Ubuntu Update For Ruby1.8 Vulnerabilities USN-621-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-621-1

Solution

Please Install the Updated Packages.

Insight

Drew Yao discovered several vulnerabilities in Ruby which lead to integer overflows. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2662, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726) Drew Yao discovered that Ruby did not sanitize its input when using ALLOCA. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service via memory corruption. (CVE-2008-2664)

Affected

ruby1.8 vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-June/000723.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-2662, CVE-2008-2663, CVE-2008-2664, CVE-2008-2725, CVE-2008-2726

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Ubuntu Update for ruby1.8 vulnerabilities USN-621-1

Take action and discover your vulnerabilities