Referenced CVEs:
CVE-2008-2376, CVE-2008-3443, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790, CVE-2008-3905


Description:
===========================================================Ubuntu Security Notice USN-651-1 October 10, 2008ruby1.8 vulnerabilitiesCVE-2008-2376, CVE-2008-3443, CVE-2008-3655, CVE-2008-3656,CVE-2008-3657, CVE-2008-3790, CVE-2008-3905===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.04Ubuntu 7.10Ubuntu 8.04 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libruby1.8 1.8.4-1ubuntu1.6 ruby1.8 1.8.4-1ubuntu1.6Ubuntu 7.04: libruby1.8 1.8.5-4ubuntu2.3 ruby1.8 1.8.5-4ubuntu2.3Ubuntu 7.10: libruby1.8 1.8.6.36-1ubuntu3.3 ruby1.8 1.8.6.36-1ubuntu3.3Ubuntu 8.04 LTS: libruby1.8 1.8.6.111-2ubuntu1.2 ruby1.8 1.8.6.111-2ubuntu1.2In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Akira Tagoh discovered a vulnerability in Ruby which lead to an integeroverflow. If a user or automated system were tricked into running amalicious script, an attacker could cause a denial of service orpossibly execute arbitrary code with the privileges of the userinvoking the program. (CVE-2008-2376)Laurent Gaffie discovered that Ruby did not properly check for memoryallocation failures. If a user or automated system were tricked intorunning a malicious script, an attacker could cause a denial ofservice. (CVE-2008-3443)Keita Yamaguchi discovered several safe level vulnerabilities in Ruby.An attacker could use this to bypass intended access restrictions.(CVE-2008-3655)Keita Yamaguchi discovered that WEBrick in Ruby did not properlyvalidate paths ending with ".". A remote attacker could send a craftedHTTP request and cause a denial of service. (CVE-2008-3656)Keita Yamaguchi discovered that the dl module in Ruby did not checkthe taintness of inputs. An attacker could exploit this vulnerabilityto bypass safe levels and execute dangerous functions. (CVE-2008-3657)Luka Treiber and Mitja Kolsek discovered that REXML in Ruby did notalways use expansion limits when processing XML documents. If a user orautomated system were tricked into open a crafted XML file, an attackercould cause a denial of service via CPU consumption. (CVE-2008-3790)Jan Lieskovsky discovered several flaws in the name resolver of Ruby. Aremote attacker could exploit this to spoof DNS entries, which couldlead to misdirected traffic. This is a different vulnerability fromCVE-2008-1447. (CVE-2008-3790)





More...