[Bug 261459] Re: DOS Vulnerability in Ruby REXML

Launchpad Bug Tracker Thu, 09 Oct 2008 19:11:05 -0700

This bug was fixed in the package ruby1.8 - 1.8.6.111-2ubuntu1.2

---------------
ruby1.8 (1.8.6.111-2ubuntu1.2) hardy-security; urgency=low


  * SECURITY UPDATE: denial of service via resource exhaustion in the REXML
    module (LP: #261459)
    - debian/patches/102_CVE-2008-3790.dpatch: adjust rexml/document.rb and
      rexml/entity.rb to use expansion limits
    - CVE-2008-3790
  * SECURITY UPDATE: integer overflow in rb_ary_fill may cause denial of
    service (LP: #246818)
    - debian/patches/103_CVE-2008-2376.dpatch: adjust array.c to properly
      check argument length
    - CVE-2008-2376
  * SECURITY UPDATE: denial of service via multiple long requests to a Ruby
    socket
    - debian/patches/104_CVE-2008-3443.dpatch: adjust regex.c to not use ruby
      managed memory and check for allocation failures
    - CVE-2008-3443
  * SECURITY UPDATE: denial of service via crafted HTTP request (LP: #257122)
    - debian/patches/105_CVE-2008-3656.dpatch: update webrick/httputils.rb to
      properly check paths ending with '.'
    - CVE-2008-3656
  * SECURITY UPDATE: predictable transaction id and source port for DNS
    requests (separate vulnerability from CVE-2008-1447)
    - debian/patches/106_CVE-2008-3905.dpatch: adjust resolv.rb to use
      SecureRandom for transaction id and source port
    - CVE-2008-3905
  * SECURITY UPDATE: safe level bypass via DL.dlopen
    - debian/patches/107_CVE-2008-3657.dpatch: adjust rb_str_to_ptr and
      rb_ary_to_ptr in ext/dl/dl.c and rb_dlsym_call in ext/dl/sym.c to
      propogate taint and check taintness of DLPtrData
    - CVE-2008-3657
  * SECURITY UPDATE: safe level bypass via multiple vectors
    - debian/patches/108_CVE-2008-3655.dpatch: use rb_secure(4) in variable.c
      and syslog.c, check for secure level 3 or higher in eval.c and make
      sure PROGRAM_NAME can't be modified
    - CVE-2008-3655

 -- Jamie Strandboge <[EMAIL PROTECTED]>   Tue, 07 Oct 2008 13:34:00
-0500

** Changed in: ruby1.8 (Ubuntu Hardy)
       Status: In Progress => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-1447

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2376

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-3443

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-3655

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-3656

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-3657

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-3905

** Changed in: ruby1.8 (Ubuntu Gutsy)
       Status: In Progress => Fix Released

-- 
DOS Vulnerability in Ruby REXML
https://bugs.launchpad.net/bugs/261459
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 261459] Re: DOS Vulnerability in Ruby REXML

Reply via email to