Debian Security Advisory DSA 1139-1 (ruby1.6) Network Vulnerability

Summary

The remote host is missing an update to ruby1.6 announced via advisory DSA 1139-1. It was discovered that the interpreter for the Ruby language does not properly maintain safe levels for aliasing, directory accesses and regular expressions, which might lead to a bypass of security restrictions.

Solution

For the stable distribution (sarge) this problem has been fixed in version 1.6.8-12sarge2. The unstable distribution (sid) does no longer contain ruby1.6 packages. We recommend that you upgrade your Ruby packages. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201139-1

Severity

Classification

CVE CVE-2006-3694

CVSS	Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 062-1 (rxvt)
Debian Security Advisory DSA 1141-1 (gnupg2)
Debian Security Advisory DSA 1140-1 (gnupg)
Debian Security Advisory DSA 1059-1 (quagga)
Debian Security Advisory DSA 080-1 (htdig)

Take action and discover your vulnerabilities