Your submission was sent successfully! Close

USN-805-1: Ruby vulnerabilities

20 July 2009

Ruby vulnerabilities

Releases

Packages

Details

It was discovered that Ruby did not properly validate certificates. An
attacker could exploit this and present invalid or revoked X.509
certificates. (CVE-2009-0642)

It was discovered that Ruby did not properly handle string arguments that
represent large numbers. An attacker could exploit this and cause a denial
of service. (CVE-2009-1904)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.04
Ubuntu 8.10
Ubuntu 8.04
Ubuntu 6.06

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Related notices