debian-security-announce July 2008 archive
Main Archive Page > Month Archives  > debian-security-announce archives
debian-security-announce: [Full-disclosure] [SECURITY] [DSA 1612

[Full-disclosure] [SECURITY] [DSA 1612-1] New ruby1.8 packages fix several vulnerabilities

From: Moritz Muehlenhoff <jmm_at_nospam>
Date: Mon Jul 21 2008 - 17:29:08 GMT


Hash: SHA1

Package : ruby1.8 Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726 CVE-2008-2376

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-2662     Drew Yao discovered that multiple integer overflows in the string     processing code may lead to denial of service and potentially the     execution of arbitrary code.

CVE-2008-2663     Drew Yao discovered that multiple integer overflows in the string     processing code may lead to denial of service and potentially the     execution of arbitrary code.

CVE-2008-2664     Drew Yao discovered that a programming error in the string     processing code may lead to denial of service and potentially the     execution of arbitrary code.

CVE-2008-2725     Drew Yao discovered that an integer overflow in the array handling     code may lead to denial of service and potentially the execution     of arbitrary code.

CVE-2008-2726     Drew Yao discovered that an integer overflow in the array handling     code may lead to denial of service and potentially the execution     of arbitrary code.

CVE-2008-2376     It was discovered that an integer overflow in the array handling     code may lead to denial of service and potentially the execution     of arbitrary code.

For the stable distribution (etch), these problems have been fixed in version 1.8.5-4etch2.

For the unstable distribution (sid), these problems have been fixed in version

We recommend that you upgrade your ruby1.8 packages.

Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

        will update the internal database apt-get upgrade

        will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch - -------------------------------

Stable updates are available for amd64, arm, hppa, i386, ia64, mipsel, s390 and sparc.

Source archives: Size/MD5 checksum: 4434227 aae9676332fcdd52f66c3d99b289878f Size/MD5 checksum: 100878 f55f4e2a0ca298d6312a8e3c4618da0f Size/MD5 checksum: 1079 02286e0f1885c65a9d1fdad5bd933ac7

Architecture independent packages: Size/MD5 checksum: 309932 0d08bd3d9b467f82df59811dcb4ffd10 Size/MD5 checksum: 209874 76ab42ff282540121b1ffa23b8c34208 Size/MD5 checksum: 235238 d1f242b11d00199ecedf64cac2c6ac44 Size/MD5 checksum: 242330 11359f9774006c02ca68402b1a6c021e Size/MD5 checksum: 1228716 cacd1dfc0b53e163adf3090175d85260

amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 302500 42fb912eed252ddf0c0e0d1ded838375 Size/MD5 checksum: 197696 9388576f466a8d757a261653be326a64 Size/MD5 checksum: 198304 6dd9e7ffc83e0a343acc5d9360233724 Size/MD5 checksum: 1584450 7bfff8f2effc86fefd21cad2ad7aefe2 Size/MD5 checksum: 197264 34559ddb2772bd4e4b4e9438da43b012 Size/MD5 checksum: 1068156 13587924fe8611ee3248d69615b77ff9 Size/MD5 checksum: 1863884 c9f007e6a0388f91463d422e9f88af00 Size/MD5 checksum: 748210 55373ce2ec797ad0334761d19e21ed04 Size/MD5 checksum: 216876 c45424af2eff7d0894d8b45f02531ae0

arm architecture (ARM) Size/MD5 checksum: 196940 a62011688ef13cbc74632695d8360744 Size/MD5 checksum: 197322 edf088cbecf6685fcd8455b9f787e207 Size/MD5 checksum: 1858580 7ccb22d6b10c2d2f8016c4a37488354e Size/MD5 checksum: 1524706 458dc14e9530cf12e2c109001ee6f502 Size/MD5 checksum: 196234 0b8141526f878fb32dd041d36dfe438d Size/MD5 checksum: 992648 fbaf16530fa84811a4f5c6ef1c3f1396 Size/MD5 checksum: 218902 6fed18d07c5589012711dcffd2c47654 Size/MD5 checksum: 287070 e24374581f184cb912ab1c2904de4c52 Size/MD5 checksum: 696944 8a4a676931c6659d266f834e32ff3473

hppa architecture (HP PA RISC) Size/MD5 checksum: 198692 837006b2872f955dd9ec506e913e7b65 Size/MD5 checksum: 1868624 391adcb7da667e079e38b31957639921 Size/MD5 checksum: 218760 9257f4fc3685c20dfea925a3b375df6c Size/MD5 checksum: 1041804 7617254859485b415d7abe4e44f97e20 Size/MD5 checksum: 199398 8de28dbbcaccd932cdf4b1368de85fa3 Size/MD5 checksum: 1675058 d4d8d05f55e84ac811a4a23379d2fccf Size/MD5 checksum: 315826 5ba45a9cab7c98a9863790f0ddb5e032 Size/MD5 checksum: 199712 7eba9eec4404e39ba3a05d0ba7182aaf Size/MD5 checksum: 823768 c5872e31690ebf1f937ae5921e09d6ee

i386 architecture (Intel ia32) Size/MD5 checksum: 197152 cc0255b2d30f2868b3a35131baea785e Size/MD5 checksum: 197458 23448fa802f56b0353e146dd95798b40 Size/MD5 checksum: 1529512 e554018801428fcc8a0eb270cecbe0a1 Size/MD5 checksum: 1830888 cfe09cb1dee2dc0ec663b764016c5c41 Size/MD5 checksum: 292002 669ff5d31b18e684695fcc585bbcf37d Size/MD5 checksum: 217452 fd84d502e12c0ed9dcb9931533bedf14 Size/MD5 checksum: 719152 eb2bb629d207bdb94513224cd696133a Size/MD5 checksum: 197870 8dda63e50264e70657c900bf0e31268a Size/MD5 checksum: 1002688 9f9723f995389d89c8edff650cd80572

ia64 architecture (Intel ia64) Size/MD5 checksum: 1861398 da0a8b6f595234f6362108c53d4b8527 Size/MD5 checksum: 971210 96f9b9c22c86efba9a9677ff97543ba7 Size/MD5 checksum: 1025826 a0282c8d5148ee5530ddcb1918aa6393 Size/MD5 checksum: 202014 60855e63b50d60c6446699ca8a9e5f9a Size/MD5 checksum: 1893652 99e42c9ff74db67737bc1037a668bd81 Size/MD5 checksum: 201044 53faf98cdde5801097f06c669ef31997 Size/MD5 checksum: 202966 d5ad616f41e4c71fcab98abc32af8425 Size/MD5 checksum: 218178 814d14acfbc5060ce05f5610185bacef Size/MD5 checksum: 330138 87b96dd77f226d1b156aa41cbd50e869

mipsel architecture (MIPS (Little Endian)) Size/MD5 checksum: 217702 035d0564ca69caf6291f91b396afd933 Size/MD5 checksum: 1059672 ae82660099169f05b832ea65b5875f42 Size/MD5 checksum: 792918 6daa1c239c1875477c369d662c1c7990 Size/MD5 checksum: 278810 b1ef2497c40951b0f55afbeb9b2b5a73 Size/MD5 checksum: 197272 ca8b731d68d2ef0ecab3f8d46421e390 Size/MD5 checksum: 1536298 72ed58d1217e07ec4ff4c536e426b112 Size/MD5 checksum: 197624 77f168b7b16d958921c399ec2fb2c55d Size/MD5 checksum: 1829844 d73c28a07fc670c515d35e5f4cc460de Size/MD5 checksum: 196686 7a50283b0c21e6c374254274587a250c

s390 architecture (IBM S/390) Size/MD5 checksum: 217566 ff62230e9213127217ba40da20bc6dbb Size/MD5 checksum: 778968 84b097fa479926caef58f0cde5c6cc58 Size/MD5 checksum: 1051808 c06ced9c1c2cf67d499266ce98809448 Size/MD5 checksum: 198216 9ebd6482767e58cfc7b77778a48dc54b Size/MD5 checksum: 304860 1609587558238fabdafff4f25fab5693 Size/MD5 checksum: 1838646 b969d38b082b4554e2a68784a872d32f Size/MD5 checksum: 198530 6e9d131297d20789402f06b598bf31a5 Size/MD5 checksum: 199016 d365604deac86ffe016706a4d53a41f8 Size/MD5 checksum: 1617614 d136348e15e9c521e9df47c4725cae99

sparc architecture (Sun SPARC/UltraSPARC) Size/MD5 checksum: 197476 5ad505e06bfd48a7a52d31b04282ce75 Size/MD5 checksum: 295616 6999ddde1719965f55cb431435c77ac6 Size/MD5 checksum: 217478 6ffe8d27ff16d0d885bd41e8cf5356e2 Size/MD5 checksum: 740760 1a9e73da21a894b10ebdd88675340247 Size/MD5 checksum: 197526 329124a906b7eb6ba13c30864ff59373 Size/MD5 checksum: 1540818 b827798d6293c28046527b96b733818b Size/MD5 checksum: 961112 efe54a61cd55bf6f7de9417941795f29 Size/MD5 checksum: 196756 c4741cba5f54a703cdcba0fe027a6468 Size/MD5 checksum: 1832852 8286b329ab1bad7793d827e33bae56c2

  These files will probably be moved into the stable distribution on   its next update.

iEYEARECAAYFAkiExyoACgkQXm3vHE4uylr78ACeOa2BZ0S0v6p3UdDgFfxo0nWa jvsAoLdoZOW1Cc/IUHDwdIS5VysR9OEl

Full-Disclosure - We believe in it.
Charter: Hosted and sponsored by Secunia -