|
|
| Problem Description |
Multiple vulnerabilities have been found in the Ruby interpreter and
in Webrick, the webserver bundled with Ruby.
Directory traversal vulnerability in WEBrick in Ruby 1.8 before
1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on
systems that support backslash () path separators or case-insensitive
file names, allows remote attackers to access arbitrary files via
(1) ..%5c (encoded backslash) sequences or (2) filenames that match
patterns in the :NondisclosureName option. (CVE-2008-1145)
Multiple integer overflows in the rb_str_buf_append function in
Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before
1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2
allow context-dependent attackers to execute arbitrary code or
cause a denial of service via unknown vectors that trigger memory
corruption, a different issue than CVE-2008-2663, CVE-2008-2664,
and CVE-2008-2725. (CVE-2008-2662)
Multiple integer overflows in the rb_ary_store function in Ruby
1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230,
and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to
execute arbitrary code or cause a denial of service via unknown
vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and
CVE-2008-2725. (CVE-2008-2663)
The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before
1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0
before 1.9.0-2 allows context-dependent attackers to trigger memory
corruption via unspecified vectors related to alloca, a different issue
than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. (CVE-2008-2664)
Integer overflow in the rb_ary_splice function in Ruby 1.8.4
and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230,
and 1.8.7 before 1.8.7-p22 allows context-dependent attackers to
trigger memory corruption via unspecified vectors, aka the REALLOC_N
variant, a different issue than CVE-2008-2662, CVE-2008-2663, and
CVE-2008-2664. (CVE-2008-2725)
Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and
earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before
1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers
to trigger memory corruption, aka the beg + rlen issue. (CVE-2008-2726)
Integer overflow in the rb_ary_fill function in array.c in Ruby before
revision 17756 allows context-dependent attackers to cause a denial
of service (crash) or possibly have unspecified other impact via a
call to the Array#fill method with a start (aka beg) argument greater
than ARY_MAX_SIZE. (CVE-2008-2376)
The updated packages have been patched to fix these issues.
| Updated Packages |
Corporate Server 3.0
078849cb78d43bbe44aed5faba17ce36 corporate/3.0/i586/ruby-1.8.1-1.10.C30mdk.i586.rpm 0c7e275a33a125c790cd109d67ff7355 corporate/3.0/i586/ruby-devel-1.8.1-1.10.C30mdk.i586.rpm 1e30796a41e440eb9a1ca6589737bd88 corporate/3.0/i586/ruby-doc-1.8.1-1.10.C30mdk.i586.rpm 0414d9413e6d5fbed3cad3096ca1e23c corporate/3.0/i586/ruby-tk-1.8.1-1.10.C30mdk.i586.rpm c75fdfc1387b13c4fe50f929b9125516 corporate/3.0/SRPMS/ruby-1.8.1-1.10.C30mdk.src.rpm
Corporate Server 3.0/X86_64
4b6992996fe4d1df03c189bdd51b14bc corporate/3.0/x86_64/ruby-1.8.1-1.10.C30mdk.x86_64.rpm 475a0ee98a513a4d2aada6fdbe33ff9c corporate/3.0/x86_64/ruby-devel-1.8.1-1.10.C30mdk.x86_64.rpm 8fc454cc2d5edb758958e72ee2f92d03 corporate/3.0/x86_64/ruby-doc-1.8.1-1.10.C30mdk.x86_64.rpm dfac76704ce02fd86b5fc8e29bd8ea34 corporate/3.0/x86_64/ruby-tk-1.8.1-1.10.C30mdk.x86_64.rpm c75fdfc1387b13c4fe50f929b9125516 corporate/3.0/SRPMS/ruby-1.8.1-1.10.C30mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2376
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.