Format: 1.7 Date: Thu, 09 Oct 2008 08:47:35 -0500 Source: ruby1.8 Binary: irb1.8 libdbm-ruby1.8 libgdbm-ruby1.8 libopenssl-ruby1.8 libreadline-ruby1.8 libruby1.8 libruby1.8-dbg libtcltk-ruby1.8 rdoc1.8 ri1.8 ruby1.8 ruby1.8-dev ruby1.8-elisp ruby1.8-examples Architecture: amd64 hppa i386 all ia64 lpia powerpc source sparc Version: 1.8.6.36-1ubuntu3.3 Distribution: gutsy-security Urgency: low Maintainer: Ubuntu Core developers Changed-By: Jamie Strandboge Description: libdbm-ruby1.8 - DBM interface for Ruby 1.8 libgdbm-ruby1.8 - GDBM interface for Ruby 1.8 libopenssl-ruby1.8 - OpenSSL interface for Ruby 1.8 libreadline-ruby1.8 - Readline interface for Ruby 1.8 libruby1.8 - Libraries necessary to run Ruby 1.8 libruby1.8-dbg - Debugging symbols for Ruby 1.8 libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8 ruby1.8 - Interpreter of object-oriented scripting language Ruby 1.8 ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8 irb1.8 - Interactive Ruby (for Ruby 1.8) rdoc1.8 - Generate documentation from Ruby source files (for Ruby 1.8) ri1.8 - Ruby Interactive reference (for Ruby 1.8) ruby1.8-elisp - ruby-mode for Emacsen ruby1.8-examples - Examples for Ruby 1.8 Changes: ruby1.8 (1.8.6.36-1ubuntu3.3) gutsy-security; urgency=low . * SECURITY UPDATE: denial of service via resource exhaustion in the REXML module (LP: #261459) - debian/patches/103_CVE-2008-3790.dpatch: adjust rexml/document.rb and rexml/entity.rb to use expansion limits - CVE-2008-3790 * SECURITY UPDATE: integer overflow in rb_ary_fill may cause denial of service (LP: #246818) - debian/patches/104_CVE-2008-2376.dpatch: adjust array.c to properly check argument length - CVE-2008-2376 * SECURITY UPDATE: denial of service via multiple long requests to a Ruby socket - debian/patches/105_CVE-2008-3443.dpatch: adjust regex.c to not use ruby managed memory and check for allocation failures - CVE-2008-3443 * SECURITY UPDATE: denial of service via crafted HTTP request (LP: #257122) - debian/patches/106_CVE-2008-3656.dpatch: update webrick/httputils.rb to properly check paths ending with '.' - CVE-2008-3656 * SECURITY UPDATE: predictable transaction id and source port for DNS requests (separate vulnerability from CVE-2008-1447) - debian/patches/107_CVE-2008-3905.dpatch: adjust resolv.rb to use SecureRandom for transaction id and source port - CVE-2008-3905 * SECURITY UPDATE: safe level bypass via DL.dlopen - debian/patches/108_CVE-2008-3657.dpatch: adjust rb_str_to_ptr and rb_ary_to_ptr in ext/dl/dl.c and rb_dlsym_call in ext/dl/sym.c to propogate taint and check taintness of DLPtrData - CVE-2008-3657 * SECURITY UPDATE: safe level bypass via multiple vectors - debian/patches/109_CVE-2008-3655.dpatch: use rb_secure(4) in variable.c and syslog.c, check for secure level 3 or higher in eval.c and make sure PROGRAM_NAME can't be modified - CVE-2008-3655 Files: 15020997dda4eff17154e0980c9df2e8 240362 interpreters optional ruby1.8_1.8.6.36-1ubuntu3.3_amd64.deb 2016b7627794664636bcda565abc9995 1635046 libs optional libruby1.8_1.8.6.36-1ubuntu3.3_amd64.deb 4489891057cfd502bd53b385b178c670 1379040 libdevel extra libruby1.8-dbg_1.8.6.36-1ubuntu3.3_amd64.deb 514d194e548a891638a6ebdc8eb493c7 782124 devel optional ruby1.8-dev_1.8.6.36-1ubuntu3.3_amd64.deb e06d75dd017b7ece94719961780ef855 220522 interpreters optional libdbm-ruby1.8_1.8.6.36-1ubuntu3.3_amd64.deb 55aabb68d8f24fd3721fc5735e393d77 220006 interpreters optional libgdbm-ruby1.8_1.8.6.36-1ubuntu3.3_amd64.deb 4a65b393661c3cb4efba970f1708bc70 219472 interpreters optional libreadline-ruby1.8_1.8.6.36-1ubuntu3.3_amd64.deb 8c436c2d5902c0b153b98f6c062826da 1877622 interpreters optional libtcltk-ruby1.8_1.8.6.36-1ubuntu3.3_amd64.deb 2b957781f606de958ee0732dc148e8c2 330400 interpreters optional libopenssl-ruby1.8_1.8.6.36-1ubuntu3.3_amd64.deb e685569102496a9ad2e2e1d421b60537 240772 interpreters optional ruby1.8_1.8.6.36-1ubuntu3.3_hppa.deb f02da07da60584fd3743b470c3d5b008 1707958 libs optional libruby1.8_1.8.6.36-1ubuntu3.3_hppa.deb 32e941d6fbbe555be11191d407f0a0f8 1360428 libdevel extra libruby1.8-dbg_1.8.6.36-1ubuntu3.3_hppa.deb 5a6f5470bc4d0d1432c921450fd95c5f 847270 devel optional ruby1.8-dev_1.8.6.36-1ubuntu3.3_hppa.deb 5aa27cbc563542d011b1788dcfda450c 221598 interpreters optional libdbm-ruby1.8_1.8.6.36-1ubuntu3.3_hppa.deb 2fdbb2a0ba3dcf4dd2abffd3f1aa8b1a 221022 interpreters optional libgdbm-ruby1.8_1.8.6.36-1ubuntu3.3_hppa.deb d7f2ad6e3e06b6cc9dc1ea5693caa879 220584 interpreters optional libreadline-ruby1.8_1.8.6.36-1ubuntu3.3_hppa.deb ec3b1ab911bba11f32fc72e9585e9c2a 1883754 interpreters optional libtcltk-ruby1.8_1.8.6.36-1ubuntu3.3_hppa.deb 6d003b3ee2db53bcb0c54b42c63bbe38 341334 interpreters optional libopenssl-ruby1.8_1.8.6.36-1ubuntu3.3_hppa.deb 01318a358484331e0c5ea15a562319f6 264360 interpreters optional ruby1.8-examples_1.8.6.36-1ubuntu3.3_all.deb 8bf804151701d083cc04e321ad16cb79 232604 interpreters optional ruby1.8-elisp_1.8.6.36-1ubuntu3.3_all.deb 3a137656e493b9c70503eab4ed92710d 1286688 interpreters optional ri1.8_1.8.6.36-1ubuntu3.3_all.deb c9a6b8b64bcdd6a1651fb85f6623f3ca 332302 doc optional rdoc1.8_1.8.6.36-1ubuntu3.3_all.deb 0e30f3c78572763c328d0105e3660546 258790 interpreters optional irb1.8_1.8.6.36-1ubuntu3.3_all.deb d23dceeb06b24bacc7db3cca86fb1cee 240122 interpreters optional ruby1.8_1.8.6.36-1ubuntu3.3_i386.deb a11116a290db82ab590546e7d92f54c4 1567320 libs optional libruby1.8_1.8.6.36-1ubuntu3.3_i386.deb 0503a1f66a10bbb31490002a259930c4 1304424 libdevel extra libruby1.8-dbg_1.8.6.36-1ubuntu3.3_i386.deb e8c5576972ca0526ee15c87fde222c09 741850 devel optional ruby1.8-dev_1.8.6.36-1ubuntu3.3_i386.deb 2c94c7e6d5588abc7a87fa60698c8292 219940 interpreters optional libdbm-ruby1.8_1.8.6.36-1ubuntu3.3_i386.deb 40557e65a79bb391e758301edf3b1469 218874 interpreters optional libgdbm-ruby1.8_1.8.6.36-1ubuntu3.3_i386.deb 4e2110484a9e5565c00de87ef40f4a0e 218628 interpreters optional libreadline-ruby1.8_1.8.6.36-1ubuntu3.3_i386.deb bffc7d347142583f3f0e08c57c5c0f62 1870898 interpreters optional libtcltk-ruby1.8_1.8.6.36-1ubuntu3.3_i386.deb bb3936b613017ef40f8d511cf608bf99 317140 interpreters optional libopenssl-ruby1.8_1.8.6.36-1ubuntu3.3_i386.deb 386b85b1acc00c68b6ab1369ca4c5f2b 241038 interpreters optional ruby1.8_1.8.6.36-1ubuntu3.3_ia64.deb b2b726dd92a5de1c47360befcad86e6e 1947754 libs optional libruby1.8_1.8.6.36-1ubuntu3.3_ia64.deb 8e43f322ba4d8209000c3cbfa45771ea 1299842 libdevel extra libruby1.8-dbg_1.8.6.36-1ubuntu3.3_ia64.deb 032495b191e23c8ff8c005139942036e 1005120 devel optional ruby1.8-dev_1.8.6.36-1ubuntu3.3_ia64.deb e67f87c85b240e295da4839b72fb632c 224684 interpreters optional libdbm-ruby1.8_1.8.6.36-1ubuntu3.3_ia64.deb 91c681b7d9da79d29d4f2379f1a30f3b 224160 interpreters optional libgdbm-ruby1.8_1.8.6.36-1ubuntu3.3_ia64.deb 4f64a4fe992872336740b519a405b77a 222210 interpreters optional libreadline-ruby1.8_1.8.6.36-1ubuntu3.3_ia64.deb fd5997d00ecb6e7e3223b034962e336f 1902210 interpreters optional libtcltk-ruby1.8_1.8.6.36-1ubuntu3.3_ia64.deb 48fceccaeb703026aa07f1c3ff47cca0 360788 interpreters optional libopenssl-ruby1.8_1.8.6.36-1ubuntu3.3_ia64.deb 84efc0ec1392fae2012e763e78f1144a 240084 interpreters optional ruby1.8_1.8.6.36-1ubuntu3.3_lpia.deb 7081b55e62374d94b8511c4eb83f09dd 1558496 libs optional libruby1.8_1.8.6.36-1ubuntu3.3_lpia.deb 35c65fb2d6d670de9f304f95a5779028 1341222 libdevel extra libruby1.8-dbg_1.8.6.36-1ubuntu3.3_lpia.deb 376b76a901c7017f22f6d0f8f9eef766 732550 devel optional ruby1.8-dev_1.8.6.36-1ubuntu3.3_lpia.deb 91b01ae34002bf4a05488320b450c4b3 219614 interpreters optional libdbm-ruby1.8_1.8.6.36-1ubuntu3.3_lpia.deb 88630bf704c1f3caf3961569576c8045 218696 interpreters optional libgdbm-ruby1.8_1.8.6.36-1ubuntu3.3_lpia.deb 67a37674ab1ff956169cff5249db1edc 218544 interpreters optional libreadline-ruby1.8_1.8.6.36-1ubuntu3.3_lpia.deb 0feed95d67248245046484e38c35d9a7 1870430 interpreters optional libtcltk-ruby1.8_1.8.6.36-1ubuntu3.3_lpia.deb 1096a28cba4f9d21ca257e42bc4437a1 315982 interpreters optional libopenssl-ruby1.8_1.8.6.36-1ubuntu3.3_lpia.deb b8519299840aaabd1ea858600e43243e 242506 interpreters optional ruby1.8_1.8.6.36-1ubuntu3.3_powerpc.deb 4ff55d9e845e773536e7fe4c214bc90b 1674420 libs optional libruby1.8_1.8.6.36-1ubuntu3.3_powerpc.deb a49b7b0a087e44344dd2074912487271 1409554 libdevel extra libruby1.8-dbg_1.8.6.36-1ubuntu3.3_powerpc.deb de99804f03320ad578ee277d79e3baab 761192 devel optional ruby1.8-dev_1.8.6.36-1ubuntu3.3_powerpc.deb 9be53e393564f825e8ea68929a6d5b96 222866 interpreters optional libdbm-ruby1.8_1.8.6.36-1ubuntu3.3_powerpc.deb fb30daebc8aa9bc85f907264ad97ade0 221896 interpreters optional libgdbm-ruby1.8_1.8.6.36-1ubuntu3.3_powerpc.deb df69c64a97bbc862f21fc2b4417f28bf 221480 interpreters optional libreadline-ruby1.8_1.8.6.36-1ubuntu3.3_powerpc.deb ebac624926c0814509f1af3c783b5f84 1880788 interpreters optional libtcltk-ruby1.8_1.8.6.36-1ubuntu3.3_powerpc.deb 8429603756cc9a9a887b90ca9715be63 331240 interpreters optional libopenssl-ruby1.8_1.8.6.36-1ubuntu3.3_powerpc.deb b2d7a8376ffb31eb8c03e328aab69f86 1157 interpreters optional ruby1.8_1.8.6.36-1ubuntu3.3.dsc 4b05319e8c2fdb2f1659d09a58cae82c 54864 interpreters optional ruby1.8_1.8.6.36-1ubuntu3.3.diff.gz be5c337a466ddfaa01877ed2f09c5c31 240338 interpreters optional ruby1.8_1.8.6.36-1ubuntu3.3_sparc.deb a12406fc2cb1a62515aea4615d5894ca 1590832 libs optional libruby1.8_1.8.6.36-1ubuntu3.3_sparc.deb a7dffaab959e598f8362b5faa87554c0 1247986 libdevel extra libruby1.8-dbg_1.8.6.36-1ubuntu3.3_sparc.deb e5af72e778a2ccadd949f3dd61ac9695 770162 devel optional ruby1.8-dev_1.8.6.36-1ubuntu3.3_sparc.deb 3e9b580317643f5cc07ddc924db7c968 219694 interpreters optional libdbm-ruby1.8_1.8.6.36-1ubuntu3.3_sparc.deb 1018b1a878b2102bbe4bb8150a51d7a0 218888 interpreters optional libgdbm-ruby1.8_1.8.6.36-1ubuntu3.3_sparc.deb 87c5473f65d28b5ce7a6f695ec06b8a3 218806 interpreters optional libreadline-ruby1.8_1.8.6.36-1ubuntu3.3_sparc.deb 4ff5253bed07ea6a4a54a36733fe42a7 1873702 interpreters optional libtcltk-ruby1.8_1.8.6.36-1ubuntu3.3_sparc.deb 24992ada15755696d16a68864f6ad40f 322832 interpreters optional libopenssl-ruby1.8_1.8.6.36-1ubuntu3.3_sparc.deb Launchpad-Bugs-Fixed: 246818 257122 261459 Original-Maintainer: akira yamada