Ubuntu

“ruby1.8” 1.8.4-1ubuntu1.6 source package in Ubuntu

Changelog

ruby1.8 (1.8.4-1ubuntu1.6) dapper-security; urgency=low

  * SECURITY UPDATE: denial of service via resource exhaustion in the REXML
    module (LP: #261459)
    - debian/patches/917_CVE-2008-3790.patch: adjust rexml/document.rb and
      rexml/entity.rb to use expansion limits
    - CVE-2008-3790
  * SECURITY UPDATE: integer overflow in rb_ary_fill may cause denial of
    service (LP: #246818)
    - debian/patches/918_CVE-2008-2376.patch: adjust array.c to properly
      check argument length
    - CVE-2008-2376
  * SECURITY UPDATE: denial of service via multiple long requests to a Ruby
    socket
    - debian/patches/919_CVE-2008-3443.patch: adjust regex.c to not use ruby
      managed memory and check for allocation failures
    - CVE-2008-3443
  * SECURITY UPDATE: denial of service via crafted HTTP request (LP: #257122)
    - debian/patches/920_CVE-2008-3656.patch: update webrick/httputils.rb to
      properly check paths ending with '.'
    - CVE-2008-3656
  * SECURITY UPDATE: predictable transaction id and source port for DNS
    requests (separate vulnerability from CVE-2008-1447)
    - debian/patches/921_CVE-2008-3905.patch: adjust resolv.rb to use
      SecureRandom for transaction id and source port
    - CVE-2008-3905
  * SECURITY UPDATE: safe level bypass via DL.dlopen
    - debian/patches/922_CVE-2008-3657.patch: adjust rb_str_to_ptr and
      rb_ary_to_ptr in ext/dl/dl.c and rb_dlsym_call in ext/dl/sym.c to
      propogate taint and check taintness of DLPtrData
    - CVE-2008-3657
  * SECURITY UPDATE: safe level bypass via multiple vectors
    - debian/patches/923_CVE-2008-3655.patch: use rb_secure(4) in variable.c
      and syslog.c, check for secure level 3 or higher in eval.c and make
      sure PROGRAM_NAME can't be modified
    - CVE-2008-3655

 -- Jamie Strandboge <email address hidden>   Thu, 09 Oct 2008 10:32:41 -0500

Upload details

Uploaded by:
Jamie Strandboge on 2008-10-10
Uploaded to:
Dapper
Original maintainer:
akira yamada
Component:
main
Architectures:
any
Section:
interpreters
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size MD5 Checksum
ruby1.8_1.8.4.orig.tar.gz 4.1 MiB 2994203e0815ea978965de34287c5ea2
ruby1.8_1.8.4-1ubuntu1.6.diff.gz 45.2 KiB 5c3015046d04d53042ef782ea12875c3
ruby1.8_1.8.4-1ubuntu1.6.dsc 1.0 KiB 7074495b271591010fba16b96cb69b5d

Binary packages built by this source

irb1.8: No summary available for irb1.8 in ubuntu dapper.

No description available for irb1.8 in ubuntu dapper.

libdbm-ruby1.8: No summary available for libdbm-ruby1.8 in ubuntu dapper.

No description available for libdbm-ruby1.8 in ubuntu dapper.

libgdbm-ruby1.8: No summary available for libgdbm-ruby1.8 in ubuntu dapper.

No description available for libgdbm-ruby1.8 in ubuntu dapper.

libopenssl-ruby1.8: No summary available for libopenssl-ruby1.8 in ubuntu dapper.

No description available for libopenssl-ruby1.8 in ubuntu dapper.

libreadline-ruby1.8: No summary available for libreadline-ruby1.8 in ubuntu dapper.

No description available for libreadline-ruby1.8 in ubuntu dapper.

libruby1.8: No summary available for libruby1.8 in ubuntu dapper.

No description available for libruby1.8 in ubuntu dapper.

libruby1.8-dbg: No summary available for libruby1.8-dbg in ubuntu dapper.

No description available for libruby1.8-dbg in ubuntu dapper.

libtcltk-ruby1.8: No summary available for libtcltk-ruby1.8 in ubuntu dapper.

No description available for libtcltk-ruby1.8 in ubuntu dapper.

rdoc1.8: No summary available for rdoc1.8 in ubuntu dapper.

No description available for rdoc1.8 in ubuntu dapper.

ri1.8: No summary available for ri1.8 in ubuntu dapper.

No description available for ri1.8 in ubuntu dapper.

ruby1.8: No summary available for ruby1.8 in ubuntu dapper.

No description available for ruby1.8 in ubuntu dapper.

ruby1.8-dev: No summary available for ruby1.8-dev in ubuntu dapper.

No description available for ruby1.8-dev in ubuntu dapper.

ruby1.8-elisp: No summary available for ruby1.8-elisp in ubuntu dapper.

No description available for ruby1.8-elisp in ubuntu dapper.

ruby1.8-examples: No summary available for ruby1.8-examples in ubuntu dapper.

No description available for ruby1.8-examples in ubuntu dapper.