what you don't know can hurt you

Debian Security Advisory 2809-1

Debian Security Advisory 2809-1
Posted Dec 5, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2809-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language.

tags | advisory, vulnerability, ruby
systems | linux, debian
advisories | CVE-2013-1821, CVE-2013-4073, CVE-2013-4164
MD5 | e799f488cbc7b8db8045f474277c1fdd

Debian Security Advisory 2809-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2809-1 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
December 04, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : ruby1.8
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1821 CVE-2013-4073 CVE-2013-4164
Debian Bug : 702526 714541 730189

Several vulnerabilities have been discovered in the interpreter for the
Ruby language. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2013-1821

Ben Murphy discovered that unrestricted entity expansion in REXML
can lead to a Denial of Service by consuming all host memory.

CVE-2013-4073

William (B.J.) Snow Orvis discovered a vulnerability in the hostname
checking in Ruby's SSL client that could allow man-in-the-middle
attackers to spoof SSL servers via a crafted certificate issued by a
trusted certification authority.

CVE-2013-4164

Charlie Somerville discovered that Ruby incorrectly handled floating
point number conversion. If an application using Ruby accepted
untrusted input strings and converted them to floating point
numbers, an attacker able to provide such input could cause the
application to crash or, possibly, execute arbitrary code with the
privileges of the application.

For the oldstable distribution (squeeze), these problems have been fixed in
version 1.8.7.302-2squeeze2.

For the stable distribution (wheezy), these problems have been fixed in
version 1.8.7.358-7.1+deb7u1.

For the unstable distribution (sid), these problems have been fixed in
version 1.8.7.358-9.

We recommend that you upgrade your ruby1.8 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCgAGBQJSn55AAAoJEAVMuPMTQ89EKpcP/ROwTK5keLHdzpwMu5DXCanq
vkOWJ3ccPC+Dn5Iz8Fe1i6TtB+XxeF5ZLtmJ6WzANKTuEbteJOXyYBpYwxn0KVp2
dONlNbpfcb0MjyVb+mSCiBzT/VAx3WyODqWNCz5H/yChp5OtOIFqOcRJd8THjqIR
uzzqpu0nvD2h8kR/jKD696liO8izHDfJOYbhpAHXqyUpCqA5kxtlHZFO3nVDPr4y
e3qVNQ15rCJ77NcUocaLffDAgbcTUeMcQLmYg1EHjX767wqpzMCeZEwsf4jK4iAc
J+pmQSpc3dokq8OCRUtgteSbkHkvxR9MkjoSP87R4/SuywoYkDbcUfQSQ8Hav73J
T/l/MXU25fpcChopxfET52ZBT/Qt5K1i74EyXAl6B3sX1LhpzPqbpvFEr8rQhcU3
flEhgCaPc10q2v7pg8UvttVGkmJ8nwNxnbjmTnzbZAY1RqhcUK9qo/xG1T/EJopj
1WIDgOdg88v+YkRrdOOZwRkzOiZLS2wbltgEs6tecMyxP79+zzsoxs1uzKQz4I+H
Y+ie9PS2xp8zf1x6VXlMoZRXWhdiY1rm7t3QXJNuQBCvDAPxEUwJEf6FK7d9QzY5
VkLtng309vQiZ2CUwADOglBpMyaSVPMs/GlPoUVd75mb0N5SNJksmLxAOKhs1WRc
n2j7oQpxX5W0l0N7WV7q
=VeHD
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    2 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    15 Files
  • 20
    Oct 20th
    20 Files
  • 21
    Oct 21st
    12 Files
  • 22
    Oct 22nd
    14 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close