[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 1412-1] New ruby1.9 packages fix insecure SSL certificate validation



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1412-1                  security@debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
November 24, 2007                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : ruby1.9
Vulnerability  : programming error
Problem type   : local/remote
Debian-specific: no
CVE Id(s)      : CVE-2007-5162 CVE-2007-5770

Several vulnerabilities have been discovered in Ruby, an object-oriented
scripting language. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2007-5162

    It was discovered that the Ruby HTTP(S) module performs insufficient
    validation of SSL certificates, which may lead to man-in-the-middle
    attacks.

CVE-2007-5770

    It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP
    and SMTP perform insufficient validation of SSL certificates, which
    may lead to man-in-the-middle attacks.

For the stable distribution (etch), these problems have been fixed in
version 1.9.0+20060609-1etch1. Updated packages for hppa and sparc will
be provided later.

The old stable distribution (sarge) doesn't contain ruby1.9 packages.

We recommend that you upgrade your ruby1.9 packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609.orig.tar.gz
    Size/MD5 checksum:  4450198 483d9b46a973c7e14f7586f0b1129891
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1.dsc
    Size/MD5 checksum:     1102 ab126186fcdf6957657ecc7a796d2716
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1.diff.gz
    Size/MD5 checksum:    24635 627c1adebe5c30393f61c78bd7ed8524

Architecture independent packages:

  http://security.debian.org/pool/updates/main/r/ruby1.9/rdoc1.9_1.9.0+20060609-1etch1_all.deb
    Size/MD5 checksum:   317966 ba31da840a0129e36f8e5e3cdbdc38f2
  http://security.debian.org/pool/updates/main/r/ruby1.9/ri1.9_1.9.0+20060609-1etch1_all.deb
    Size/MD5 checksum:   693558 9609c753abeb56de1340a6861df37882
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-elisp_1.9.0+20060609-1etch1_all.deb
    Size/MD5 checksum:   228790 c7680de3c4f480e47b50362dfbbc6cc2
  http://security.debian.org/pool/updates/main/r/ruby1.9/irb1.9_1.9.0+20060609-1etch1_all.deb
    Size/MD5 checksum:   255110 8ab705f6d663c5f9514bd658ab7e6cf6
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-examples_1.9.0+20060609-1etch1_all.deb
    Size/MD5 checksum:   265132 9cf18d3bc7adea316ac681e63b1f941a

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_alpha.deb
    Size/MD5 checksum:   324370 e17822d9a9e40bda497f300118bef0cc
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_alpha.deb
    Size/MD5 checksum:   235830 fbdee75ddf6467da59dd7fba95661d38
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_alpha.deb
    Size/MD5 checksum:   958976 5d5c6f6b5d9ff8ee73d7b4c3e76d9933
  http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_alpha.deb
    Size/MD5 checksum:   216232 5103972d418efcf11b74d85e742e275f
  http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_alpha.deb
    Size/MD5 checksum:   216884 e9dedb7b4604176f79cd4e58b4a17755
  http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_alpha.deb
    Size/MD5 checksum:  1879324 5f1e231d02c18d628783ea7ae9a12cb8
  http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_alpha.deb
    Size/MD5 checksum:   216888 18be35a4de25e208bccdab734ec741da
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_alpha.deb
    Size/MD5 checksum:  1890058 202b057c31c1f290ea93d297f470ba03
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_alpha.deb
    Size/MD5 checksum:   341360 507106ae5d966124e720eeade516ccf1

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_amd64.deb
    Size/MD5 checksum:  1877670 6b504064d3b9da06c8d1fe8be0b0bf3a
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_amd64.deb
    Size/MD5 checksum:  1848808 dbb9ee9eeeb2c5613f70a8e3d2637617
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_amd64.deb
    Size/MD5 checksum:   234876 156535028b15b94577dc4e4633e5ebff
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_amd64.deb
    Size/MD5 checksum:   806586 773c43721a32c24e44e8c8094f91650f
  http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_amd64.deb
    Size/MD5 checksum:   215426 6ebf982794e096d2c5bebf24f92f9ec6
  http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_amd64.deb
    Size/MD5 checksum:   322810 91e135d2d5f379ed0faf858c646e2148
  http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_amd64.deb
    Size/MD5 checksum:   215916 c3f89134875c80ff6b7c3b88bbc56bef
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_amd64.deb
    Size/MD5 checksum:   345242 e7664eae307b6959ad357c0b5ef421fc
  http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_amd64.deb
    Size/MD5 checksum:   215976 7a1a5115707c78c760a4c6503fdd3f98

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_arm.deb
    Size/MD5 checksum:  1791476 300dc9be30ca522c432b00ee915c6026
  http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_arm.deb
    Size/MD5 checksum:   214922 536a4d80d79ddf8bdd8c49319ee19cd1
  http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_arm.deb
    Size/MD5 checksum:   215586 75f2e47fe038c2a7d0e004a802e9f4a6
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_arm.deb
    Size/MD5 checksum:   236560 99c45bcd8332240fd79f2c6065d0dd4e
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_arm.deb
    Size/MD5 checksum:   364396 b9effa7cd406b65cd4316becddafff37
  http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_arm.deb
    Size/MD5 checksum:   310900 a93b0e66cbd77a78f8f18f48ebef6e13
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_arm.deb
    Size/MD5 checksum:   792192 532c1d78b722ebdf42019a5979ddc054
  http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_arm.deb
    Size/MD5 checksum:  1875584 7c71b01f46cacd514ca4f08c5b5d8941
  http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_arm.deb
    Size/MD5 checksum:   215652 e10b801d1d05b5aff98731b03045d351

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_i386.deb
    Size/MD5 checksum:   236898 446710e9933b7170337a333049eaee5f
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_i386.deb
    Size/MD5 checksum:  1751226 4444b1884c784b71902ad2a61ba3f567
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_i386.deb
    Size/MD5 checksum:   757158 711d62d5e869c1f9006559326798a52b
  http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_i386.deb
    Size/MD5 checksum:   214942 38982b66583c25c7522103a3a9eb54bc
  http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_i386.deb
    Size/MD5 checksum:   215982 79d148e2fc2175a2a70c661b08139000
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_i386.deb
    Size/MD5 checksum:   345026 bbe0ac1615f698cf82099baceb00a7c6
  http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_i386.deb
    Size/MD5 checksum:  1867168 25ed04efb273ff4897d7b05247417ada
  http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_i386.deb
    Size/MD5 checksum:   215746 00a851c1c75103533176fc7fd998da20
  http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_i386.deb
    Size/MD5 checksum:   308928 3358300bb639a29c2e8b21ced7cdc7a1

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_ia64.deb
    Size/MD5 checksum:   351012 fff4cf6d236b0108031334afdd65d658
  http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_ia64.deb
    Size/MD5 checksum:   220024 b9085af8454b394bfac281c9b79bd515
  http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_ia64.deb
    Size/MD5 checksum:   219546 83eb67d7a5163abb2f5ea650a188dd75
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_ia64.deb
    Size/MD5 checksum:   235712 8ae5a0e86166574544af29c25eebbae7
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_ia64.deb
    Size/MD5 checksum:  1094592 0822d1188d9fc3d6cb960ca10a741687
  http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_ia64.deb
    Size/MD5 checksum:  1862882 b54dd65c54f2b5345a7b6dbd5393c06c
  http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_ia64.deb
    Size/MD5 checksum:   220020 91e0487d7d3b8739d9fc537797be1936
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_ia64.deb
    Size/MD5 checksum:  2224142 7311bd4900754e9c1dbd8b22b39e7899
  http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_ia64.deb
    Size/MD5 checksum:   350428 7337d9dc53bee9e59787d8e752ed149b

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_mips.deb
    Size/MD5 checksum:   215780 c9abc5b3f35adb569bb8ad8ba447b021
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_mips.deb
    Size/MD5 checksum:   234938 6f396aaaed493d095ad2d7b9eb206594
  http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_mips.deb
    Size/MD5 checksum:   215554 9e42ee927f755d845938188b7368661f
  http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_mips.deb
    Size/MD5 checksum:   214906 5da2a002ded39e8ce78bcf9062fb9fcb
  http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_mips.deb
    Size/MD5 checksum:   300588 16420c8046f02807aba930c5fde83ebd
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_mips.deb
    Size/MD5 checksum:   371722 217781278232fccf78863910d43b6590
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_mips.deb
    Size/MD5 checksum:  1677222 69e58910f6d5e63c941b98b3d2855d43
  http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_mips.deb
    Size/MD5 checksum:  1836498 cd3c713268cf294228fa733a942152af
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_mips.deb
    Size/MD5 checksum:   871412 8190ec0ff4b79d1d0a92f09500043e44

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_mipsel.deb
    Size/MD5 checksum:  1836126 ec3b66a7b3195ade4ed5d6d57d73cf28
  http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_mipsel.deb
    Size/MD5 checksum:   215454 14d24e9a40eddef48859eb62046a3eb6
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_mipsel.deb
    Size/MD5 checksum:   234944 303fe8a90a774955f064283a02f1e423
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_mipsel.deb
    Size/MD5 checksum:   857548 d569e105874998930cff4f5f7939229e
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_mipsel.deb
    Size/MD5 checksum:   366862 d480d18423806370c3b592719d3bab0c
  http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_mipsel.deb
    Size/MD5 checksum:   215668 79862a039354f6d83ee43f9cfdc7d2e6
  http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_mipsel.deb
    Size/MD5 checksum:   298912 dff65dea9cecbb757adf7f1773206ced
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_mipsel.deb
    Size/MD5 checksum:  1666810 5d341dda049770f918991569bff711c4
  http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_mipsel.deb
    Size/MD5 checksum:   214776 8ba9bb28cdb11ee703d2224eb0a37b6d

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_powerpc.deb
    Size/MD5 checksum:   236652 79b759321a1138c27ffbf0c774ef9819
  http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_powerpc.deb
    Size/MD5 checksum:   217902 50b4417179daab09a66b260be6018e90
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_powerpc.deb
    Size/MD5 checksum:   776090 943815a68257420ea136c304eed752da
  http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_powerpc.deb
    Size/MD5 checksum:   217580 41bf17420cfc61124d4213a94d684bed
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_powerpc.deb
    Size/MD5 checksum:  1806780 fb9d4b73688f7eafc93ad7d90df625d8
  http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_powerpc.deb
    Size/MD5 checksum:  1843594 22b896c414bd19519b2efb2c3bad6c65
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_powerpc.deb
    Size/MD5 checksum:   372310 ff19b747cd3b9447a84148e71d2d0b38
  http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_powerpc.deb
    Size/MD5 checksum:   217016 b685e2ac4b0e6d210a14b2f1be487b84
  http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_powerpc.deb
    Size/MD5 checksum:   311920 f20c826b2821561036f5ff19fcf5e3d3

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_s390.deb
    Size/MD5 checksum:   883230 b77c23acbd3cb613a7fa593c7b1bf7f3
  http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_s390.deb
    Size/MD5 checksum:   234848 75d10185a3e6dba382cc58e2035421bd
  http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_s390.deb
    Size/MD5 checksum:   216842 093dd943dc7e721d6b4dd56d3befebc0
  http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_s390.deb
    Size/MD5 checksum:  1848348 85aaa572df8cde87d68f96b45773b44e
  http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_s390.deb
    Size/MD5 checksum:   217390 184dab4eb2a1f1c283ca7f8eefd66e6e
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_s390.deb
    Size/MD5 checksum:   370828 048a63b5dc4dd0f856c1104709e47e4c
  http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_s390.deb
    Size/MD5 checksum:  1854598 a7733b20dbe1ef6a4b1bb9816ee2200e
  http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_s390.deb
    Size/MD5 checksum:   327236 675462810c4a01de85938624d77a17b8
  http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_s390.deb
    Size/MD5 checksum:   216922 c365f4c180dff842703689d87dde31e8


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHSEZvXm3vHE4uyloRAo5NAJ9BGlyFf3pyKCEfpG+N+4CCeL/0wwCeKyxB
W1zS5LRqAkGdhelvs+1+jVo=
=Scva
-----END PGP SIGNATURE-----



Reply to: