2ae266825239d31479481202
http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.5-4etch4_all.deb
Size/MD5 checksum: 1232694 0f2de56be8bf69925bdd69c0ebdb6e88
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-elisp_1.9.0+20060609-1etch4_all.deb
Size/MD5 checksum: 229450 c445df6488d98bba432cad422b2d26d2
http://security.debian.org/pool/updates/main/r/ruby1.9/ri1.9_1.9.0+20060609-1etch4_all.deb
Size/MD5 checksum: 694310 ba20a22e37fe3128ba68065e81b34be2
http://security.debian.org/pool/updates/main/r/ruby1.9/rdoc1.9_1.9.0+20060609-1etch4_all.deb
Size/MD5 checksum: 318608 107093187b68a01e89937e5595ada72f
http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.5-4etch4_all.deb
Size/MD5 checksum: 235540 742511548e73ce861aec2ebced3bb820
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.5-4etch4_all.deb
Size/MD5 checksum: 210174 3f151d4c5e251849b7bc82a4c0cc6717
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.5-4etch4_all.deb
Size/MD5 checksum: 243302 af6b1eacf4c03bc3fe53e3c2a8e13044

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_alpha.deb
Size/MD5 checksum: 199212 7450977513c7006dd667426d5499092c
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_alpha.deb
Size/MD5 checksum: 324692 f53f9acfd76ea3a29a8ef4892f2b573a
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_alpha.deb
Size/MD5 checksum: 237774 e9a60d0d7c8f73357b09bb6188070e21
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_alpha.deb
Size/MD5 checksum: 217606 1479ee1a4b51cb0a75783b2f3844723b
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_alpha.deb
Size/MD5 checksum: 219472 952a4e672625ce7f2529493b00364604
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_alpha.deb
Size/MD5 checksum: 301142 fb710ce9d21ff1fb7f8a3808fcb78d60
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_alpha.deb
Size/MD5 checksum: 216946 515718544ab0101093c6a57e63cb1cb8
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_alpha.deb
Size/MD5 checksum: 903520 d39e018101c51c880e2cd9895a88a1f8
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_alpha.deb
Size/MD5 checksum: 961022 f6d226e51af5740c5bda5772cf20e8a8
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_alpha.deb
Size/MD5 checksum: 217630 292a9b82a47bd1bc3c7b4ab440029cca
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_alpha.deb
Size/MD5 checksum: 198300 653c076799344535ac9b6a791ffb132d

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Bob Worm
  Mon Jun 8 16:33:22 2026
  from Wales, Uk via Telnet
- Bob Worm
  Mon Jun 8 14:11:46 2026
  from Wales, Uk via Telnet
- Krenn
  Mon Jun 8 11:22:02 2026
  from Sydney, Nsw via Telnet
- Bob Worm
  Mon Jun 8 08:26:26 2026
  from Wales, Uk via Telnet
- Spearb0y
  Mon Jun 8 06:51:02 2026
  from Massachusetts via SSH
- Krenn
  Mon Jun 8 05:45:38 2026
  from Sydney, Nsw via Telnet
- Bob Worm
  Sun Jun 7 20:58:28 2026
  from Wales, Uk via Telnet
- Michal Wronka
  Sun Jun 7 19:26:28 2026
  from Wroclaw, Poland via SSH

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (3 / 13)
Uptime:	24:18:09
Calls:	12,106
Calls today:	6
Files:	15,006
Messages:	6,518,164

[SECURITY] [DSA 1695-1] New Ruby packages fix denial of service (1/6)

Who's Online

Recent Visitors

System Info