Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-691-1: Ruby vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-691-1: Ruby vulnerability
# 1  
Old 12-16-2008
USN-691-1: Ruby vulnerability
Referenced CVEs:
CVE-2008-3443, CVE-2008-3790


Description:
===========================================================Ubuntu Security Notice USN-691-1 December 16, 2008ruby1.9 vulnerabilityCVE-2008-3443, CVE-2008-3790===========================================================A security issue affects the following Ubuntu releases:Ubuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 8.10: ruby1.9 1.9.0.2-7ubuntu1.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Laurent Gaffie discovered that Ruby did not properly check for memoryallocation failures. If a user or automated system were tricked intorunning a malicious script, an attacker could cause a denial ofservice. (CVE-2008-3443)This update also fixes a regression in the upstream patch previouslyapplied to fix CVE-2008-3790. The regression would cause parsing ofsome XML documents to fail.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT MOJAVE

irb

IRB(1)							 Ruby Programmer's Reference Guide						    IRB(1)

NAME

     irb -- Interactive Ruby Shell

SYNOPSIS

     irb [--version] [-dfm] [-I directory] [-r library] [--[no]inspect] [--[no]readline] [--prompt mode] [--prompt-mode mode] [--inf-ruby-mode]
	 [--simple-prompt] [--noprompt] [--tracer] [--back-trace-limit n] [--irb_debug n] [--] [program_file] [argument ...]

DESCRIPTION

     irb is the REPL(read-eval-print loop) environment for Ruby programs.

OPTIONS

     --version	    Prints the version of irb.

     -E external[:internal]
     --encoding external[:internal]
		    Same as `ruby -E' .  Specifies the default value(s) for external encodings and internal encoding. Values should be separated
		    with colon (:).

		    You can omit the one for internal encodings, then the value (Encoding.default_internal) will be nil.

     -I path	    Same as `ruby -I' .  Specifies $LOAD_PATH directory

     -U 	    Same as `ruby -U' .  Sets the default value for internal encodings (Encoding.default_internal) to UTF-8.

     -d 	    Same as `ruby -d' .  Sets $DEBUG to true.

     -f 	    Suppresses read of ~/.irbrc.

     -h
     --help	    Prints a summary of the options.

     -m 	    Bc mode (load mathn, fraction or matrix are available)

     -r library     Same as `ruby -r'.	Causes irb to load the library using require.

     --inspect	    Uses `inspect' for output (default except for bc mode)

     --noinspect    Doesn't use inspect for output

     --readline     Uses Readline extension module.

     --noreadline   Doesn't use Readline extension module.

     --prompt mode
     --prompt-mode mode
		    Switch prompt mode. Pre-defined prompt modes are `default', `simple', `xmp' and `inf-ruby'.

     --inf-ruby-mode
		    Uses prompt appropriate for inf-ruby-mode on emacs.  Suppresses --readline.

     --simple-prompt
		    Makes prompts simple.

     --noprompt     No prompt mode.

     --tracer	    Displays trace for each execution of commands.

     --back-trace-limit n
		    Displays backtrace top n and tail n.  The default value is 16.

     --irb_debug n  Sets internal debug level to n (not for popular use)

ENVIRONMENT

     IRBRC

     Also irb depends on same variables as ruby(1).

FILES

     ~/.irbrc			       Personal irb initialization.

EXAMPLES

	   % irb
	   irb(main):001:0> 1 + 1
	   2
	   irb(main):002:0> def t(x)
	   irb(main):003:1> x+1
	   irb(main):004:1> end
	   => nil
	   irb(main):005:0> t(3)
	   => 4
	   irb(main):006:0> if t(3) == 4
	   irb(main):007:1> p :ok
	   irb(main):008:1> end
	   :ok
	   => :ok
	   irb(main):009:0> quit
	   %

SEE ALSO

     ruby(1).

REPORTING BUGS

     o	 Security vulnerabilities should be reported via an email to security@ruby-lang.org.  Reported problems will be published after being
	 fixed.

     o	 Other bugs and feature requests can be reported via the Ruby Issue Tracking System (http://bugs.ruby-lang.org).  Do not report security
	 vulnerabilities via this system because it publishes the vulnerabilities immediately.

AUTHORS

     Written by Keiju ISHITSUKA.

UNIX
								 November 15, 2012							      UNIX