USN-805-1: Ruby vulnerabilities
20 July 2009
Ruby vulnerabilities
Releases
Packages
Details
It was discovered that Ruby did not properly validate certificates. An
attacker could exploit this and present invalid or revoked X.509
certificates. (CVE-2009-0642)
It was discovered that Ruby did not properly handle string arguments that
represent large numbers. An attacker could exploit this and cause a denial
of service. (CVE-2009-1904)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 9.04
-
ruby1.8
-
1.8.7.72-3ubuntu0.1
-
ruby1.9
-
1.9.0.2-9ubuntu1.1
-
libruby1.8
-
1.8.7.72-3ubuntu0.1
-
libruby1.9
-
1.9.0.2-9ubuntu1.1
Ubuntu 8.10
-
ruby1.8
-
1.8.7.72-1ubuntu0.2
-
ruby1.9
-
1.9.0.2-7ubuntu1.2
-
libruby1.8
-
1.8.7.72-1ubuntu0.2
-
libruby1.9
-
1.9.0.2-7ubuntu1.2
Ubuntu 8.04
Ubuntu 6.06
In general, a standard system upgrade is sufficient to effect the
necessary changes.