Mandriva Linux Security Advisory - Denial of service, spoofing, and bypass vulnerabilities exist in Ruby.
488309119dea14c6a264f6053e8b8d14c8d560c0a40a71fd0e398684d17eb685
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:226
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ruby
Date : November 6, 2008
Affected: 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A denial of service condition was found in Ruby's regular expression
engine. If a Ruby script tried to process a large amount of data
via a regular expression, it could cause Ruby to enter an infinite
loop and crash (CVE-2008-3443).
A number of flaws were found in Ruby that could allow an attacker to
create a carefully crafted script that could allow for the bypass of
certain safe-level restrictions (CVE-2008-3655).
A denial of service vulnerability was found in Ruby's HTTP server
toolkit, WEBrick. A remote attacker could send a specially-crafted
HTTP request to a WEBrick server that would cause it to use an
excessive amount of CPU time (CVE-2008-3656).
An insufficient taintness check issue was found in Ruby's DL module,
a module that provides direct access to the C language functions.
This flaw could be used by an attacker to bypass intended safe-level
restrictions by calling external C functions with the arguments from
an untrusted tainted input (CVE-2008-3657).
A denial of service condition in Ruby's XML document parsing module
(REXML) could cause a Ruby application using the REXML module to use
an excessive amount of CPU and memory via XML documents with large
XML entitity definitions recursion (CVE-2008-3790).
The Ruby DNS resolver library used predictable transaction IDs and
a fixed source port when sending DNS requests. This could be used
by a remote attacker to spoof a malicious reply to a DNS query
(CVE-2008-3905).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3905
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
b0f0593d07a6631aaa701924c6beacff 2008.0/i586/ruby-1.8.6-5.3mdv2008.0.i586.rpm
7d914e909536c61b2ce0ad112229054c 2008.0/i586/ruby-devel-1.8.6-5.3mdv2008.0.i586.rpm
35ab076f8519d913074acb3f8add7365 2008.0/i586/ruby-doc-1.8.6-5.3mdv2008.0.i586.rpm
0e2b9e08dd9180b17391f0dc1d88bc64 2008.0/i586/ruby-tk-1.8.6-5.3mdv2008.0.i586.rpm
df8cd74ee6670f3f016c5e1b7912ba2a 2008.0/SRPMS/ruby-1.8.6-5.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
198e6e4c2ae919c066d900e1d44a8ea6 2008.0/x86_64/ruby-1.8.6-5.3mdv2008.0.x86_64.rpm
fc7e8c154348d0921f0d2002f3ee0fa9 2008.0/x86_64/ruby-devel-1.8.6-5.3mdv2008.0.x86_64.rpm
62027ed3409c5f56d7a07128246bdd7e 2008.0/x86_64/ruby-doc-1.8.6-5.3mdv2008.0.x86_64.rpm
e624bee3bc855bbd2068b3c850601926 2008.0/x86_64/ruby-tk-1.8.6-5.3mdv2008.0.x86_64.rpm
df8cd74ee6670f3f016c5e1b7912ba2a 2008.0/SRPMS/ruby-1.8.6-5.3mdv2008.0.src.rpm
Mandriva Linux 2008.1:
f88546be7edc6f3801915cedd95fb1e0 2008.1/i586/ruby-1.8.6-9p114.2mdv2008.1.i586.rpm
000b10c2fbb34006a7222b1af111a42a 2008.1/i586/ruby-devel-1.8.6-9p114.2mdv2008.1.i586.rpm
3f84b7b9a3b7d293ae52464336bf7dc5 2008.1/i586/ruby-doc-1.8.6-9p114.2mdv2008.1.i586.rpm
88d2ae0a40e5614cde80ba249ff6fef9 2008.1/i586/ruby-tk-1.8.6-9p114.2mdv2008.1.i586.rpm
eb601f21a3a04aaccd8fdd98f31c553e 2008.1/SRPMS/ruby-1.8.6-9p114.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
a372532439a737e65f2685855d3c9109 2008.1/x86_64/ruby-1.8.6-9p114.2mdv2008.1.x86_64.rpm
7eaa8e8b04ad12d690f8e56fb90ada6f 2008.1/x86_64/ruby-devel-1.8.6-9p114.2mdv2008.1.x86_64.rpm
2d81cd9c9f1998c0cc18a188740b022d 2008.1/x86_64/ruby-doc-1.8.6-9p114.2mdv2008.1.x86_64.rpm
37bb46235a75babe11c37caa3e80169e 2008.1/x86_64/ruby-tk-1.8.6-9p114.2mdv2008.1.x86_64.rpm
eb601f21a3a04aaccd8fdd98f31c553e 2008.1/SRPMS/ruby-1.8.6-9p114.2mdv2008.1.src.rpm
Corporate 3.0:
e218f9c5549d5524a70fdc648be21766 corporate/3.0/i586/ruby-1.8.1-1.11.C30mdk.i586.rpm
c414540664946e719205cc8ca4263564 corporate/3.0/i586/ruby-devel-1.8.1-1.11.C30mdk.i586.rpm
34885696510659a992227caaffc7dbe2 corporate/3.0/i586/ruby-doc-1.8.1-1.11.C30mdk.i586.rpm
f226fe7a6ed268c96cc7ebba82552288 corporate/3.0/i586/ruby-tk-1.8.1-1.11.C30mdk.i586.rpm
1dfa0afea4caf035cd5ada43178c2ca6 corporate/3.0/SRPMS/ruby-1.8.1-1.11.C30mdk.src.rpm
Corporate 3.0/X86_64:
c64d31b7335cd132cc55b5cc0e83b29e corporate/3.0/x86_64/ruby-1.8.1-1.11.C30mdk.x86_64.rpm
3cca31c2e518eb9500c6961ed3b63952 corporate/3.0/x86_64/ruby-devel-1.8.1-1.11.C30mdk.x86_64.rpm
5e700cfbd59a963514bae93fb8d40dd7 corporate/3.0/x86_64/ruby-doc-1.8.1-1.11.C30mdk.x86_64.rpm
9358cc3244596e812a85e5ccf4d46f7e corporate/3.0/x86_64/ruby-tk-1.8.1-1.11.C30mdk.x86_64.rpm
1dfa0afea4caf035cd5ada43178c2ca6 corporate/3.0/SRPMS/ruby-1.8.1-1.11.C30mdk.src.rpm
Corporate 4.0:
ea4101b61511cbd99ec83ee7f9c4e45b corporate/4.0/i586/ruby-1.8.2-7.8.20060mlcs4.i586.rpm
b2390656cf0a64924b2f2f8447201f07 corporate/4.0/i586/ruby-devel-1.8.2-7.8.20060mlcs4.i586.rpm
59ebdc2d52f835bbd0a30c06516e9188 corporate/4.0/i586/ruby-doc-1.8.2-7.8.20060mlcs4.i586.rpm
a5d04af4072f84a0fcd02e8367a6e895 corporate/4.0/i586/ruby-tk-1.8.2-7.8.20060mlcs4.i586.rpm
ba2d3c2e6e80eb1a75beef6974dc4ce8 corporate/4.0/SRPMS/ruby-1.8.2-7.8.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
a3f6881a877878c369b44ebb7f4b19b6 corporate/4.0/x86_64/ruby-1.8.2-7.8.20060mlcs4.x86_64.rpm
173d10379f418d0ff45250428f4afb0b corporate/4.0/x86_64/ruby-devel-1.8.2-7.8.20060mlcs4.x86_64.rpm
4ac867f94c8edb8f905d3cb5baa38a70 corporate/4.0/x86_64/ruby-doc-1.8.2-7.8.20060mlcs4.x86_64.rpm
378b79e48075344eb0f4078e8a6a2b6b corporate/4.0/x86_64/ruby-tk-1.8.2-7.8.20060mlcs4.x86_64.rpm
ba2d3c2e6e80eb1a75beef6974dc4ce8 corporate/4.0/SRPMS/ruby-1.8.2-7.8.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJE0cxmqjQ0CJFipgRApyNAJ4kNIoxQAwjj7P4+7Z59CADJSLfzACgpYct
0C/j0PQUiS/4p83mt2eyB7k=
=C3Tt
-----END PGP SIGNATURE-----