Your submission was sent successfully! Close

USN-325-1: ruby1.8 vulnerability

28 July 2006

ruby1.8 vulnerability



The alias function, certain directory operations, and regular
expressions did not correctly implement safe levels. Depending on the
application these flaws might allow attackers to bypass safe level
restrictions and perform unintended operations.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.06
  • ruby1.8 - 1.8.4-1ubuntu1.1
  • libruby1.8 - 1.8.4-1ubuntu1.1
Ubuntu 5.10
  • ruby1.8 - 1.8.2-9ubuntu1.2
  • libruby1.8 - 1.8.2-9ubuntu1.2
Ubuntu 5.04
  • ruby1.8 - 1.8.1+1.8.2pre4-1ubuntu0.4
  • libruby1.8 - 1.8.1+1.8.2pre4-1ubuntu0.4

In general, a standard system upgrade is sufficient to effect the
necessary changes.