USN-691-1: Ruby vulnerability Post: 302268807

Sponsored Content

Special Forums Cybersecurity Security Advisories (RSS) USN-691-1: Ruby vulnerability Post 302268807 by Linux Bot on Tuesday 16th of December 2008 10:40:02 AM

12-16-2008

Registered User

USN-691-1: Ruby vulnerability

Referenced CVEs:
CVE-2008-3443, CVE-2008-3790

Description:
===========================================================Ubuntu Security Notice USN-691-1 December 16, 2008ruby1.9 vulnerabilityCVE-2008-3443, CVE-2008-3790===========================================================A security issue affects the following Ubuntu releases:Ubuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 8.10: ruby1.9 1.9.0.2-7ubuntu1.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Laurent Gaffie discovered that Ruby did not properly check for memoryallocation failures. If a user or automated system were tricked intorunning a malicious script, an attacker could cause a denial ofservice. (CVE-2008-3443)This update also fixes a regression in the upstream patch previouslyapplied to fix CVE-2008-3790. The regression would cause parsing ofsome XML documents to fail.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

LEARN ABOUT DEBIAN

import-bug-from-debian

import-bug-from-debian(1)				      General Commands Manual					 import-bug-from-debian(1)

NAME

       import-bug-from-debian - Import bugs from Debian's BTS, and file them against Ubuntu in LP.

SYNOPSIS

       import-bug-from-debian [options] bug...
       import-bug-from-debian -h

DESCRIPTION

       import-bug-from-debian  clones  bugs  from Debian's BTS into Launchpad. Each bug listed on the command line has its initial report re-filed
       against the same source package in Ubuntu.  The Ubuntu bug is linked back to its Debian counterpart.

       Each bug may be provided either as a bug number or URL.

OPTIONS

       -b, --browserless
	      Don't open the bug in a browser at the end.

       -h, --help
	      Display a help message and exit.

       -l INSTANCE, --lpinstance=INSTANCE
	      Use the specified instance of Launchpad (e.g. "staging"), instead of the default of "production".

       -p PACKAGE, --package=PACKAGE
	      Launchpad package to file bug against, if not the same source package name as Debian.   Useful  for  importing  removal  bugs  filed
	      against ftp.debian.org.

       --no-conf
	      Do not read any configuration files, or configuration from environment variables.

ENVIRONMENT

       All  of	the  CONFIGURATION  VARIABLES  below are also supported as environment variables.  Variables in the environment take precedence to
       those in configuration files.

CONFIGURATION VARIABLES

       The following variables can be set in the environment or in ubuntu-dev-tools(5) configuration files.  In  each  case,  the  script-specific
       variable takes precedence over the package-wide variable.

       IMPORT_BUG_FROM_DEBIAN_LPINSTANCE, UBUNTUTOOLS_LPINSTANCE
	      The default value for --lpinstance.

SEE ALSO

       ubuntu-dev-tools(5)

AUTHORS

       import-bug-from-debian  was  written  by  James	Westby <james.westby@ubuntu.com>, and this manual page was written by Stefano Rivera <ste-
       fanor@ubuntu.com>.

       Both are released under the terms of the GNU General Public License, version 2.

ubuntu-dev-tools						 September 21 2010					 import-bug-from-debian(1)