USN-691-1: Ruby vulnerability

12-16-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-691-1: Ruby vulnerability

Referenced CVEs:
CVE-2008-3443, CVE-2008-3790

Description:
===========================================================Ubuntu Security Notice USN-691-1 December 16, 2008ruby1.9 vulnerabilityCVE-2008-3443, CVE-2008-3790===========================================================A security issue affects the following Ubuntu releases:Ubuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 8.10: ruby1.9 1.9.0.2-7ubuntu1.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Laurent Gaffie discovered that Ruby did not properly check for memoryallocation failures. If a user or automated system were tricked intorunning a malicious script, an attacker could cause a denial ofservice. (CVE-2008-3443)This update also fixes a regression in the upstream patch previouslyapplied to fix CVE-2008-3790. The regression would cause parsing ofsome XML documents to fail.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

RUBY-SWITCH(1) RUBY-SWITCH(1) NAME
ruby-switch - switch between different Ruby interpreters USAGE
ruby-switch --list ruby-switch --check ruby-switch --set RUBYVERSION ruby-switch --auto DESCRIPTION
ruby-switch can be used to easily switch to different Ruby interpreters as the default system-wide interpreter for your Debian system. When run with --list, all supported Ruby interpreters are listed. When --check is passed, ruby-switch will check which Ruby interpreter is currently being used. If the settings are inconsistent -- e.g. `ruby` is Ruby 1.8 and `gem` is using Ruby 1.9.1, ruby-switch will issue a big warning. When --set RUBYINTERPRETER is used ruby-switch will switch your system to the corresponding Ruby interpreter. This includes, for example, the default implementations for the following programs: ruby, gem, irb, erb, testrb, rdoc, ri. ruby-switch --set auto will make your system use the default Ruby interpreter currently suggested by Debian. OPTIONS
-h, --help Displays the help and exits. A NOTE ON RUBY 1.9.x Ruby uses two parallel versioning schemes: the `Ruby library compatibility version' (1.9.1 at the time of writing this), which is similar to a library SONAME, and the `Ruby version' (1.9.3 is about to be released at the time of writing). Ruby packages in Debian are named using the Ruby library compatibility version, which is sometimes confusing for users who do not follow Ruby development closely. ruby-switch also uses the Ruby library compatibility version, so specifying `ruby1.9.1' might give you Ruby with version 1.9.2, or with version 1.9.3, depending on the current Ruby version of the `ruby1.9.1' package. COPYRIGHT AND AUTHORS
Copyright (c) 2011, Antonio Terceiro <terceiro@debian.org> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. 2011-11-20 RUBY-SWITCH(1)

Security Advisories (RSS)

USN-691-1: Ruby vulnerability

LEARN ABOUT DEBIAN

ruby-switch