USN-651-1: Ruby vulnerabilities Post: 302245313

Sponsored Content

Special Forums Cybersecurity Security Advisories (RSS) USN-651-1: Ruby vulnerabilities Post 302245313 by Linux Bot on Thursday 9th of October 2008 10:30:04 PM

10-09-2008

Registered User

USN-651-1: Ruby vulnerabilities

Referenced CVEs:
CVE-2008-2376, CVE-2008-3443, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790, CVE-2008-3905

Description:
===========================================================Ubuntu Security Notice USN-651-1 October 10, 2008ruby1.8 vulnerabilitiesCVE-2008-2376, CVE-2008-3443, CVE-2008-3655, CVE-2008-3656,CVE-2008-3657, CVE-2008-3790, CVE-2008-3905===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.04Ubuntu 7.10Ubuntu 8.04 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libruby1.8 1.8.4-1ubuntu1.6 ruby1.8 1.8.4-1ubuntu1.6Ubuntu 7.04: libruby1.8 1.8.5-4ubuntu2.3 ruby1.8 1.8.5-4ubuntu2.3Ubuntu 7.10: libruby1.8 1.8.6.36-1ubuntu3.3 ruby1.8 1.8.6.36-1ubuntu3.3Ubuntu 8.04 LTS: libruby1.8 1.8.6.111-2ubuntu1.2 ruby1.8 1.8.6.111-2ubuntu1.2In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Akira Tagoh discovered a vulnerability in Ruby which lead to an integeroverflow. If a user or automated system were tricked into running amalicious script, an attacker could cause a denial of service orpossibly execute arbitrary code with the privileges of the userinvoking the program. (CVE-2008-2376)Laurent Gaffie discovered that Ruby did not properly check for memoryallocation failures. If a user or automated system were tricked intorunning a malicious script, an attacker could cause a denial ofservice. (CVE-2008-3443)Keita Yamaguchi discovered several safe level vulnerabilities in Ruby.An attacker could use this to bypass intended access restrictions.(CVE-2008-3655)Keita Yamaguchi discovered that WEBrick in Ruby did not properlyvalidate paths ending with ".". A remote attacker could send a craftedHTTP request and cause a denial of service. (CVE-2008-3656)Keita Yamaguchi discovered that the dl module in Ruby did not checkthe taintness of inputs. An attacker could exploit this vulnerabilityto bypass safe levels and execute dangerous functions. (CVE-2008-3657)Luka Treiber and Mitja Kolsek discovered that REXML in Ruby did notalways use expansion limits when processing XML documents. If a user orautomated system were tricked into open a crafted XML file, an attackercould cause a denial of service via CPU consumption. (CVE-2008-3790)Jan Lieskovsky discovered several flaws in the name resolver of Ruby. Aremote attacker could exploit this to spoof DNS entries, which couldlead to misdirected traffic. This is a different vulnerability fromCVE-2008-1447. (CVE-2008-3790)

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

LEARN ABOUT MOJAVE

datetime::locale::ug5.18

DateTime::Locale::ug(3) 				User Contributed Perl Documentation				   DateTime::Locale::ug(3)

NAME

       DateTime::Locale::ug

SYNOPSIS

	 use DateTime;

	 my $dt = DateTime->now( locale => 'ug' );
	 print $dt->month_name();

DESCRIPTION

       This is the DateTime locale package for Uighur.

DATA

       This locale inherits from the DateTime::Locale::root locale.

       It contains the following data.

   Days
       Wide (format)

	 2
	 3
	 4
	 5
	 6
	 7
	 1

       Abbreviated (format)

	 2
	 3
	 4
	 5
	 6
	 7
	 1

       Narrow (format)

	 2
	 3
	 4
	 5
	 6
	 7
	 1

       Wide (stand-alone)

	 2
	 3
	 4
	 5
	 6
	 7
	 1

       Abbreviated (stand-alone)

	 2
	 3
	 4
	 5
	 6
	 7
	 1

       Narrow (stand-alone)

	 2
	 3
	 4
	 5
	 6
	 7
	 1

   Months
       Wide (format)

	 1
	 2
	 3
	 4
	 5
	 6
	 7
	 8
	 9
	 10
	 11
	 12

       Abbreviated (format)

	 1
	 2
	 3
	 4
	 5
	 6
	 7
	 8
	 9
	 10
	 11
	 12

       Narrow (format)

	 1
	 2
	 3
	 4
	 5
	 6
	 7
	 8
	 9
	 10
	 11
	 12

       Wide (stand-alone)

	 1
	 2
	 3
	 4
	 5
	 6
	 7
	 8
	 9
	 10
	 11
	 12

       Abbreviated (stand-alone)

	 1
	 2
	 3
	 4
	 5
	 6
	 7
	 8
	 9
	 10
	 11
	 12

       Narrow (stand-alone)

	 1
	 2
	 3
	 4
	 5
	 6
	 7
	 8
	 9
	 10
	 11
	 12

   Quarters
       Wide (format)

	 Q1
	 Q2
	 Q3
	 Q4

       Abbreviated (format)

	 Q1
	 Q2
	 Q3
	 Q4

       Narrow (format)

	 1
	 2
	 3
	 4

       Wide (stand-alone)

	 Q1
	 Q2
	 Q3
	 Q4

       Abbreviated (stand-alone)

	 Q1
	 Q2
	 Q3
	 Q4

       Narrow (stand-alone)

	 1
	 2
	 3
	 4

   Eras
       Wide

	 BCE
	 CE

       Abbreviated

	 BCE
	 CE

       Narrow

	 BCE
	 CE

   Date Formats
       Full

	  2008-02-05T18:30:30 = 3, 2008 2 05
	  1995-12-22T09:05:02 = 6, 1995 12 22
	 -0010-09-15T04:44:23 = 7, -10 9 15

       Long

	  2008-02-05T18:30:30 = 2008 2 5
	  1995-12-22T09:05:02 = 1995 12 22
	 -0010-09-15T04:44:23 = -10 9 15

       Medium

	  2008-02-05T18:30:30 = 2008 2 5
	  1995-12-22T09:05:02 = 1995 12 22
	 -0010-09-15T04:44:23 = -10 9 15

       Short

	  2008-02-05T18:30:30 = 2008-02-05
	  1995-12-22T09:05:02 = 1995-12-22
	 -0010-09-15T04:44:23 = -010-09-15

       Default

	  2008-02-05T18:30:30 = 2008 2 5
	  1995-12-22T09:05:02 = 1995 12 22
	 -0010-09-15T04:44:23 = -10 9 15

   Time Formats
       Full

	  2008-02-05T18:30:30 = 18:30:30 UTC
	  1995-12-22T09:05:02 = 09:05:02 UTC
	 -0010-09-15T04:44:23 = 04:44:23 UTC

       Long

	  2008-02-05T18:30:30 = 18:30:30 UTC
	  1995-12-22T09:05:02 = 09:05:02 UTC
	 -0010-09-15T04:44:23 = 04:44:23 UTC

       Medium

	  2008-02-05T18:30:30 = 18:30:30
	  1995-12-22T09:05:02 = 09:05:02
	 -0010-09-15T04:44:23 = 04:44:23

       Short

	  2008-02-05T18:30:30 = 18:30
	  1995-12-22T09:05:02 = 09:05
	 -0010-09-15T04:44:23 = 04:44

       Default

	  2008-02-05T18:30:30 = 18:30:30
	  1995-12-22T09:05:02 = 09:05:02
	 -0010-09-15T04:44:23 = 04:44:23

   Datetime Formats
       Full

	  2008-02-05T18:30:30 = 3, 2008 2 05 18:30:30 UTC
	  1995-12-22T09:05:02 = 6, 1995 12 22 09:05:02 UTC
	 -0010-09-15T04:44:23 = 7, -10 9 15 04:44:23 UTC

       Long

	  2008-02-05T18:30:30 = 2008 2 5 18:30:30 UTC
	  1995-12-22T09:05:02 = 1995 12 22 09:05:02 UTC
	 -0010-09-15T04:44:23 = -10 9 15 04:44:23 UTC

       Medium

	  2008-02-05T18:30:30 = 2008 2 5 18:30:30
	  1995-12-22T09:05:02 = 1995 12 22 09:05:02
	 -0010-09-15T04:44:23 = -10 9 15 04:44:23

       Short

	  2008-02-05T18:30:30 = 2008-02-05 18:30
	  1995-12-22T09:05:02 = 1995-12-22 09:05
	 -0010-09-15T04:44:23 = -010-09-15 04:44

       Default

	  2008-02-05T18:30:30 = 2008 2 5 18:30:30
	  1995-12-22T09:05:02 = 1995 12 22 09:05:02
	 -0010-09-15T04:44:23 = -10 9 15 04:44:23

   Available Formats
       d (d)

	  2008-02-05T18:30:30 = 5
	  1995-12-22T09:05:02 = 22
	 -0010-09-15T04:44:23 = 15

       EEEd (d EEE)

	  2008-02-05T18:30:30 = 5 3
	  1995-12-22T09:05:02 = 22 6
	 -0010-09-15T04:44:23 = 15 7

       Hm (H:mm)

	  2008-02-05T18:30:30 = 18:30
	  1995-12-22T09:05:02 = 9:05
	 -0010-09-15T04:44:23 = 4:44

       hm (h:mm a)

	  2008-02-05T18:30:30 = 6:30 PM
	  1995-12-22T09:05:02 = 9:05 AM
	 -0010-09-15T04:44:23 = 4:44 AM

       Hms (H:mm:ss)

	  2008-02-05T18:30:30 = 18:30:30
	  1995-12-22T09:05:02 = 9:05:02
	 -0010-09-15T04:44:23 = 4:44:23

       hms (h:mm:ss a)

	  2008-02-05T18:30:30 = 6:30:30 PM
	  1995-12-22T09:05:02 = 9:05:02 AM
	 -0010-09-15T04:44:23 = 4:44:23 AM

       M (L)

	  2008-02-05T18:30:30 = 2
	  1995-12-22T09:05:02 = 12
	 -0010-09-15T04:44:23 = 9

       Md (M-d)

	  2008-02-05T18:30:30 = 2-5
	  1995-12-22T09:05:02 = 12-22
	 -0010-09-15T04:44:23 = 9-15

       MEd (E, M-d)

	  2008-02-05T18:30:30 = 3, 2-5
	  1995-12-22T09:05:02 = 6, 12-22
	 -0010-09-15T04:44:23 = 7, 9-15

       MMM (LLL)

	  2008-02-05T18:30:30 = 2
	  1995-12-22T09:05:02 = 12
	 -0010-09-15T04:44:23 = 9

       MMMd (MMM d)

	  2008-02-05T18:30:30 = 2 5
	  1995-12-22T09:05:02 = 12 22
	 -0010-09-15T04:44:23 = 9 15

       MMMEd (E MMM d)

	  2008-02-05T18:30:30 = 3 2 5
	  1995-12-22T09:05:02 = 6 12 22
	 -0010-09-15T04:44:23 = 7 9 15

       MMMMd (MMMM d)

	  2008-02-05T18:30:30 = 2 5
	  1995-12-22T09:05:02 = 12 22
	 -0010-09-15T04:44:23 = 9 15

       MMMMEd (E MMMM d)

	  2008-02-05T18:30:30 = 3 2 5
	  1995-12-22T09:05:02 = 6 12 22
	 -0010-09-15T04:44:23 = 7 9 15

       ms (mm:ss)

	  2008-02-05T18:30:30 = 30:30
	  1995-12-22T09:05:02 = 05:02
	 -0010-09-15T04:44:23 = 44:23

       y (y)

	  2008-02-05T18:30:30 = 2008
	  1995-12-22T09:05:02 = 1995
	 -0010-09-15T04:44:23 = -10

       yM (y-M)

	  2008-02-05T18:30:30 = 2008-2
	  1995-12-22T09:05:02 = 1995-12
	 -0010-09-15T04:44:23 = -10-9

       yMEd (EEE, y-M-d)

	  2008-02-05T18:30:30 = 3, 2008-2-5
	  1995-12-22T09:05:02 = 6, 1995-12-22
	 -0010-09-15T04:44:23 = 7, -10-9-15

       yMMM (y MMM)

	  2008-02-05T18:30:30 = 2008 2
	  1995-12-22T09:05:02 = 1995 12
	 -0010-09-15T04:44:23 = -10 9

       yMMMEd (EEE, y MMM d)

	  2008-02-05T18:30:30 = 3, 2008 2 5
	  1995-12-22T09:05:02 = 6, 1995 12 22
	 -0010-09-15T04:44:23 = 7, -10 9 15

       yMMMM (y MMMM)

	  2008-02-05T18:30:30 = 2008 2
	  1995-12-22T09:05:02 = 1995 12
	 -0010-09-15T04:44:23 = -10 9

       yQ (y Q)

	  2008-02-05T18:30:30 = 2008 1
	  1995-12-22T09:05:02 = 1995 4
	 -0010-09-15T04:44:23 = -10 3

       yQQQ (y QQQ)

	  2008-02-05T18:30:30 = 2008 Q1
	  1995-12-22T09:05:02 = 1995 Q4
	 -0010-09-15T04:44:23 = -10 Q3

       yyQ (Q yy)

	  2008-02-05T18:30:30 = 1 08
	  1995-12-22T09:05:02 = 4 95
	 -0010-09-15T04:44:23 = 3 -10

   Miscellaneous
       Prefers 24 hour time?

       Yes

       Local first day of the week

       2

SUPPORT

       See DateTime::Locale.

AUTHOR

       Dave Rolsky <autarch@urth.org>

COPYRIGHT

       Copyright (c) 2008 David Rolsky. All rights reserved. This program is free software; you can redistribute it and/or modify it under the
       same terms as Perl itself.

       This module was generated from data provided by the CLDR project, see the LICENSE.cldr in this distribution for details on the CLDR data's
       license.

perl v5.18.2							    2017-10-06						   DateTime::Locale::ug(3)