CentOS Update For Ruby CESA-2008:0895-02 Centos2 I386 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Ruby is an interpreted scripting language for quick and easy object-oriented programming. A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655) A denial of service flaw was found in Ruby's regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite-loop and crash. (CVE-2008-3443) Users of ruby should upgrade to these updated packages, which contain backported patches to resolve these issues.

Affected

ruby on CentOS 2

References

http://lists.centos.org/pipermail/centos-announce/2008-October/015336.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-3443, CVE-2008-3655

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

CentOS Security Advisory CESA-2009:1102 (cscope)
CentOS Security Advisory CESA-2009:0429 (cups)
CentOS Security Advisory CESA-2009:0480 (poppler)
CentOS Security Advisory CESA-2009:1307 (ecryptfs-utils)
CentOS Security Advisory CESA-2009:0458 (gpdf)

CentOS Update for ruby CESA-2008:0895-02 centos2 i386

Take action and discover your vulnerabilities