Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-691-1: Ruby vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-691-1: Ruby vulnerability
# 1  
Old 12-16-2008
USN-691-1: Ruby vulnerability
Referenced CVEs:
CVE-2008-3443, CVE-2008-3790


Description:
===========================================================Ubuntu Security Notice USN-691-1 December 16, 2008ruby1.9 vulnerabilityCVE-2008-3443, CVE-2008-3790===========================================================A security issue affects the following Ubuntu releases:Ubuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 8.10: ruby1.9 1.9.0.2-7ubuntu1.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Laurent Gaffie discovered that Ruby did not properly check for memoryallocation failures. If a user or automated system were tricked intorunning a malicious script, an attacker could cause a denial ofservice. (CVE-2008-3443)This update also fixes a regression in the upstream patch previouslyapplied to fix CVE-2008-3790. The regression would cause parsing ofsome XML documents to fail.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

haml

haml(1) 						      General Commands Manual							   haml(1)

NAME

       haml - Translates Haml markup into its HTML equivalent

SYNOPSIS

       haml [options] [INPUT] [OUTPUT]

DESCRIPTION

       Uses the Haml engine to parse the selected template and outputs the result to the specified file.

OPTIONS

       --rails RAILS_DIR
	       Install Haml and Sass to a Rails project

       -c, --check
	       Just check syntax, don't evaluate.

       -s, --stdin
	       Read input from standard input instead of an input file

       --trace Show a full traceback on error

       -t, --style NAME
	       Output style. Can be indented (default) or ugly.

       -f, --format NAME
	       Output format. Can be xhtml (default), html4, or html5.

       -e, --escape-html
	       Escape HTML characters (like ampersands and angle brackets) by default.

       -q, --double-quote-attributes
	       Set attribute wrapper to double-quotes (default is single).

       -r, --require FILE
	       Same as 'ruby -r'.

       -I, --load-path PATH
	       Same as 'ruby -I'.

       --debug Print out the precompiled Ruby source.

       -?, -h, --help
	       Show a usage summary

       -v, --version
	       Print version

SEE ALSO

       This  program  is shipped as part of the libhaml-ruby1.8 library package, you can check its corresponding documentation can be found in the
       libhaml-ruby-doc package.

AUTHOR

       This manual page was written by Gunnar Wolf <gwolf@debian.org>, based on the command-line output of this program, for the Debian  GNU/Linux
       system (but may be freely used by others).

								 December 18, 2008							   haml(1)