New User, Welcome!     Login

Tanaka Akira

[ GLSA 200812-17 ] Ruby: Multiple vulnerabilities

* Memory corruption ("beg + rlen") in the rb_ary_splice() and
  rb_ary_replace() functions (CVE-2008-2726).

Furthermore, several other vulnerabilities have been reported:

* Tanaka Akira reported an issue with resolv.rb that enables
  attackers to spoof DNS responses (CVE-2008-1447).

* Akira Tagoh of RedHat discovered a Denial of Service (crash) issue
  in the rb_ary_fill() function in array.c (CVE-2008-2376).

[SECURITY] [DSA 1652-1] New ruby1.9 packages fix several vulnerabilities

    XML entities can lead to denial of service through resource
    exhaustion in rexml.

CVE-2008-3905

    Tanaka Akira discovered that the resolv module uses sequential
    transaction IDs and a fixed source port for DNS queries, which
    makes it more vulnerable to DNS spoofing attacks.

For the stable distribution (etch), these problems have been fixed in
version 1.9.0+20060609-1etch3. Packages for arm will be provided later.

[SECURITY] [DSA 1651-1] New ruby1.8 packages fix several vulnerabilities

    XML entities can lead to denial of service through resource
    exhaustion in rexml.

CVE-2008-3905

    Tanaka Akira discovered that the resolv module uses sequential
    transaction IDs and a fixed source port for DNS queries, which
    makes it more vulnerable to DNS spoofing attacks.

For the stable distribution (etch), these problems have been fixed in
version 1.8.5-4etch3. Packages for arm will be provided later.


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!