|
|
Family: Ubuntu Local Security Checks --> Category: infos
USN195-1 : ruby1.8 vulnerability Vulnerability Scan
Vulnerability Scan Summary
ruby1.8 vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- irb1.8
- libbigdecimal-ruby1.8
- libcurses-ruby1.8
- libdbm-ruby1.8
- libdl-ruby1.8
- libdrb-ruby1.8
- liberb-ruby1.8
- libgdbm-ruby1.8
- libiconv-ruby1.8
- libopenssl-ruby1.8
- libpty-ruby1.8
- libracc-runtime-ruby1.8
- libreadline-ruby1.8
- librexml-ruby1.8
- libruby1.8
- libruby1.8-dbg
- libsdbm-ruby1.8
- libsoap-ruby1.8
- libstrscan-ruby1.8
- libsyslog-ruby1.8
- libtcltk-ruby1.8
- libtest-unit-ruby1.8
- libtk-ruby1.8
- libweb
[...]
Description :
The object oriented scripting language Ruby supports safely executing
untrusted code with two mechanisms: safe level and taint flag on
objects. Dr. Yutaka Oiwa discovered a vulnerability that allows
Ruby methods to bypass these mechanisms. In systems which use this
feature, this could be exploited to execute Ruby code beyond the
restrictions specified in each safe level.
Solution :
Upgrade to :
- irb1.8-1.8.1+1.8.2pre4-1ubuntu0.2 (Ubuntu 5.04)
- libbigdecimal-ruby1.8-1.8.1+1.8.2pre4-1ubuntu0.2 (Ubuntu 5.04)
- libcurses-ruby1.8-1.8.1+1.8.2pre4-1ubuntu0.2 (Ubuntu 5.04)
- libdbm-ruby1.8-1.8.1+1.8.2pre4-1ubuntu0.2 (Ubuntu 5.04)
- libdl-ruby1.8-1.8.1+1.8.2pre4-1ubuntu0.2 (Ubuntu 5.04)
- libdrb-ruby1.8-1.8.1+1.8.2pre4-1ubuntu0.2 (Ubuntu 5.04)
- liberb-ruby1.8-1.8.1+1.8.2pre4-1ubuntu0.2 (Ubuntu 5.04)
- libgdbm-ruby1.8-1.8.1+1.8.2pre4-1ubuntu0.2 (Ubuntu 5.04)
- libiconv-ruby1.8-1.8.1+1.8.2p
[...]
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
