[Security Announce] [ MDVSA-2008:140 ] - Updated ruby packages fix vulnerabilities

[news 28]

This is a multi-part message in MIME format...

 

------------=_1215654334-11275-7242

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2008:140

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : ruby

Date : July 9, 2008

Affected: 2008.1

_______________________________________________________________________

 

Problem Description:

 

Multiple vulnerabilities have been found in the Ruby interpreter and

in Webrick, the webserver bundled with Ruby.

 

Directory traversal vulnerability in WEBrick in Ruby 1.9.0

and earlier, when using NTFS or FAT filesystems, allows remote

attackers to read arbitrary CGI files via a trailing (1) + (plus),

(2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or

(5) %20 (encoded space) character in the URI, possibly related to

the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new

functionality and the :DocumentRoot option. (CVE-2008-1891)

 

Multiple integer overflows in the rb_str_buf_append function in

Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before

1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2

allow context-dependent attackers to execute arbitrary code or

cause a denial of service via unknown vectors that trigger memory

corruption. (CVE-2008-2662)

 

Multiple integer overflows in the rb_ary_store function in Ruby

1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230,

and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to

execute arbitrary code or cause a denial of service via unknown

vectors. (CVE-2008-2663)

 

The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before

1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0

before 1.9.0-2 allows context-dependent attackers to trigger memory

corruption via unspecified vectors related to alloca. (CVE-2008-2664)

 

Integer overflow in the rb_ary_splice function in Ruby 1.8.4

and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230,

and 1.8.7 before 1.8.7-p22 allows context-dependent attackers to

trigger memory corruption via unspecified vectors, aka the REALLOC_N

variant. (CVE-2008-2725)

 

Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and

earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before

1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers

to trigger memory corruption, aka the beg + rlen issue. (CVE-2008-2726)

 

Integer overflow in the rb_ary_fill function in array.c in Ruby before

revision 17756 allows context-dependent attackers to cause a denial

of service (crash) or possibly have unspecified other impact via a

call to the Array#fill method with a start (aka beg) argument greater

than ARY_MAX_SIZE. (CVE-2008-2376)

 

The updated packages have been patched to fix these issues.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1891

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2376

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2008.1:

0e1e1ae20f5896be9834c92122ca7370 2008.1/i586/ruby-1.8.6-9p114.1mdv2008.1.i586.rpm

36d73cca1086770e7279fd1dd14e4e2f 2008.1/i586/ruby-devel-1.8.6-9p114.1mdv2008.1.i586.rpm

587b0727fe52509778bf1848e5a83de3 2008.1/i586/ruby-doc-1.8.6-9p114.1mdv2008.1.i586.rpm

04f6c795bc9b7e54f055e0da561ca045 2008.1/i586/ruby-tk-1.8.6-9p114.1mdv2008.1.i586.rpm

b7598818fcbe7488f1d2e65a4881aa6a 2008.1/SRPMS/ruby-1.8.6-9p114.1mdv2008.1.src.rpm

 

Mandriva Linux 2008.1/X86_64:

8de0e1cf1ca63db2336406dbdddf293d 2008.1/x86_64/ruby-1.8.6-9p114.1mdv2008.1.x86_64.rpm

93a8132e84bd61ef5bc79e5833075fa2 2008.1/x86_64/ruby-devel-1.8.6-9p114.1mdv2008.1.x86_64.rpm

0b6b2455e98dfbaf65cf91094fc3ca09 2008.1/x86_64/ruby-doc-1.8.6-9p114.1mdv2008.1.x86_64.rpm

ca1998f680630b126d243135f765e8e2 2008.1/x86_64/ruby-tk-1.8.6-9p114.1mdv2008.1.x86_64.rpm

b7598818fcbe7488f1d2e65a4881aa6a 2008.1/SRPMS/ruby-1.8.6-9p114.1mdv2008.1.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFIdT7dmqjQ0CJFipgRAqx2AKDVcwjVj0MG/KrpovmuN0lr80ji6gCginyN

XY+EoayKcK8xfkVCiuDdk40=

=4hYe

-----END PGP SIGNATURE-----

 

 

------------=_1215654334-11275-7242

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1215654334-11275-7242--