USN-805-1: Ruby vulnerabilities

Releases

• Ubuntu 9.04
• Ubuntu 8.10
• Ubuntu 8.04
• Ubuntu 6.06

Packages

• ruby1.8 -
• ruby1.9 -

Details

It was discovered that Ruby did not properly validate certificates. An
attacker could exploit this and present invalid or revoked X.509
certificates. (CVE-2009-0642)

It was discovered that Ruby did not properly handle string arguments that
represent large numbers. An attacker could exploit this and cause a denial
of service. (CVE-2009-1904)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.04

• ruby1.8 - 1.8.7.72-3ubuntu0.1
• ruby1.9 - 1.9.0.2-9ubuntu1.1
• libruby1.8 - 1.8.7.72-3ubuntu0.1
• libruby1.9 - 1.9.0.2-9ubuntu1.1

Ubuntu 8.10

• ruby1.8 - 1.8.7.72-1ubuntu0.2
• ruby1.9 - 1.9.0.2-7ubuntu1.2
• libruby1.8 - 1.8.7.72-1ubuntu0.2
• libruby1.9 - 1.9.0.2-7ubuntu1.2

Ubuntu 8.04

• ruby1.8 - 1.8.6.111-2ubuntu1.3
• libruby1.8 - 1.8.6.111-2ubuntu1.3

Ubuntu 6.06

• ruby1.8 - 1.8.4-1ubuntu1.7
• libruby1.8 - 1.8.4-1ubuntu1.7

In general, a standard system upgrade is sufficient to effect the
necessary changes.

References

• CVE-2009-0642
• CVE-2009-1904

Related notices

• USN-900-1: ruby1.9, libruby1.9