You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa ruby

Sigurnosni nedostaci programskog paketa ruby

==========================================================================
Ubuntu Security Notice USN-2397-1
November 04, 2014

ruby1.8, ruby1.9.1, ruby2.0, ruby2.1 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.10
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in Ruby.

Software Description:
– ruby2.0: Object-oriented scripting language
– ruby2.1: Object-oriented scripting language
– ruby1.9.1: Object-oriented scripting language
– ruby1.8: Object-oriented scripting language

Details:

Will Wood discovered that Ruby incorrectly handled the encodes() function.
An attacker could possibly use this issue to cause Ruby to crash, resulting
in a denial of service, or possibly execute arbitrary code. The default
compiler options for affected releases should reduce the vulnerability to a
denial of service. (CVE-2014-4975)

Willis Vandevanter discovered that Ruby incorrectly handled XML entity
expansion. An attacker could use this flaw to cause Ruby to consume large
amounts of resources, resulting in a denial of service. (CVE-2014-8080)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
libruby2.0 2.0.0.484+really457-3ubuntu1.1
libruby2.1 2.1.2-2ubuntu1.1
ruby2.0 2.0.0.484+really457-3ubuntu1.1
ruby2.1 2.1.2-2ubuntu1.1

Ubuntu 14.04 LTS:
libruby1.9.1 1.9.3.484-2ubuntu1.1
libruby2.0 2.0.0.484-1ubuntu2.1
ruby1.9.1 1.9.3.484-2ubuntu1.1
ruby2.0 2.0.0.484-1ubuntu2.1

Ubuntu 12.04 LTS:
libruby1.8 1.8.7.352-2ubuntu1.5
libruby1.9.1 1.9.3.0-1ubuntu2.9
ruby1.8 1.8.7.352-2ubuntu1.5
ruby1.9.1 1.9.3.0-1ubuntu2.9

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2397-1
CVE-2014-4975, CVE-2014-8080

Package Information:
https://launchpad.net/ubuntu/+source/ruby2.0/2.0.0.484+really457-3ubuntu1.1
https://launchpad.net/ubuntu/+source/ruby2.1/2.1.2-2ubuntu1.1
https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.484-2ubuntu1.1
https://launchpad.net/ubuntu/+source/ruby2.0/2.0.0.484-1ubuntu2.1
https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.352-2ubuntu1.5
https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.0-1ubuntu2.9

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJUWSqxAAoJEGVp2FWnRL6TYkcQAKzT4iB4R7lFkzB7dsO/NNnT
/+aagYUqU9t6DuEwMWV9nbeAqSrRgqzcQPxiYq5hPvn1ECQoK/GbfxVcE4x9Spz+
9c0N1Lg+PsLKthkSsQuWNnFc7LS+Y3OM7b8Dq/7PykA/qEzgO2NaEMEmBZcNeNfq
BklBaWjhdI3FYpZaF+Ty0a/uShmX/6Q3nOcEGiUAAJr0LdtzCFLCvZ2kJVDpjX4o
6/Bz3I9ljveUQowKPnBbSpguOJQTeJAKmmvwt6fYZOOfmp/uUKuu+lp+0NZwmQ5x
lf47JFRPYP9O4VD0YUJwdv+uwNI2QHjmv3ym3p4g1fymvQ9stfYr2giKpCiXOj6g
wLsjFn/RuVJohiJb2sUop429JlNXFplbacZu5oO0pt7Rv0TPhN66suWMQbIXWBas
S0aJsKsIp0iMgn003olilSwBkOGvM+JZLK7cwfLFab4zkR/Vq+As1fRySfdhDEwg
PkvjBkS5BSJ9bMjsP1gid965JsQMOf8rMIs92GHkhz1stfDf9Z35JcjuW7OYKXKo
uMfJ4rlJWEmkiTMLXnRTG1J9ssExYDICBx5fX49LqfQ0LWzqn+4dcJSkV35RosYq
cDoVTpR/v8fQXF7RGYdU0UU5NnG2mFhbpyM+9Gnp+PmpgNq7CGVrP0JlVKSt5pDo
DddF6qxPvF0bMngTj74N
=2lsG
—–END PGP SIGNATURE—–

Top
More in Preporuke
Ranjivosti programskog paketa openssl1

Izdane su zakrpe za otklanjanje četriri ranjivosti kod paketa openssl1 za SUSE LE Security Module 11 SP3. Dvije ranjivosti posljedica...

Close