View Full Version : USN-691-1: Ruby vulnerability

December 16th, 2008, 04:30 PM
Referenced CVEs:
CVE-2008-3443, CVE-2008-3790

================================================== ========= Ubuntu Security Notice USN-691-1 December 16, 2008 ruby1.9 vulnerability CVE-2008-3443, CVE-2008-3790 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: ruby1.9 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Laurent Gaffie discovered that Ruby did not properly check for memory allocation failures. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service. (CVE-2008-3443) This update also fixes a regression in the upstream patch previously applied to fix CVE-2008-3790. The regression would cause parsing of some XML documents to fail.

More... (http://www.ubuntu.com/usn/USN-691-1)