Bulletin d'alerte Debian
DSA-1651-1 ruby1.8 -- Plusieurs vulnérabilités
- Date du rapport :
- 12 octobre 2008
- Paquets concernés :
- ruby1.8
- Vulnérabilité :
- Oui
- Références dans la base de données de sécurité :
- Dans le dictionnaire CVE du Mitre : CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790, CVE-2008-3905.
- Plus de précisions :
-
Plusieurs vulnérabilités ont été découvertes dans l'interpréteur du langage Ruby, qui peuvent conduire à un déni de service et à d'autres problèmes de sécurité. Le projet « Common Vulnerabilities and Exposures » (CVE) identifie les problèmes suivants.
- CVE-2008-3655
Keita Yamaguchi a découvert que plusieurs restrictions de niveau sûr ne sont pas suffisamment exécutées.
- CVE-2008-3656
Christian Neukirchen a découvert que le module WebRick utilise des algorithmes inefficaces pour séparer les en-têtes HTTP, ce qui conduit à un déni de service via un épuisement de ressource.
- CVE-2008-3657
Il a été découvert que le module dl n'exécute pas les vérifications de corruption.
- CVE-2008-3790
Luka Treiber et Mitja Kolsek ont découvert que des entités XML enchassées récursivement pouvaient conduire à un déni de service via un épuisement de ressource dans rexml.
- CVE-2008-3905
Tanaka Akira a découvert que le module resolv utilise des identifiants de transaction séquentiels et un port source fixe pour les requêtes DNS, ce qui le rend plus vulnérable aux attaques d'usurpation DNS.
Pour la distribution stable (Etch), ces problèmes ont été corrigés dans la version 1.8.5-4etch3. Les paquets pour arm seront fournis plus tard.
Pour la distribution unstable (Sid), ces problèmes ont été corrigés dans la version 1.8.7.72-1.
Nous vous recommandons de mettre à jour vos paquets ruby1.8.
- CVE-2008-3655
- Corrigé dans :
-
Debian GNU/Linux 4.0 (etch)
- Source :
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5.orig.tar.gz
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3.dsc
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3.diff.gz
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3.dsc
- Composant indépendant de l'architecture :
- http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.5-4etch3_all.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.5-4etch3_all.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.5-4etch3_all.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.5-4etch3_all.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.5-4etch3_all.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.5-4etch3_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_alpha.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_alpha.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_alpha.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_alpha.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_alpha.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_alpha.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_alpha.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_alpha.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_alpha.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_amd64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_amd64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_amd64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_amd64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_amd64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_amd64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_amd64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_amd64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_amd64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_amd64.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_hppa.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_hppa.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_hppa.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_hppa.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_hppa.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_hppa.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_hppa.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_hppa.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_hppa.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_i386.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_i386.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_i386.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_i386.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_i386.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_i386.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_i386.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_i386.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_i386.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_ia64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_ia64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_ia64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_ia64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_ia64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_ia64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_ia64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_ia64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_ia64.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_mips.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_mips.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_mips.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_mips.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_mips.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_mips.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_mips.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_mips.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_mips.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_mipsel.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_mipsel.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_mipsel.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_mipsel.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_mipsel.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_mipsel.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_mipsel.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_mipsel.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_mipsel.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_powerpc.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_powerpc.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_powerpc.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_powerpc.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_powerpc.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_powerpc.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_powerpc.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_powerpc.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_powerpc.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_s390.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_s390.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_s390.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_s390.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_s390.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_s390.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_s390.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_s390.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_s390.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_sparc.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_sparc.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_sparc.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_sparc.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_sparc.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_sparc.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_sparc.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_sparc.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_sparc.deb
- http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_sparc.deb
Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.