*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: ruby1.8 *** Source: http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code- execution-vulnerabilities/ *** Present on Ubuntu Gutsy Gibbon 7.10 (desktop and server) Impact With the following vulnerabilities, an attacker can lead to denial of service condition or execute arbitrary code. * CVE-2008-2662 * CVE-2008-2663 * CVE-2008-2725 * CVE-2008-2726 * CVE-2008-2727 * CVE-2008-2728 * CVE-2008-2664 Vulnerable versions 1.8 series * 1.8.4 and all prior versions * 1.8.5-p230 and all prior versions * 1.8.6-p229 and all prior versions * 1.8.7-p21 and all prior versions 1.9 series * 1.9.0-1 and all prior versions Solution 1.8 series Please upgrade to 1.8.5-p231, or 1.8.6-p230, or 1.8.7-p22. * <URL:ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p231.tar.gz> (md5sum: e900cf225d55414bffe878f00a85807c) * <URL:ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p230.tar.gz> (md5sum: 5e8247e39be2dc3c1a755579c340857f) * <URL:ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p22.tar.gz> (md5sum: fc3ede83a98f48d8cb6de2145f680ef2) 1.9 series Please upgrade to 1.9.0-2. * <URL:ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.0-2.tar.gz> (md5sum: 2a848b81ed1d6393b88eec8aa6173b75) These versions also fix the vulnerability of WEBrick (CVE-2008-1891). ** Affects: ruby1.8 (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- Multiple vulnerabilities in Ruby may lead to a denial of service (DoS) condition or allow execution of arbitrary code. https://bugs.launchpad.net/bugs/241657 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
