-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJSliQBAAoJEGVp2FWnRL6TKqYQAITyKWIUoQyfbT/mCemXRJYJ
iqCN+DjDbdWcDBS9Z8HbdKg18kG7Yp7XDMwUr/C4qVu2FlOqlTHqpLyQkzP6/+Sp
rsGlbfbGYUFtBYXQhU8B+HarqeYlT9phQ3vd9P9snE5EawvklGv/s3F6XlOGZdqX
hGuy7pesndh8WQKpPKI5tHWl+4RsJv4kGGGfUOlmKEMk7cKFVKOn2OjUVo/uk8UM
1zQ+/H6a4shLmbp1lULV9EtcrNLggLYgW72IdZZqIwk+RnOvzeV6sW8uy4knTWKc
oGGZq857PlwSWg517xn4VyJeDA7eTGcOA/aTRPqf3yoQJBBCCDLD05j6rkkvs05k
aTSQvtUP5FWHLd1fYKHSkazb+W+llM95AfWK6wTXsAoKt/ZYQMeizvRdM1vQpHG0
rJCYnhzWIc+8fNj1fFGM/m7FR0iCSmqWaRVORkySOTMdofbgotF3G+e/1st8dHMN
wEobRRHvLDIkwF5mvFC5PccJ2KBFmo7J+xCGfKUKCwuvLPpnPRhjbOUWj9whLgM1
KDKvFFL9vjeHpHQvrKxcBMCRB80vtm2tf6GgMDQQQGdMOlIAl905OTYk1BxGyhQH
ayqc8o7y5CA6txn9QeaiIu3Eq6X85v9elsex63QDq00YA7F3+lLUsIbfz5V1jm1q
KwdpKj0rLrwv79eCuDnC
=m5n2
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2035-1
November 27, 2013
ruby1.8, ruby1.9.1 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Ruby.
Software Description:
- ruby1.8: Object-oriented scripting language
- ruby1.9.1: Object-oriented scripting language
Details:
Charlie Somerville discovered that Ruby incorrectly handled floating point
number conversion. An attacker could possibly use this issue with an
application that converts text to floating point numbers to cause the
application to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2013-4164)
Vit Ondruch discovered that Ruby did not perform taint checking for certain
functions. An attacker could possibly use this issue to bypass certain
intended restrictions. (CVE-2013-2065)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
libruby1.8 1.8.7.358-7ubuntu2.1
libruby1.9.1 1.9.3.194-8.1ubuntu2.1
ruby1.8 1.8.7.358-7ubuntu2.1
ruby1.9.1 1.9.3.194-8.1ubuntu2.1
Ubuntu 13.04:
libruby1.8 1.8.7.358-7ubuntu1.2
libruby1.9.1 1.9.3.194-8.1ubuntu1.2
ruby1.8 1.8.7.358-7ubuntu1.2
ruby1.9.1 1.9.3.194-8.1ubuntu1.2
Ubuntu 12.10:
libruby1.8 1.8.7.358-4ubuntu0.4
libruby1.9.1 1.9.3.194-1ubuntu1.6
ruby1.8 1.8.7.358-4ubuntu0.4
ruby1.9.1 1.9.3.194-1ubuntu1.6
Ubuntu 12.04 LTS:
libruby1.8 1.8.7.352-2ubuntu1.4
libruby1.9.1 1.9.3.0-1ubuntu2.8
ruby1.8 1.8.7.352-2ubuntu1.4
ruby1.9.1 1.9.3.0-1ubuntu2.8
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2035-1
CVE-2013-2065, CVE-2013-4164
Package Information:
https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.358-7ubuntu2.1
https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-8.1ubuntu2.1
https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.358-7ubuntu1.2
https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-8.1ubuntu1.2
https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.358-4ubuntu0.4
https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-1ubuntu1.6
https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.352-2ubuntu1.4
https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.0-1ubuntu2.8
No comments:
Post a Comment