exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Security Advisory 2809-1

Debian Security Advisory 2809-1
Posted Dec 5, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2809-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language.

tags | advisory, vulnerability, ruby
systems | linux, debian
advisories | CVE-2013-1821, CVE-2013-4073, CVE-2013-4164
SHA-256 | 8cf75779505f2c2d90a0e3c0b819ef71e8ce28e7a5c7874d20b80f024dd05ae3

Debian Security Advisory 2809-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2809-1 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
December 04, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : ruby1.8
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1821 CVE-2013-4073 CVE-2013-4164
Debian Bug : 702526 714541 730189

Several vulnerabilities have been discovered in the interpreter for the
Ruby language. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2013-1821

Ben Murphy discovered that unrestricted entity expansion in REXML
can lead to a Denial of Service by consuming all host memory.

CVE-2013-4073

William (B.J.) Snow Orvis discovered a vulnerability in the hostname
checking in Ruby's SSL client that could allow man-in-the-middle
attackers to spoof SSL servers via a crafted certificate issued by a
trusted certification authority.

CVE-2013-4164

Charlie Somerville discovered that Ruby incorrectly handled floating
point number conversion. If an application using Ruby accepted
untrusted input strings and converted them to floating point
numbers, an attacker able to provide such input could cause the
application to crash or, possibly, execute arbitrary code with the
privileges of the application.

For the oldstable distribution (squeeze), these problems have been fixed in
version 1.8.7.302-2squeeze2.

For the stable distribution (wheezy), these problems have been fixed in
version 1.8.7.358-7.1+deb7u1.

For the unstable distribution (sid), these problems have been fixed in
version 1.8.7.358-9.

We recommend that you upgrade your ruby1.8 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCgAGBQJSn55AAAoJEAVMuPMTQ89EKpcP/ROwTK5keLHdzpwMu5DXCanq
vkOWJ3ccPC+Dn5Iz8Fe1i6TtB+XxeF5ZLtmJ6WzANKTuEbteJOXyYBpYwxn0KVp2
dONlNbpfcb0MjyVb+mSCiBzT/VAx3WyODqWNCz5H/yChp5OtOIFqOcRJd8THjqIR
uzzqpu0nvD2h8kR/jKD696liO8izHDfJOYbhpAHXqyUpCqA5kxtlHZFO3nVDPr4y
e3qVNQ15rCJ77NcUocaLffDAgbcTUeMcQLmYg1EHjX767wqpzMCeZEwsf4jK4iAc
J+pmQSpc3dokq8OCRUtgteSbkHkvxR9MkjoSP87R4/SuywoYkDbcUfQSQ8Hav73J
T/l/MXU25fpcChopxfET52ZBT/Qt5K1i74EyXAl6B3sX1LhpzPqbpvFEr8rQhcU3
flEhgCaPc10q2v7pg8UvttVGkmJ8nwNxnbjmTnzbZAY1RqhcUK9qo/xG1T/EJopj
1WIDgOdg88v+YkRrdOOZwRkzOiZLS2wbltgEs6tecMyxP79+zzsoxs1uzKQz4I+H
Y+ie9PS2xp8zf1x6VXlMoZRXWhdiY1rm7t3QXJNuQBCvDAPxEUwJEf6FK7d9QzY5
VkLtng309vQiZ2CUwADOglBpMyaSVPMs/GlPoUVd75mb0N5SNJksmLxAOKhs1WRc
n2j7oQpxX5W0l0N7WV7q
=VeHD
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close