exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Security Advisory 2738-1

Debian Security Advisory 2738-1
Posted Aug 19, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2738-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems.

tags | advisory, denial of service, vulnerability, ruby
systems | linux, debian
advisories | CVE-2013-1821, CVE-2013-4073
SHA-256 | 5ee13cb1795d7a48b2912c75782eed27a5d04bc434a31b0a2a81f910b352d4a0

Debian Security Advisory 2738-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2738-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
August 18, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : ruby1.9.1
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1821 CVE-2013-4073
Debian Bug : 702525 714543

Several vulnerabilities have been discovered in the interpreter for
the Ruby language, which may lead to denial of service and other
security problems. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2013-1821

Ben Murphy discovered that unrestricted entity expansion in REXML
can lead to a Denial of Service by consuming all host memory.

CVE-2013-4073

William (B.J.) Snow Orvis discovered a vulnerability in the hostname
checking in Ruby's SSL client that could allow man-in-the-middle
attackers to spoof SSL servers via valid certificate issued by a
trusted certification authority.

For the oldstable distribution (squeeze), these problems have been fixed in
version 1.9.2.0-2+deb6u1.

For the stable distribution (wheezy), these problems have been fixed in
version 1.9.3.194-8.1+deb7u1.

For the unstable distribution (sid), these problems have been fixed in
version 1.9.3.194-8.2.

We recommend that you upgrade your ruby1.9.1 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJSENmEAAoJEFb2GnlAHawE/LUH/jK+Uvl5xY1vfvSbWOMnSQvm
ridGMLtMkJEv8l7t+UFU8RUH+avbFfNN0sC7oapLDqUWbWLWty5iO60f8MjcXVwA
wuGdDrvJWIqRChf8HG7I0sQm+htKGbDW5WgwzXb1TpHJUUaKFDDWI5Bk5LqsAUMb
xRSnCVE4QQ8rWFHj1sqCMHGTg3QmNSZWlzTfTo0giB9GosNDCa62vgat4pkSjRG6
YHLXsWbEq+noXf1RtGr3ZrxduVzkD1yGdtO8GEoDMzwyhecySBHpABt+HbmjmoYu
yI9UHupCaC3CbimhBFcwQtG7m41T0eEUMjHud2XMdelO0FVi6chO6cweXDxJi8I=
=OKd7
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close