User: Password:
|
|
Subscribe / Log in / New account

Debian alert DSA-748-1 (ruby)

From:  Michael Stone <mstone@klecker.debian.org>
To:  debian-security-announce@lists.debian.org
Subject:  [SECURITY] [DSA 748-1] New ruby1.8 packages fix arbitrary command execution
Date:  Mon, 11 Jul 2005 13:44:31 +0200

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 748-1 security@debian.org http://www.debian.org/security/ Michael Stone July 10, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : ruby1.8 Vulnerability : arbitrary command execution Problem type : bad default value Debian-specific: no CVE ID : CAN-2005-1992 A vulnerability has been discovered in ruby1.8 that could allow arbitrary command execution on a server running the ruby xmlrpc server. The old stable distribution (woody) did not include ruby1.8. This problem is fixed for the current stable distribution (sarge) in version 1.8.2-7sarge1. This problem is fixed for the unstable distribution in version 1.8.2-8. We recommend that you upgrade your ruby1.8 package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 3.1 (sarge) - ------------------ sarge was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 1024 d14377473cdeb0a26538b6137faa5c66 http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 529167 25de3bdf1775f90246f76e50a6aba24a http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 3623780 4bc5254bec262d18cf1ceef03aae8bdf Architecture independent packages: http://security.debian.org/pool/updates/main/r/ruby1.8/ri... Size/MD5 checksum: 704400 f9004f2fedac63615c50bf6dab046fda http://security.debian.org/pool/updates/main/r/ruby1.8/ir... Size/MD5 checksum: 166072 60511fe4d9427eaf5a1d8df2ecba2e36 http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 216196 b08d57bed7996624c1a601e866329fc0 http://security.debian.org/pool/updates/main/r/ruby1.8/rd... Size/MD5 checksum: 234004 47a6c5a62e9f73f4a34d04824874bc99 http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 142196 bcf34b40ab001265127728099452f800 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 151536 7ad683fac513e46996628a20ff6d3356 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 135552 c553fb4dce8871a275bb896848355bbb http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 137110 920de906ca471e12ced86b56ff8f9366 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 1468148 8a3ac95d4886583af1b97d937d849370 http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 795320 d8d640aab99c18fa596b09f03c8c4d2d http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 826790 c148490eceaa8969e138592020813f6f http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 133032 b7c0d0e594dc012ecc73c8490f1b9ba6 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 1449782 56d55e6c9df86dd7fb46c2fd939408ea http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 237188 7d45e77345bc580ca8382f29203c7cb1 arm architecture (ARM) http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 743330 564d6353a5d64d77417f5a6ffcf9a9e7 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 1440694 24737b7854ab18b09bb9e6b4f303c2a3 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 1347836 8f79580b86d089a5b43236c756dd471e http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 151074 7846a4af8f3038d0b54c9e31979ddaa8 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 131352 69bccef101a65da4e60f46fc7cdebc3d http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 659604 ed60810b767dbac00807c055dffb077c http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 133974 03f175228880f3e67884278964af9c44 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 135070 f0c48c0fcded7fad805d52c9ba11a374 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 221986 59fea0388c3f8d69e5665d67686e419f hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 136124 aa4ec29a5603524a3a99068328bd2890 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 133314 06831884efd70902c8aaad45bf6418a9 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 246472 e18f8e843b24a50f132667ffdd37b066 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 1500408 0f9edd9f4b205e7b9ca0cad505229564 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 1453302 f6ae09a3da2cef1f52baead88a7fe8eb http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 839358 ed8caa18b5becb20c142ca5f5f4b3d10 http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 735292 747451a46dcd4b2f4eab683ecbfb1b1a http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 151662 d86c380a9955d76caa3c5f926ffab9c9 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 137786 a3289420dcbf65defb518e7baa9e5664 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 757634 1c4eacc0d440daf346b9840ff4906a02 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 1439660 16ebd5860eb7ce78e2c5207269abd1ae http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 621934 5ff7f6069562d4552425b42d5f36a44b http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 151160 09a9272d40c33d8405609c0e0ce9f6ff http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 135784 9d2429dc457718bd993150d535b72992 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 134530 e3bd1cfa5f649d7a20bb51ef66a348de http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 224488 3b87ea10a0cc9caebc2fdb6b57298dae http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 131534 3b90f35710b1f797ca33ec942bbdc061 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 1349126 1ee770bca87a88e399c8c4f77a3ccfdf ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 866786 4062c4ab81135dd456ab1e7db46557f1 http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 151990 0097a803bdb56626f3c1875fd5befd4f http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 138178 fc8c3461455ffbf6592a5eacf5972a42 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 265250 3872b4240e71ab5a86c3ebfe00c5749c http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 1703116 d7f9a2384dd0db85e342916155b68740 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 1462560 d7a7c73d4e83e59b803828adde5f097d http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 135386 13759baab835003fddbac010632c867d http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 140004 7dd9e61a7abbdeacd3264250d9d9cf78 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 997468 8357023376acc0f4363f6d7d986562f8 m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 230308 48024963051c3ccf8458b9ee4b6e5ab1 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 134000 58b3e21ca9e7c1b06d5ae24cf7d1fcb6 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 1332362 35568fb709d0a8bb45a18ef93133b4dd http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 1438972 bb805f3e9f2db92d1c2d5d0e3feb6901 http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 151028 02689b83b0d0dc0cc8755a062a2527c3 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 135380 21db9337dae209c4e49ec6acb1fcfcf6 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 729576 f94a068b39584d74537e5f65cfaa9a99 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 131684 3ad3d523ebeee21d80f719e9a787cefe http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 552530 74670dad735e6a189b0d47789e1e2a43 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 683568 56200fb8806a1375f0e6bcc95accb229 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 763272 8f8ae4dd98b5c2636db18ad2f759526f http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 133774 4b975e5153049d8ed451b62fda972f98 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 1435686 b519dffb4ea63ce422676a9726d5a293 http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 151812 14b9bc2f30a6b1bbbbdd488f67089507 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 215090 383d30a807b65a4d640362c0a17d61ec http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 1355828 1ceede1d947d90aa282f691125e772d1 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 135142 7b4848c09eb350b78a21f20c31f0d037 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 131258 650422e74a3224c83febcc808f12dfad mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 756344 0902f6e34ac2da00ccb6a8f497785a51 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 133792 a156c60a8da03d4fb2a5a6d2a543f099 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 135158 8e97465aa547f8101a351df74617adfe http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 151796 1d678358ebb525b0ad99e1e21c0678b6 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 1435836 99e1916c1e373d607b181be087e20c0d http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 677402 335fd9c10febcccf380ac6483611485b http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 214298 32568fc97cb013a5ae69269364236dd6 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 1357300 c9139962bd699085ce93af7e7e38bea8 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 131204 01c4c965d5806407775720c4aa7c6758 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 136366 307c39c6ba0b8859c926add812959f1b http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 224690 d6cbd4ea63e218a9f7d3ffd885ca5812 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 137434 df4659294003b02b2775b1fc06241a02 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 1405706 8e1764862dc1a8bd4dab3ce803d46c97 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 969804 ad56b9d0845fae35ad9d2c355e097e0e http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 1444018 e72ce9936c5f1fa7e2f03685f575678e http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 620414 b5c4a9ee758871b12ade251370acdafa http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 152960 208e5b3c9eea867bf5f22a157f1780a3 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 133426 a3085fd784eb8ffa69433fbbc7989e2e s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 674136 1c8f6d61b5c1a5b64f739356cab851b1 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 1430890 391dc5d38b4296d1d130a7e3180fcb8b http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 136752 afca1f7aad665e4ef2eaf575063568df http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 239460 31b887aab09ddcd2e4c73b59a763e9f7 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 1446898 c68eebe3a5aefd2481c5f2be11d1b288 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 907170 ef7a778b5c3ff7d7018249d12ed1cc42 http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 151324 7b6eef790b8521af70caccc2222648b1 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 132744 9ad294790e0671a9554f51e9e98dcfae http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 135400 9316718a838de0e4eb70d2219f62deda sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 151092 6c8703faeef65dbe01c8bc3ca58eb21c http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 228680 f42008816718184b32ed9fbc9e9792de http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 134242 1454796bb631a487b1a09c0b79f74612 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 1441658 a8f4b6b51a04f34d5af8e42b9aaca089 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 135444 e863c95f206b5f962f6e54cacd4d86d1 http://security.debian.org/pool/updates/main/r/ruby1.8/ru... Size/MD5 checksum: 645918 f37ee519426241b04c45696ebec8e0fe http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 747554 475e9a0ca6eb5bda8f902aa072a83778 http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 131602 5e7709c25e545b412f7dfda412b35e6d http://security.debian.org/pool/updates/main/r/ruby1.8/li... Size/MD5 checksum: 1372542 1afe6cef5b2a0bde500017af7f8fab05 - ------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iQCVAwUBQtJbLg0hVr09l8FJAQIM/QQAoeoGqVugoBJmeElz3n98cgrgO0TpeAs0 wNlF8usNl7rdcsimJF6MIBJsbvCPtTIbbqwDKegNqi6rJKvDBCSBBZ7HEiDx/2iE rkjUNYs8XVUq/5BZYnv2tk7g3IfEhdzbVs0Rohiz0EoC4Y7WYgpzbUJ0B13hd824 JLPqMOc1v+M= =FQJL -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds