Описание
ELSA-2008-0561: ruby security update (MODERATE)
[1.8.5-5.el5_2.3]
- CVE-2008-2376: Integer overflow in rb_ary_fill().
[1.8.5-5.el5_2.1]
- security fixes. (#451928)
- CVE-2008-2662: Integer overflow in rb_str_buf_append().
- CVE-2008-2663: Integer overflow in rb_ary_store().
- CVE-2008-2664: Unsafe use of alloca in rb_str_format().
- CVE-2008-2725: Integer overflow in rb_ary_splice().
- CVE-2008-2726: Integer overflow in rb_ary_splice().
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
ruby
1.8.5-5.el5_2.3
ruby-devel
1.8.5-5.el5_2.3
ruby-docs
1.8.5-5.el5_2.3
ruby-irb
1.8.5-5.el5_2.3
ruby-libs
1.8.5-5.el5_2.3
ruby-mode
1.8.5-5.el5_2.3
ruby-rdoc
1.8.5-5.el5_2.3
ruby-ri
1.8.5-5.el5_2.3
ruby-tcltk
1.8.5-5.el5_2.3
Oracle Linux i386
ruby
1.8.5-5.el5_2.3
ruby-devel
1.8.5-5.el5_2.3
ruby-docs
1.8.5-5.el5_2.3
ruby-irb
1.8.5-5.el5_2.3
ruby-libs
1.8.5-5.el5_2.3
ruby-mode
1.8.5-5.el5_2.3
ruby-rdoc
1.8.5-5.el5_2.3
ruby-ri
1.8.5-5.el5_2.3
ruby-tcltk
1.8.5-5.el5_2.3
Ссылки на источники
Связанные уязвимости
Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.
Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.
Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.
Multiple integer overflows in the rb_str_buf_append function in Ruby 1 ...
Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.