Comment 5 for bug 257122

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ruby1.8 - 1.8.5-4ubuntu2.3

---------------
ruby1.8 (1.8.5-4ubuntu2.3) feisty-security; urgency=low

  * SECURITY UPDATE: denial of service via resource exhaustion in the REXML
    module (LP: #261459)
    - debian/patches/953_CVE-2008-3790.patch: adjust rexml/document.rb and
      rexml/entity.rb to use expansion limits
    - CVE-2008-3790
  * SECURITY UPDATE: integer overflow in rb_ary_fill may cause denial of
    service (LP: #246818)
    - debian/patches/954_CVE-2008-2376.patch: adjust array.c to properly
      check argument length
    - CVE-2008-2376
  * SECURITY UPDATE: denial of service via multiple long requests to a Ruby
    socket
    - debian/patches/955_CVE-2008-3443.patch: adjust regex.c to not use ruby
      managed memory and check for allocation failures
    - CVE-2008-3443
  * SECURITY UPDATE: denial of service via crafted HTTP request (LP: #257122)
    - debian/patches/956_CVE-2008-3656.patch: update webrick/httputils.rb to
      properly check paths ending with '.'
    - CVE-2008-3656
  * SECURITY UPDATE: predictable transaction id and source port for DNS
    requests (separate vulnerability from CVE-2008-1447)
    - debian/patches/957_CVE-2008-3905.patch: adjust resolv.rb to use
      SecureRandom for transaction id and source port
    - CVE-2008-3905
  * SECURITY UPDATE: safe level bypass via DL.dlopen
    - debian/patches/958_CVE-2008-3657.patch: adjust rb_str_to_ptr and
      rb_ary_to_ptr in ext/dl/dl.c and rb_dlsym_call in ext/dl/sym.c to
      propogate taint and check taintness of DLPtrData
    - CVE-2008-3657
  * SECURITY UPDATE: safe level bypass via multiple vectors
    - debian/patches/959_CVE-2008-3655.patch: use rb_secure(4) in variable.c
      and syslog.c, check for secure level 3 or higher in eval.c and make
      sure PROGRAM_NAME can't be modified
    - CVE-2008-3655

 -- Jamie Strandboge <email address hidden> Thu, 09 Oct 2008 09:28:03 -0500