[Secure-testing-team] Bug#487238: ruby1.8: Arbitrary code execution vulnerability and so on
Daigo Moriwaki
daigo at debian.org
Fri Jun 20 13:52:33 UTC 2008
Package: ruby1.8
Version: 1.8.6.114-2
Severity: grave
Tags: security
Justification: user security hole
The upstream has announced multiple vulnerabilities in Ruby. They may lead
to a denial of service (DoS) condition or allow execution of arbitrary code.
* CVE-2008-2662
* CVE-2008-2663
* CVE-2008-2725
* CVE-2008-2726
* CVE-2008-2727
* CVE-2008-2728
* CVE-2008-2664
Vulnerable versions
1.8 series
* 1.8.4 and all prior versions
* 1.8.5-p230 and all prior versions
* 1.8.6-p229 and all prior versions
* 1.8.7-p21 and all prior versions
1.9 series
* 1.9.0-1 and all prior versions
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'stable'), (90, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.24-1-686 (SMP w/2 CPU cores)
Locale: LANG=ja_JP.eucJP, LC_CTYPE=ja_JP.eucJP (charmap=EUC-JP)
Shell: /bin/sh linked to /bin/bash
Versions of packages ruby1.8 depends on:
ii libc6 2.7-10 GNU C Library: Shared libraries
ii libruby1.8 1.8.6.114-2 Libraries necessary to run Ruby 1.
ruby1.8 recommends no packages.
-- no debconf information
More information about the Secure-testing-team
mailing list