Format: 1.7 Date: Tue, 07 Oct 2008 13:34:00 -0500 Source: ruby1.8 Binary: irb1.8 libdbm-ruby1.8 libgdbm-ruby1.8 libopenssl-ruby1.8 libreadline-ruby1.8 libruby1.8 libruby1.8-dbg libtcltk-ruby1.8 rdoc1.8 ri1.8 ruby1.8 ruby1.8-dev ruby1.8-elisp ruby1.8-examples Architecture: amd64 hppa all i386 ia64 lpia powerpc source sparc Version: 1.8.6.111-2ubuntu1.2 Distribution: hardy-security Urgency: low Maintainer: Ubuntu Core developers Changed-By: Jamie Strandboge Description: irb1.8 - Interactive Ruby (for Ruby 1.8) libdbm-ruby1.8 - DBM interface for Ruby 1.8 libgdbm-ruby1.8 - GDBM interface for Ruby 1.8 libopenssl-ruby1.8 - OpenSSL interface for Ruby 1.8 libreadline-ruby1.8 - Readline interface for Ruby 1.8 libruby1.8 - Libraries necessary to run Ruby 1.8 libruby1.8-dbg - Debugging symbols for Ruby 1.8 libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8 rdoc1.8 - Generate documentation from Ruby source files (for Ruby 1.8) ri1.8 - Ruby Interactive reference (for Ruby 1.8) ruby1.8 - Interpreter of object-oriented scripting language Ruby 1.8 ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8 ruby1.8-elisp - ruby-mode for Emacsen ruby1.8-examples - Examples for Ruby 1.8 Changes: ruby1.8 (1.8.6.111-2ubuntu1.2) hardy-security; urgency=low . * SECURITY UPDATE: denial of service via resource exhaustion in the REXML module (LP: #261459) - debian/patches/102_CVE-2008-3790.dpatch: adjust rexml/document.rb and rexml/entity.rb to use expansion limits - CVE-2008-3790 * SECURITY UPDATE: integer overflow in rb_ary_fill may cause denial of service (LP: #246818) - debian/patches/103_CVE-2008-2376.dpatch: adjust array.c to properly check argument length - CVE-2008-2376 * SECURITY UPDATE: denial of service via multiple long requests to a Ruby socket - debian/patches/104_CVE-2008-3443.dpatch: adjust regex.c to not use ruby managed memory and check for allocation failures - CVE-2008-3443 * SECURITY UPDATE: denial of service via crafted HTTP request (LP: #257122) - debian/patches/105_CVE-2008-3656.dpatch: update webrick/httputils.rb to properly check paths ending with '.' - CVE-2008-3656 * SECURITY UPDATE: predictable transaction id and source port for DNS requests (separate vulnerability from CVE-2008-1447) - debian/patches/106_CVE-2008-3905.dpatch: adjust resolv.rb to use SecureRandom for transaction id and source port - CVE-2008-3905 * SECURITY UPDATE: safe level bypass via DL.dlopen - debian/patches/107_CVE-2008-3657.dpatch: adjust rb_str_to_ptr and rb_ary_to_ptr in ext/dl/dl.c and rb_dlsym_call in ext/dl/sym.c to propogate taint and check taintness of DLPtrData - CVE-2008-3657 * SECURITY UPDATE: safe level bypass via multiple vectors - debian/patches/108_CVE-2008-3655.dpatch: use rb_secure(4) in variable.c and syslog.c, check for secure level 3 or higher in eval.c and make sure PROGRAM_NAME can't be modified - CVE-2008-3655 Files: f37663c9bca31302062bb30ba5d6ce84 25134 interpreters optional ruby1.8_1.8.6.111-2ubuntu1.2_amd64.deb 60da3fe7a7d5ad5826fbad1f0cc1e2d8 1450332 libs optional libruby1.8_1.8.6.111-2ubuntu1.2_amd64.deb df190716a3ba5f6211fe6f7b6d8fada7 1178580 libdevel extra libruby1.8-dbg_1.8.6.111-2ubuntu1.2_amd64.deb 1eb576f990f86405229272184386e27f 574844 devel optional ruby1.8-dev_1.8.6.111-2ubuntu1.2_amd64.deb 3b8002754887870255e0ea9fbfe86581 12326 interpreters optional libdbm-ruby1.8_1.8.6.111-2ubuntu1.2_amd64.deb d8198d0d0eb32343a2f4a3a560c9d344 11948 interpreters optional libgdbm-ruby1.8_1.8.6.111-2ubuntu1.2_amd64.deb bb546ec5c1273fb85dec9d35e923912c 11378 interpreters optional libreadline-ruby1.8_1.8.6.111-2ubuntu1.2_amd64.deb eb8f32eb771deab2901aac313e2f09e5 1670560 interpreters optional libtcltk-ruby1.8_1.8.6.111-2ubuntu1.2_amd64.deb d70ed654fa7eb7d3b27ec61751b8823a 121148 interpreters optional libopenssl-ruby1.8_1.8.6.111-2ubuntu1.2_amd64.deb 8f4b5c933fe2a039dfc47edf4bae7138 25436 interpreters optional ruby1.8_1.8.6.111-2ubuntu1.2_hppa.deb 3dc793a97fbcf110cbf03c2868818f86 1515060 libs optional libruby1.8_1.8.6.111-2ubuntu1.2_hppa.deb 8e0c143561f0a3d43710e34cde3c5b3d 1164240 libdevel extra libruby1.8-dbg_1.8.6.111-2ubuntu1.2_hppa.deb 9e844ac7e6526794860aa95c3ab45309 641798 devel optional ruby1.8-dev_1.8.6.111-2ubuntu1.2_hppa.deb f549e4fe9325372e454cbe88ccd5a720 13098 interpreters optional libdbm-ruby1.8_1.8.6.111-2ubuntu1.2_hppa.deb b46c5a6aa57385b55f0ea15dc87a1551 12706 interpreters optional libgdbm-ruby1.8_1.8.6.111-2ubuntu1.2_hppa.deb b82016892d4419479893dadfaf9c919d 12194 interpreters optional libreadline-ruby1.8_1.8.6.111-2ubuntu1.2_hppa.deb a2be3b37946a69943559dd4bb8292509 1677034 interpreters optional libtcltk-ruby1.8_1.8.6.111-2ubuntu1.2_hppa.deb 7e44f9aa511645151c8a9a9467dd4a16 128754 interpreters optional libopenssl-ruby1.8_1.8.6.111-2ubuntu1.2_hppa.deb 15caf210c8b823787c82b8de41095f39 77736 interpreters optional ruby1.8-examples_1.8.6.111-2ubuntu1.2_all.deb 28fdd0c0abeeecbb2f1f6bb44c8aaf5d 47958 interpreters optional ruby1.8-elisp_1.8.6.111-2ubuntu1.2_all.deb 4928e265125463f4d8c3c5f3c1720f41 1081228 interpreters optional ri1.8_1.8.6.111-2ubuntu1.2_all.deb 18f7d8f9a6197cc748dcb7d173f3394c 124630 doc optional rdoc1.8_1.8.6.111-2ubuntu1.2_all.deb 71b9579b2b6a846dede4ea355b334718 74072 interpreters optional irb1.8_1.8.6.111-2ubuntu1.2_all.deb 3d997c7ba13332c208f5d803cd232b01 24908 interpreters optional ruby1.8_1.8.6.111-2ubuntu1.2_i386.deb c13a8c38e3a3a61aeccbdc599eaf91a9 1383854 libs optional libruby1.8_1.8.6.111-2ubuntu1.2_i386.deb ab1eb0bf0b27ca17d77b4afed053ac8b 1113156 libdevel extra libruby1.8-dbg_1.8.6.111-2ubuntu1.2_i386.deb 4503f3d1d666b59b8979244b6440a8c7 535666 devel optional ruby1.8-dev_1.8.6.111-2ubuntu1.2_i386.deb df4a0e011310836b38c2b6ca79996e18 11502 interpreters optional libdbm-ruby1.8_1.8.6.111-2ubuntu1.2_i386.deb 732650f63c4c1ef11d5ca17a78ac82cc 10768 interpreters optional libgdbm-ruby1.8_1.8.6.111-2ubuntu1.2_i386.deb 71e3f8f7876fefd5007e03e75af7ce1e 10472 interpreters optional libreadline-ruby1.8_1.8.6.111-2ubuntu1.2_i386.deb 763d08f62de2b56dfdf7beabb83e09c1 1663912 interpreters optional libtcltk-ruby1.8_1.8.6.111-2ubuntu1.2_i386.deb 1a658f4f8dc6a54b680d86316676f68e 107730 interpreters optional libopenssl-ruby1.8_1.8.6.111-2ubuntu1.2_i386.deb fd91d3e40e22ff4cf1b71e5aaa416653 25802 interpreters optional ruby1.8_1.8.6.111-2ubuntu1.2_ia64.deb 52eabf112fe957cf48faa12587e227af 1768452 libs optional libruby1.8_1.8.6.111-2ubuntu1.2_ia64.deb e325b6b4ef737937dd2dac9fc7459a3b 1109646 libdevel extra libruby1.8-dbg_1.8.6.111-2ubuntu1.2_ia64.deb b70178ac238df141953ac201f9e603e3 794210 devel optional ruby1.8-dev_1.8.6.111-2ubuntu1.2_ia64.deb 2ad52ba8a7c97facd3cd778ffe9ccaa9 16556 interpreters optional libdbm-ruby1.8_1.8.6.111-2ubuntu1.2_ia64.deb ca08cd53816efe06f82821747c77cf48 16180 interpreters optional libgdbm-ruby1.8_1.8.6.111-2ubuntu1.2_ia64.deb 6f6da35eab070158c38f9a8f5cd1609b 14004 interpreters optional libreadline-ruby1.8_1.8.6.111-2ubuntu1.2_ia64.deb 8bc88f104283bc9aff3146a668c5ebd1 1694972 interpreters optional libtcltk-ruby1.8_1.8.6.111-2ubuntu1.2_ia64.deb e895e713a5030ea62cf4ddb1d9a97173 150506 interpreters optional libopenssl-ruby1.8_1.8.6.111-2ubuntu1.2_ia64.deb 4ade089d138173c081970d6606977094 24870 interpreters optional ruby1.8_1.8.6.111-2ubuntu1.2_lpia.deb 4a98a5127cdf41faf1d429afd552124e 1375866 libs optional libruby1.8_1.8.6.111-2ubuntu1.2_lpia.deb 378b82dba87dbf148f887e5acf853849 1134870 libdevel extra libruby1.8-dbg_1.8.6.111-2ubuntu1.2_lpia.deb 048f75bf0a38a24f38533dbaabf33c84 527176 devel optional ruby1.8-dev_1.8.6.111-2ubuntu1.2_lpia.deb 402d530351de75e4f3f054389a8ac43f 11310 interpreters optional libdbm-ruby1.8_1.8.6.111-2ubuntu1.2_lpia.deb bd409050af1d007a46c75b5cb4eee9f2 10608 interpreters optional libgdbm-ruby1.8_1.8.6.111-2ubuntu1.2_lpia.deb fa622b49a64c79c1192556240d7fdb21 10354 interpreters optional libreadline-ruby1.8_1.8.6.111-2ubuntu1.2_lpia.deb a920189e44178d564c912fd413d72cf1 1663778 interpreters optional libtcltk-ruby1.8_1.8.6.111-2ubuntu1.2_lpia.deb d84b3baf42b7a5b5c011a2aa539613ea 106940 interpreters optional libopenssl-ruby1.8_1.8.6.111-2ubuntu1.2_lpia.deb 82d2bd28fcdb35aea759f81a59ddc583 27260 interpreters optional ruby1.8_1.8.6.111-2ubuntu1.2_powerpc.deb aa957e294c82bdc58ec0ef798f25b1c6 1489794 libs optional libruby1.8_1.8.6.111-2ubuntu1.2_powerpc.deb 6e1d0f55a02b1fdf018be4de6d8e8c3f 1192712 libdevel extra libruby1.8-dbg_1.8.6.111-2ubuntu1.2_powerpc.deb 5878e3ca79f5f1ebb977a90f7ee7b9f7 552414 devel optional ruby1.8-dev_1.8.6.111-2ubuntu1.2_powerpc.deb 0c3f2436d8a9b56a0e588093dd7ecd06 14368 interpreters optional libdbm-ruby1.8_1.8.6.111-2ubuntu1.2_powerpc.deb a04ae1484a6e8695a1bf86fb2c2a9a31 13608 interpreters optional libgdbm-ruby1.8_1.8.6.111-2ubuntu1.2_powerpc.deb 3f52dd2af9842b07f447e66ef0d46756 13254 interpreters optional libreadline-ruby1.8_1.8.6.111-2ubuntu1.2_powerpc.deb eaebb8bbb69e3c561cf3ae3e33f7f8dc 1673272 interpreters optional libtcltk-ruby1.8_1.8.6.111-2ubuntu1.2_powerpc.deb 9ad15576894f50addd9e0bf730f03a29 121176 interpreters optional libopenssl-ruby1.8_1.8.6.111-2ubuntu1.2_powerpc.deb b20570ae7811691394cc8cc637a7c201 1163 interpreters optional ruby1.8_1.8.6.111-2ubuntu1.2.dsc dfded78dac701b49287294ffdc009cbe 54434 interpreters optional ruby1.8_1.8.6.111-2ubuntu1.2.diff.gz 3a50f7acc4233818bf0ec06daa398f04 25052 interpreters optional ruby1.8_1.8.6.111-2ubuntu1.2_sparc.deb 89d3135223052583f4290cc9e0d625e0 1404558 libs optional libruby1.8_1.8.6.111-2ubuntu1.2_sparc.deb 52e9191aedcfd7849db5653126c34583 1046680 libdevel extra libruby1.8-dbg_1.8.6.111-2ubuntu1.2_sparc.deb 93df3fa514ca354ba7d79b82e03353f4 560264 devel optional ruby1.8-dev_1.8.6.111-2ubuntu1.2_sparc.deb 96231d393d94b3563c3bc9972da85f9a 11284 interpreters optional libdbm-ruby1.8_1.8.6.111-2ubuntu1.2_sparc.deb 9a95e27efdd7508969073b785e99bcc6 10640 interpreters optional libgdbm-ruby1.8_1.8.6.111-2ubuntu1.2_sparc.deb b3eda113650aeff0b95055ce2c979ed2 10534 interpreters optional libreadline-ruby1.8_1.8.6.111-2ubuntu1.2_sparc.deb ff1f3203f4609efabcf04145cbbca143 1665984 interpreters optional libtcltk-ruby1.8_1.8.6.111-2ubuntu1.2_sparc.deb f7031a3def1760bafd76a07b6887eeb7 112404 interpreters optional libopenssl-ruby1.8_1.8.6.111-2ubuntu1.2_sparc.deb Launchpad-Bugs-Fixed: 246818 257122 261459 Original-Maintainer: akira yamada