ID OPENVAS:64314 Type openvas Reporter Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com Modified 2017-07-07T00:00:00
Description
The remote host is missing updates announced in
advisory GLSA 200906-02.
#
# OpenVAS Vulnerability Test
# $
# Description: Auto generated from Gentoo's XML based advisory
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "A flaw in the Ruby standard library might allow remote attackers to cause a
Denial of Service attack.";
tag_solution = "All Ruby users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-lang/ruby-1.8.6_p369'
http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200906-02
http://bugs.gentoo.org/show_bug.cgi?id=273213";
tag_summary = "The remote host is missing updates announced in
advisory GLSA 200906-02.";
if(description)
{
script_id(64314);
script_version("$Revision: 6595 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $");
script_tag(name:"creation_date", value:"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)");
script_cve_id("CVE-2009-1904");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_name("Gentoo Security Advisory GLSA 200906-02 (ruby)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
script_family("Gentoo Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-gentoo.inc");
res = "";
report = "";
if ((res = ispkgvuln(pkg:"dev-lang/ruby", unaffected: make_list("ge 1.8.6_p369"), vulnerable: make_list("lt 1.8.6_p369"))) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:64314", "type": "openvas", "bulletinFamily": "scanner", "title": "Gentoo Security Advisory GLSA 200906-02 (ruby)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200906-02.", "published": "2009-06-30T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=64314", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2009-1904"], "lastseen": "2017-07-24T12:56:24", "viewCount": 0, "enchantments": {"score": {"value": 7.6, "vector": "NONE", "modified": "2017-07-24T12:56:24", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-1904"]}, {"type": "slackware", "idList": ["SSA-2009-170-02"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231064520", "OPENVAS:1361412562310900570", "OPENVAS:64203", "OPENVAS:136141256231064314", "OPENVAS:64520", "OPENVAS:136141256231064257", "OPENVAS:136141256231064462", "OPENVAS:900570", "OPENVAS:64257", "OPENVAS:136141256231064203"]}, {"type": "gentoo", "idList": ["GLSA-200906-02"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22097", "SECURITYVULNS:VULN:10024"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_62E0FBE5579811DEBB78001CC0377035.NASL", "SLACKWARE_SSA_2009-170-02.NASL", "MANDRIVA_MDVSA-2009-325.NASL", "CENTOS_RHSA-2009-1140.NASL", "UBUNTU_USN-805-1.NASL", "GENTOO_GLSA-200906-02.NASL", "DEBIAN_DSA-1860.NASL", "FEDORA_2009-13066.NASL", "MANDRIVA_MDVSA-2009-160.NASL", "REDHAT-RHSA-2009-1140.NASL"]}, {"type": "freebsd", "idList": ["62E0FBE5-5798-11DE-BB78-001CC0377035"]}, {"type": "seebug", "idList": ["SSV:11656"]}, {"type": "ubuntu", "idList": ["USN-805-1", "USN-900-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1860-1:272C6"]}, {"type": "fedora", "idList": ["FEDORA:1A83510F85C", "FEDORA:ED49A10FB17"]}, {"type": "centos", "idList": ["CESA-2009:1140"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1140"]}, {"type": "redhat", "idList": ["RHSA-2009:1140"]}, {"type": "suse", "idList": ["SUSE-SA:2009:037"]}, {"type": "threatpost", "idList": ["THREATPOST:4F867C686B7E31697E158FBD04A5DD35"]}], "modified": "2017-07-24T12:56:24", "rev": 2}, "vulnersScore": 7.6}, "pluginID": "64314", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A flaw in the Ruby standard library might allow remote attackers to cause a\n Denial of Service attack.\";\ntag_solution = \"All Ruby users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/ruby-1.8.6_p369'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200906-02\nhttp://bugs.gentoo.org/show_bug.cgi?id=273213\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200906-02.\";\n\n \n \n\nif(description)\n{\n script_id(64314);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2009-1904\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200906-02 (ruby)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-lang/ruby\", unaffected: make_list(\"ge 1.8.6_p369\"), vulnerable: make_list(\"lt 1.8.6_p369\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Gentoo Local Security Checks"}
{"cve": [{"lastseen": "2021-02-02T05:40:02", "description": "The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.", "edition": 4, "cvss3": {}, "published": "2009-06-11T21:30:00", "title": "CVE-2009-1904", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1904"], "modified": "2017-09-29T01:34:00", "cpe": ["cpe:/a:ruby-lang:ruby:1.8.6", "cpe:/a:ruby-lang:ruby:1.8.7"], "id": "CVE-2009-1904", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1904", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*"]}], "slackware": [{"lastseen": "2019-05-30T07:37:29", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1904"], "description": "New ruby packages are available for Slackware 11.0, 12.0, 12.1, 12.2,\nand -current to fix a security issue.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1904\n\n\nHere are the details from the Slackware 12.2 ChangeLog:\n\npatches/packages/ruby-1.8.7_p174-i486-1_slack12.2.tgz: Upgraded.\n This fixes a denial of service issue caused by the BigDecimal method\n handling large input values improperly that may allow attackers to\n crash the interpreter. The issue affects most Rails applications.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1904\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/ruby-1.8.6_p369-i486-1_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/ruby-1.8.6_p369-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/ruby-1.8.6_p369-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/ruby-1.8.7_p174-i486-1_slack12.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/ruby-1.8.7_p174-i486-1.txz\n\nUpdated package for Slackware64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/ruby-1.8.7_p174-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 11.0 package:\n22fb801042d7dc35e1b86ed255a8bd7b ruby-1.8.6_p369-i486-1_slack11.0.tgz\n\nSlackware 12.0 package:\n6b84e678c5b44f4dc377adcc3559c213 ruby-1.8.6_p369-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n3feef33d7bb4a08d68f1c5f1a6632591 ruby-1.8.6_p369-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\n6bb863701e2d6e816b659e859511bb3d ruby-1.8.7_p174-i486-1_slack12.2.tgz\n\nSlackware -current package:\ne6ab7003f01736c02ab8e5457711246d ruby-1.8.7_p174-i486-1.txz\n\nSlackware64 -current package:\n00865047650f7b36ff427722526bcce2 ruby-1.8.7_p174-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg ruby-1.8.7_p174-i486-1_slack12.2.tgz", "modified": "2009-06-19T18:18:56", "published": "2009-06-19T18:18:56", "id": "SSA-2009-170-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.430805", "type": "slackware", "title": "ruby", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2018-04-06T11:39:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1904"], "description": "The remote host is missing an update to ruby\nannounced via advisory MDVSA-2009:160.", "modified": "2018-04-06T00:00:00", "published": "2009-07-29T00:00:00", "id": "OPENVAS:136141256231064462", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064462", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:160 (ruby)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_160.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:160 (ruby)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before\np173 allows context-dependent attackers to cause a denial of service\n(application crash) via a string argument that represents a large\nnumber, as demonstrated by an attempted conversion to the Float\ndata type.\n\nThis update corrects the problem.\n\nAffected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:160\";\ntag_summary = \"The remote host is missing an update to ruby\nannounced via advisory MDVSA-2009:160.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64462\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1904\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:160 (ruby)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.6~9p114.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.6~9p114.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-doc\", rpm:\"ruby-doc~1.8.6~9p114.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-tk\", rpm:\"ruby-tk~1.8.6~9p114.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.7~7p72.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.7~7p72.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-doc\", rpm:\"ruby-doc~1.8.7~7p72.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-tk\", rpm:\"ruby-tk~1.8.7~7p72.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.7~9p72.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.7~9p72.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-doc\", rpm:\"ruby-doc~1.8.7~9p72.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-tk\", rpm:\"ruby-tk~1.8.7~9p72.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.1~1.12.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.1~1.12.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-doc\", rpm:\"ruby-doc~1.8.1~1.12.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-tk\", rpm:\"ruby-tk~1.8.1~1.12.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.2~7.9.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.2~7.9.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-doc\", rpm:\"ruby-doc~1.8.2~7.9.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-tk\", rpm:\"ruby-tk~1.8.2~7.9.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1904"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-04-06T00:00:00", "published": "2009-06-15T00:00:00", "id": "OPENVAS:136141256231064203", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064203", "type": "openvas", "title": "FreeBSD Ports: ruby, ruby+pthreads, ruby+pthreads+oniguruma, ruby+oniguruma", "sourceData": "#\n#VID 62e0fbe5-5798-11de-bb78-001cc0377035\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 62e0fbe5-5798-11de-bb78-001cc0377035\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n ruby\n ruby+pthreads\n ruby+pthreads+oniguruma\n ruby+oniguruma\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/\nhttp://www.vuxml.org/freebsd/62e0fbe5-5798-11de-bb78-001cc0377035.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64203\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-15 19:20:43 +0200 (Mon, 15 Jun 2009)\");\n script_cve_id(\"CVE-2009-1904\");\n script_bugtraq_id(35278);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: ruby, ruby+pthreads, ruby+pthreads+oniguruma, ruby+oniguruma\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"ruby\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.8.*,1\")>=0 && revcomp(a:bver, b:\"1.8.7.160_1,1\")<0) {\n txt += 'Package ruby version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ruby+pthreads\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.8.*,1\")>=0 && revcomp(a:bver, b:\"1.8.7.160_1,1\")<0) {\n txt += 'Package ruby+pthreads version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ruby+pthreads+oniguruma\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.8.*,1\")>=0 && revcomp(a:bver, b:\"1.8.7.160_1,1\")<0) {\n txt += 'Package ruby+pthreads+oniguruma version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ruby+oniguruma\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.8.*,1\")>=0 && revcomp(a:bver, b:\"1.8.7.160_1,1\")<0) {\n txt += 'Package ruby+oniguruma version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-07-21T22:09:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1904"], "description": "The host is installed with Ruby and is prone to denial of\n service vulnerability.", "modified": "2020-07-14T00:00:00", "published": "2009-06-23T00:00:00", "id": "OPENVAS:1361412562310900570", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900570", "type": "openvas", "title": "Ruby BigDecimal Library Denial of Service Vulnerability (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ruby BigDecimal Library Denial of Service Vulnerability (Linux)\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900570\");\n script_version(\"2020-07-14T14:24:25+0000\");\n script_tag(name:\"last_modification\", value:\"2020-07-14 14:24:25 +0000 (Tue, 14 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 10:30:45 +0200 (Tue, 23 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2009-1904\");\n script_bugtraq_id(35278);\n script_name(\"Ruby BigDecimal Library Denial of Service Vulnerability (Linux)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/34135\");\n script_xref(name:\"URL\", value:\"http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/\");\n\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_ruby_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"ruby/detected\", \"Host/runs_unixoide\");\n\n script_tag(name:\"impact\", value:\"Attackers can exploit this issue to crash an application using this library.\");\n\n script_tag(name:\"affected\", value:\"Ruby 1.8.6 to 1.8.6-p368 and 1.8.7 to 1.8.7-p172 on Linux.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an error within the BigDecimal standard library\n when trying to convert BigDecimal objects into floating point numbers\n which leads to segmentation fault.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to 1.8.6-p369 or 1.8.7-p174.\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Ruby and is prone to denial of\n service vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:ruby-lang:ruby\";\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE))\n exit(0);\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif(version_in_range(version:version, test_version:\"1.8.6\", test_version2:\"1.8.6.367\")) {\n report = report_fixed_ver(installed_version:version, fixed_version:\"1.8.6-p369\", install_path:location);\n security_message(data:report, port:port);\n exit(0);\n}\n\nif(version_in_range(version:version, test_version:\"1.8.7\", test_version2:\"1.8.7.172\")) {\n report = report_fixed_ver(installed_version:version, fixed_version:\"1.8.7-p174\", install_path:location);\n security_message(data:report, port:port);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-02T21:14:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1904"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-12-23T00:00:00", "published": "2009-06-15T00:00:00", "id": "OPENVAS:64203", "href": "http://plugins.openvas.org/nasl.php?oid=64203", "type": "openvas", "title": "FreeBSD Ports: ruby, ruby+pthreads, ruby+pthreads+oniguruma, ruby+oniguruma", "sourceData": "#\n#VID 62e0fbe5-5798-11de-bb78-001cc0377035\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 62e0fbe5-5798-11de-bb78-001cc0377035\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n ruby\n ruby+pthreads\n ruby+pthreads+oniguruma\n ruby+oniguruma\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/\nhttp://www.vuxml.org/freebsd/62e0fbe5-5798-11de-bb78-001cc0377035.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(64203);\n script_version(\"$Revision: 4847 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-23 10:33:16 +0100 (Fri, 23 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-15 19:20:43 +0200 (Mon, 15 Jun 2009)\");\n script_cve_id(\"CVE-2009-1904\");\n script_bugtraq_id(35278);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: ruby, ruby+pthreads, ruby+pthreads+oniguruma, ruby+oniguruma\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"ruby\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.8.*,1\")>=0 && revcomp(a:bver, b:\"1.8.7.160_1,1\")<0) {\n txt += 'Package ruby version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ruby+pthreads\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.8.*,1\")>=0 && revcomp(a:bver, b:\"1.8.7.160_1,1\")<0) {\n txt += 'Package ruby+pthreads version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ruby+pthreads+oniguruma\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.8.*,1\")>=0 && revcomp(a:bver, b:\"1.8.7.160_1,1\")<0) {\n txt += 'Package ruby+pthreads+oniguruma version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ruby+oniguruma\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.8.*,1\")>=0 && revcomp(a:bver, b:\"1.8.7.160_1,1\")<0) {\n txt += 'Package ruby+oniguruma version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1904"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-170-02.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231064257", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064257", "type": "openvas", "title": "Slackware Advisory SSA:2009-170-02 ruby", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_170_02.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64257\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2009-1904\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2009-170-02 ruby\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(11\\.0|12\\.0|12\\.1|12\\.2)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-170-02\");\n\n script_tag(name:\"insight\", value:\"New ruby packages are available for Slackware 11.0, 12.0, 12.1, 12.2,\nand -current to fix a security issue.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2009-170-02.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"ruby\", ver:\"1.8.6_p369-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"ruby\", ver:\"1.8.6_p369-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"ruby\", ver:\"1.8.6_p369-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"ruby\", ver:\"1.8.7_p174-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-04-06T11:38:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1904"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200906-02.", "modified": "2018-04-06T00:00:00", "published": "2009-06-30T00:00:00", "id": "OPENVAS:136141256231064314", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064314", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200906-02 (ruby)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A flaw in the Ruby standard library might allow remote attackers to cause a\n Denial of Service attack.\";\ntag_solution = \"All Ruby users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/ruby-1.8.6_p369'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200906-02\nhttp://bugs.gentoo.org/show_bug.cgi?id=273213\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200906-02.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64314\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2009-1904\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200906-02 (ruby)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-lang/ruby\", unaffected: make_list(\"ge 1.8.6_p369\"), vulnerable: make_list(\"lt 1.8.6_p369\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:14:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1904"], "description": "The host is installed with Ruby and is prone to denial of\n service vulnerability.", "modified": "2017-01-27T00:00:00", "published": "2009-06-23T00:00:00", "id": "OPENVAS:900570", "href": "http://plugins.openvas.org/nasl.php?oid=900570", "type": "openvas", "title": "Ruby BigDecimal Library Denial of Service Vulnerability (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ruby_bigdecimal_lib_dos_vuln.nasl 5122 2017-01-27 12:16:00Z teissa $\n#\n# Ruby BigDecimal Library Denial of Service Vulnerability (Linux)\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Attackers can exploit this issue to crash an application using this library.\n Impact Level: Application\";\ntag_affected = \"Ruby 1.8.6 to 1.8.6-p368 and 1.8.7 to 1.8.7-p172 on Linux.\";\ntag_insight = \"The flaw is due to an error within the BigDecimal standard library\n when trying to convert BigDecimal objects into floating point numbers\n which leads to segmentation fault.\";\ntag_solution = \"Upgrade to 1.8.6-p369 or 1.8.7-p174.\n http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/\";\ntag_summary = \"The host is installed with Ruby and is prone to denial of\n service vulnerability.\";\n\nif(description)\n{\n script_id(900570);\n script_version(\"$Revision: 5122 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-01-27 13:16:00 +0100 (Fri, 27 Jan 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 10:30:45 +0200 (Tue, 23 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2009-1904\");\n script_bugtraq_id(35278);\n script_name(\"Ruby BigDecimal Library Denial of Service Vulnerability (Linux)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/34135\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/docs/changelogs/linux/964\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_ruby_detect_lin.nasl\");\n script_require_keys(\"Ruby/Lin/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nif(!rubyVer){\n exit(0);\n}\n\nif(version_in_range(version:rubyVer, test_version:\"1.8.6\", test_version2:\"1.8.6.p367\")||\n version_in_range(version:rubyVer, test_version:\"1.8.7\", test_version2:\"1.8.7.p172\")){\n security_message(0);\nrubyVer = get_kb_item(\"Ruby/Lin/Ver\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1904"], "description": "The remote host is missing an update to ruby\nannounced via advisory MDVSA-2009:177.", "modified": "2018-04-06T00:00:00", "published": "2009-08-17T00:00:00", "id": "OPENVAS:136141256231064520", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064520", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:177 (ruby)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_177.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:177 (ruby)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before\np173 allows context-dependent attackers to cause a denial of service\n(application crash) via a string argument that represents a large\nnumber, as demonstrated by an attempted conversion to the Float\ndata type.\n\nThis update corrects the problem.\n\nAffected: Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:177\";\ntag_summary = \"The remote host is missing an update to ruby\nannounced via advisory MDVSA-2009:177.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64520\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1904\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:177 (ruby)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.7~7p72.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.7~7p72.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-doc\", rpm:\"ruby-doc~1.8.7~7p72.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-tk\", rpm:\"ruby-tk~1.8.7~7p72.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1904"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-170-02.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:64257", "href": "http://plugins.openvas.org/nasl.php?oid=64257", "type": "openvas", "title": "Slackware Advisory SSA:2009-170-02 ruby", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_170_02.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New ruby packages are available for Slackware 11.0, 12.0, 12.1, 12.2,\nand -current to fix a security issue.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2009-170-02.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-170-02\";\n \nif(description)\n{\n script_id(64257);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2009-1904\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2009-170-02 ruby \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"ruby\", ver:\"1.8.6_p369-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"ruby\", ver:\"1.8.6_p369-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"ruby\", ver:\"1.8.6_p369-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"ruby\", ver:\"1.8.7_p174-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1904"], "description": "The remote host is missing an update to ruby\nannounced via advisory MDVSA-2009:160.", "modified": "2017-07-06T00:00:00", "published": "2009-07-29T00:00:00", "id": "OPENVAS:64462", "href": "http://plugins.openvas.org/nasl.php?oid=64462", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:160 (ruby)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_160.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:160 (ruby)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before\np173 allows context-dependent attackers to cause a denial of service\n(application crash) via a string argument that represents a large\nnumber, as demonstrated by an attempted conversion to the Float\ndata type.\n\nThis update corrects the problem.\n\nAffected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:160\";\ntag_summary = \"The remote host is missing an update to ruby\nannounced via advisory MDVSA-2009:160.\";\n\n \n\nif(description)\n{\n script_id(64462);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1904\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:160 (ruby)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.6~9p114.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.6~9p114.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-doc\", rpm:\"ruby-doc~1.8.6~9p114.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-tk\", rpm:\"ruby-tk~1.8.6~9p114.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.7~7p72.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.7~7p72.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-doc\", rpm:\"ruby-doc~1.8.7~7p72.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-tk\", rpm:\"ruby-tk~1.8.7~7p72.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.7~9p72.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.7~9p72.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-doc\", rpm:\"ruby-doc~1.8.7~9p72.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-tk\", rpm:\"ruby-tk~1.8.7~9p72.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.1~1.12.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.1~1.12.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-doc\", rpm:\"ruby-doc~1.8.1~1.12.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-tk\", rpm:\"ruby-tk~1.8.1~1.12.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.2~7.9.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.2~7.9.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-doc\", rpm:\"ruby-doc~1.8.2~7.9.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-tk\", rpm:\"ruby-tk~1.8.2~7.9.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:02", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1904"], "description": "### Background\n\nRuby is an interpreted object-oriented programming language. The elaborate standard library includes the \"BigDecimal\" class. \n\n### Description\n\nTadayoshi Funaba reported that BigDecimal in ext/bigdecimal/bigdecimal.c does not properly handle string arguments containing overly long numbers. \n\n### Impact\n\nA remote attacker could exploit this issue to remotely cause a Denial of Service attack. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Ruby users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/ruby-1.8.6_p369\"", "edition": 1, "modified": "2009-06-28T00:00:00", "published": "2009-06-28T00:00:00", "id": "GLSA-200906-02", "href": "https://security.gentoo.org/glsa/200906-02", "type": "gentoo", "title": "Ruby: Denial of Service", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "cvelist": ["CVE-2009-1904"], "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200906-02\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: Ruby: Denial of Service\r\n Date: June 28, 2009\r\n Bugs: #273213\r\n ID: 200906-02\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nA flaw in the Ruby standard library might allow remote attackers to\r\ncause a Denial of Service attack.\r\n\r\nBackground\r\n==========\r\n\r\nRuby is an interpreted object-oriented programming language. The\r\nelaborate standard library includes the "BigDecimal" class.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 dev-lang/ruby < 1.8.6_p369 >= 1.8.6_p369\r\n\r\nDescription\r\n===========\r\n\r\nTadayoshi Funaba reported that BigDecimal in\r\next/bigdecimal/bigdecimal.c does not properly handle string arguments\r\ncontaining overly long numbers.\r\n\r\nImpact\r\n======\r\n\r\nA remote attacker could exploit this issue to remotely cause a Denial\r\nof Service attack.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll Ruby users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.6_p369"\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CVE-2009-1904\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1904\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200906-02.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2009 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5", "edition": 1, "modified": "2009-06-29T00:00:00", "published": "2009-06-29T00:00:00", "id": "SECURITYVULNS:DOC:22097", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22097", "title": "[Full-disclosure] [ GLSA 200906-02 ] Ruby: Denial of Service", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:33", "bulletinFamily": "software", "cvelist": ["CVE-2009-1904"], "description": "Crash on oversized string in BigDecimal.", "edition": 1, "modified": "2009-06-29T00:00:00", "published": "2009-06-29T00:00:00", "id": "SECURITYVULNS:VULN:10024", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10024", "title": "Ruby DoS", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-07T10:44:54", "description": "The official ruby site reports :\n\nA denial of service (DoS) vulnerability was found on the BigDecimal\nstandard library of Ruby. Conversion from BigDecimal objects into\nFloat numbers had a problem which enables attackers to effectively\ncause segmentation faults.\n\nAn attacker can cause a denial of service by causing BigDecimal to\nparse an insanely large number, such as :\n\nBigDecimal('9E69999999').to_s('F')", "edition": 25, "published": "2009-06-15T00:00:00", "title": "FreeBSD : ruby -- BigDecimal denial of service vulnerability (62e0fbe5-5798-11de-bb78-001cc0377035)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1904"], "modified": "2009-06-15T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:ruby", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:ruby+oniguruma", "p-cpe:/a:freebsd:freebsd:ruby+pthreads", "p-cpe:/a:freebsd:freebsd:ruby+pthreads+oniguruma"], "id": "FREEBSD_PKG_62E0FBE5579811DEBB78001CC0377035.NASL", "href": "https://www.tenable.com/plugins/nessus/39375", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39375);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1904\");\n script_bugtraq_id(35278);\n\n script_name(english:\"FreeBSD : ruby -- BigDecimal denial of service vulnerability (62e0fbe5-5798-11de-bb78-001cc0377035)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The official ruby site reports :\n\nA denial of service (DoS) vulnerability was found on the BigDecimal\nstandard library of Ruby. Conversion from BigDecimal objects into\nFloat numbers had a problem which enables attackers to effectively\ncause segmentation faults.\n\nAn attacker can cause a denial of service by causing BigDecimal to\nparse an insanely large number, such as :\n\nBigDecimal('9E69999999').to_s('F')\"\n );\n # http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d9c7b7be\"\n );\n # https://vuxml.freebsd.org/freebsd/62e0fbe5-5798-11de-bb78-001cc0377035.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?87876221\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ruby+oniguruma\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ruby+pthreads\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ruby+pthreads+oniguruma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"ruby>=1.8.*,1<1.8.7.160_1,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ruby+pthreads>=1.8.*,1<1.8.7.160_1,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ruby+pthreads+oniguruma>=1.8.*,1<1.8.7.160_1,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ruby+oniguruma>=1.8.*,1<1.8.7.160_1,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:52:32", "description": "The remote host is affected by the vulnerability described in GLSA-200906-02\n(Ruby: Denial of Service)\n\n Tadayoshi Funaba reported that BigDecimal in\n ext/bigdecimal/bigdecimal.c does not properly handle string arguments\n containing overly long numbers.\n \nImpact :\n\n A remote attacker could exploit this issue to remotely cause a Denial\n of Service attack.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2009-06-29T00:00:00", "title": "GLSA-200906-02 : Ruby: Denial of Service", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1904"], "modified": "2009-06-29T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:ruby"], "id": "GENTOO_GLSA-200906-02.NASL", "href": "https://www.tenable.com/plugins/nessus/39565", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200906-02.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39565);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1904\");\n script_bugtraq_id(35278);\n script_xref(name:\"GLSA\", value:\"200906-02\");\n\n script_name(english:\"GLSA-200906-02 : Ruby: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200906-02\n(Ruby: Denial of Service)\n\n Tadayoshi Funaba reported that BigDecimal in\n ext/bigdecimal/bigdecimal.c does not properly handle string arguments\n containing overly long numbers.\n \nImpact :\n\n A remote attacker could exploit this issue to remotely cause a Denial\n of Service attack.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200906-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Ruby users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/ruby-1.8.6_p369'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/ruby\", unaffected:make_list(\"ge 1.8.6_p369\"), vulnerable:make_list(\"lt 1.8.6_p369\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Ruby\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T11:52:14", "description": "The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173\nallows context-dependent attackers to cause a denial of service\n(application crash) via a string argument that represents a large\nnumber, as demonstrated by an attempted conversion to the Float data\ntype.\n\nThis update corrects the problem.", "edition": 24, "published": "2009-07-28T00:00:00", "title": "Mandriva Linux Security Advisory : ruby (MDVSA-2009:160)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1904"], "modified": "2009-07-28T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:ruby", "p-cpe:/a:mandriva:linux:ruby-doc", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2008.1", "cpe:/o:mandriva:linux:2009.1", "p-cpe:/a:mandriva:linux:ruby-tk", "p-cpe:/a:mandriva:linux:ruby-devel"], "id": "MANDRIVA_MDVSA-2009-160.NASL", "href": "https://www.tenable.com/plugins/nessus/40398", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:160. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40398);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1904\");\n script_bugtraq_id(35278);\n script_xref(name:\"MDVSA\", value:\"2009:160\");\n\n script_name(english:\"Mandriva Linux Security Advisory : ruby (MDVSA-2009:160)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173\nallows context-dependent attackers to cause a denial of service\n(application crash) via a string argument that represents a large\nnumber, as demonstrated by an attempted conversion to the Float data\ntype.\n\nThis update corrects the problem.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.1\", reference:\"ruby-1.8.6-9p114.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"ruby-devel-1.8.6-9p114.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"ruby-doc-1.8.6-9p114.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"ruby-tk-1.8.6-9p114.3mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"ruby-1.8.7-7p72.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"ruby-devel-1.8.7-7p72.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"ruby-doc-1.8.7-7p72.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"ruby-tk-1.8.7-7p72.1mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"ruby-1.8.7-9p72.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"ruby-devel-1.8.7-9p72.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"ruby-doc-1.8.7-9p72.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"ruby-tk-1.8.7-9p72.1mdv2009.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T09:10:28", "description": "New ruby packages are available for Slackware 11.0, 12.0, 12.1, 12.2,\nand -current to fix a security issue.", "edition": 24, "published": "2009-06-21T00:00:00", "title": "Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : ruby (SSA:2009-170-02)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1904"], "modified": "2009-06-21T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:12.2", "cpe:/o:slackware:slackware_linux:11.0", "cpe:/o:slackware:slackware_linux", "p-cpe:/a:slackware:slackware_linux:ruby", "cpe:/o:slackware:slackware_linux:12.1"], "id": "SLACKWARE_SSA_2009-170-02.NASL", "href": "https://www.tenable.com/plugins/nessus/39473", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2009-170-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39473);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1904\");\n script_bugtraq_id(35278);\n script_xref(name:\"SSA\", value:\"2009-170-02\");\n\n script_name(english:\"Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : ruby (SSA:2009-170-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New ruby packages are available for Slackware 11.0, 12.0, 12.1, 12.2,\nand -current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.430805\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6892ef00\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"11.0\", pkgname:\"ruby\", pkgver:\"1.8.6_p369\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\nif (slackware_check(osver:\"12.0\", pkgname:\"ruby\", pkgver:\"1.8.6_p369\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"ruby\", pkgver:\"1.8.6_p369\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"ruby\", pkgver:\"1.8.7_p174\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"ruby\", pkgver:\"1.8.7_p174\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"ruby\", pkgver:\"1.8.7_p174\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:07:02", "description": "Update to 1.8.6 p368 This package also fixes the build failure on arm\n-gnueabi systems (bug 506233), and DOS vulnerability issue on\nBigDecimal method (bug 504958, CVE-2009-1904)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2009-12-14T00:00:00", "title": "Fedora 10 : ruby-1.8.6.368-2.fc10 (2009-13066)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1904"], "modified": "2009-12-14T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:ruby"], "id": "FEDORA_2009-13066.NASL", "href": "https://www.tenable.com/plugins/nessus/43122", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-13066.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43122);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1904\");\n script_xref(name:\"FEDORA\", value:\"2009-13066\");\n\n script_name(english:\"Fedora 10 : ruby-1.8.6.368-2.fc10 (2009-13066)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.8.6 p368 This package also fixes the build failure on arm\n-gnueabi systems (bug 506233), and DOS vulnerability issue on\nBigDecimal method (bug 504958, CVE-2009-1904)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=504958\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032540.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3b7e4413\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"ruby-1.8.6.368-2.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:45:36", "description": "Several vulnerabilities have been discovered in Ruby. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2009-0642\n The return value from the OCSP_basic_verify function was\n not checked properly, allowing continued use of a\n revoked certificate.\n\n - CVE-2009-1904\n An issue in parsing BigDecimal numbers can result in a\n denial-of-service condition (crash).\n\nThe following matrix identifies fixed versions :\n\n ruby1.8 ruby1.9 \n oldstable (etch) 1.8.5-4etch5 1.9.0+20060609-1etch5 \n stable (lenny) 1.8.7.72-3lenny1 1.9.0.2-9lenny1 \n unstable (sid) 1.8.7.173-1 (soon)", "edition": 26, "published": "2010-02-24T00:00:00", "title": "Debian DSA-1860-1 : ruby1.8, ruby1.9 - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1904", "CVE-2009-0642"], "modified": "2010-02-24T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ruby1.8", "cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:ruby1.9", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-1860.NASL", "href": "https://www.tenable.com/plugins/nessus/44725", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1860. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44725);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-0642\", \"CVE-2009-1904\");\n script_bugtraq_id(35278);\n script_xref(name:\"DSA\", value:\"1860\");\n\n script_name(english:\"Debian DSA-1860-1 : ruby1.8, ruby1.9 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in Ruby. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2009-0642\n The return value from the OCSP_basic_verify function was\n not checked properly, allowing continued use of a\n revoked certificate.\n\n - CVE-2009-1904\n An issue in parsing BigDecimal numbers can result in a\n denial-of-service condition (crash).\n\nThe following matrix identifies fixed versions :\n\n ruby1.8 ruby1.9 \n oldstable (etch) 1.8.5-4etch5 1.9.0+20060609-1etch5 \n stable (lenny) 1.8.7.72-3lenny1 1.9.0.2-9lenny1 \n unstable (sid) 1.8.7.173-1 (soon)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1860\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the Ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"irb1.8\", reference:\"1.8.5-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"irb1.9\", reference:\"1.9.0+20060609-1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libdbm-ruby1.8\", reference:\"1.8.5-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libdbm-ruby1.9\", reference:\"1.9.0+20060609-1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libgdbm-ruby1.8\", reference:\"1.8.5-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libgdbm-ruby1.9\", reference:\"1.9.0+20060609-1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libopenssl-ruby1.8\", reference:\"1.8.5-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libopenssl-ruby1.9\", reference:\"1.9.0+20060609-1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libreadline-ruby1.8\", reference:\"1.8.5-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libreadline-ruby1.9\", reference:\"1.9.0+20060609-1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libruby1.8\", reference:\"1.8.5-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libruby1.8-dbg\", reference:\"1.8.5-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libruby1.9\", reference:\"1.9.0+20060609-1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libruby1.9-dbg\", reference:\"1.9.0+20060609-1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libtcltk-ruby1.8\", reference:\"1.8.5-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libtcltk-ruby1.9\", reference:\"1.9.0+20060609-1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"rdoc1.8\", reference:\"1.8.5-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"rdoc1.9\", reference:\"1.9.0+20060609-1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ri1.8\", reference:\"1.8.5-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ri1.9\", reference:\"1.9.0+20060609-1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ruby1.8\", reference:\"1.8.5-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ruby1.8-dev\", reference:\"1.8.5-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ruby1.8-elisp\", reference:\"1.8.5-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ruby1.8-examples\", reference:\"1.8.5-4etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ruby1.9\", reference:\"1.9.0+20060609-1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ruby1.9-dev\", reference:\"1.9.0+20060609-1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ruby1.9-elisp\", reference:\"1.9.0+20060609-1etch5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ruby1.9-examples\", reference:\"1.9.0+20060609-1etch5\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"irb1.8\", reference:\"1.8.7.72-3lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"irb1.9\", reference:\"1.9.0.2-9lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libdbm-ruby1.8\", reference:\"1.8.7.72-3lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libdbm-ruby1.9\", reference:\"1.9.0.2-9lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libgdbm-ruby1.8\", reference:\"1.8.7.72-3lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libgdbm-ruby1.9\", reference:\"1.9.0.2-9lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libopenssl-ruby1.8\", reference:\"1.8.7.72-3lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libopenssl-ruby1.9\", reference:\"1.9.0.2-9lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libreadline-ruby1.8\", reference:\"1.8.7.72-3lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libreadline-ruby1.9\", reference:\"1.9.0.2-9lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libruby1.8\", reference:\"1.8.7.72-3lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libruby1.8-dbg\", reference:\"1.8.7.72-3lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libruby1.9\", reference:\"1.9.0.2-9lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libruby1.9-dbg\", reference:\"1.9.0.2-9lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libtcltk-ruby1.8\", reference:\"1.8.7.72-3lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libtcltk-ruby1.9\", reference:\"1.9.0.2-9lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"rdoc1.8\", reference:\"1.8.7.72-3lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"rdoc1.9\", reference:\"1.9.0.2-9lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"ri1.8\", reference:\"1.8.7.72-3lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"ri1.9\", reference:\"1.9.0.2-9lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"ruby1.8\", reference:\"1.8.7.72-3lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"ruby1.8-dev\", reference:\"1.8.7.72-3lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"ruby1.8-elisp\", reference:\"1.8.7.72-3lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"ruby1.8-examples\", reference:\"1.8.7.72-3lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"ruby1.9\", reference:\"1.9.0.2-9lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"ruby1.9-dev\", reference:\"1.9.0.2-9lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"ruby1.9-elisp\", reference:\"1.9.0.2-9lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"ruby1.9-examples\", reference:\"1.9.0.2-9lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:44:40", "description": "It was discovered that Ruby did not properly validate certificates. An\nattacker could exploit this and present invalid or revoked X.509\ncertificates. (CVE-2009-0642)\n\nIt was discovered that Ruby did not properly handle string arguments\nthat represent large numbers. An attacker could exploit this and cause\na denial of service. (CVE-2009-1904).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2009-07-21T00:00:00", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : ruby1.8, ruby1.9 vulnerabilities (USN-805-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1904", "CVE-2009-0642"], "modified": "2009-07-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:ruby1.9-dev", "p-cpe:/a:canonical:ubuntu_linux:ruby1.9", "p-cpe:/a:canonical:ubuntu_linux:libgdbm-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libdbm-ruby1.9", "p-cpe:/a:canonical:ubuntu_linux:ruby1.8-dev", "p-cpe:/a:canonical:ubuntu_linux:libdbm-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:rdoc1.8", "p-cpe:/a:canonical:ubuntu_linux:libtcltk-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libruby1.9-dbg", "p-cpe:/a:canonical:ubuntu_linux:ri1.9", "p-cpe:/a:canonical:ubuntu_linux:ruby1.8-examples", "p-cpe:/a:canonical:ubuntu_linux:libruby1.8-dbg", "p-cpe:/a:canonical:ubuntu_linux:irb1.8", "p-cpe:/a:canonical:ubuntu_linux:ruby1.9-examples", "p-cpe:/a:canonical:ubuntu_linux:libgdbm-ruby1.9", "p-cpe:/a:canonical:ubuntu_linux:ri1.8", "p-cpe:/a:canonical:ubuntu_linux:libruby1.9", "p-cpe:/a:canonical:ubuntu_linux:ruby1.8-elisp", "p-cpe:/a:canonical:ubuntu_linux:libopenssl-ruby1.8", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libopenssl-ruby1.9", "p-cpe:/a:canonical:ubuntu_linux:rdoc1.9", "p-cpe:/a:canonical:ubuntu_linux:ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:irb1.9", "cpe:/o:canonical:ubuntu_linux:8.10", "p-cpe:/a:canonical:ubuntu_linux:libreadline-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libtcltk-ruby1.9", "cpe:/o:canonical:ubuntu_linux:9.04", "p-cpe:/a:canonical:ubuntu_linux:ruby1.9-elisp", "p-cpe:/a:canonical:ubuntu_linux:libreadline-ruby1.9", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-805-1.NASL", "href": "https://www.tenable.com/plugins/nessus/40329", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-805-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40329);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-0642\", \"CVE-2009-1904\");\n script_bugtraq_id(35278);\n script_xref(name:\"USN\", value:\"805-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : ruby1.8, ruby1.9 vulnerabilities (USN-805-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Ruby did not properly validate certificates. An\nattacker could exploit this and present invalid or revoked X.509\ncertificates. (CVE-2009-0642)\n\nIt was discovered that Ruby did not properly handle string arguments\nthat represent large numbers. An attacker could exploit this and cause\na denial of service. (CVE-2009-1904).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/805-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:irb1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:irb1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libdbm-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libdbm-ruby1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgdbm-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgdbm-ruby1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenssl-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenssl-ruby1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libreadline-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libreadline-ruby1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby1.8-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby1.9-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtcltk-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtcltk-ruby1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:rdoc1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:rdoc1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ri1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ri1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.8-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.8-elisp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.8-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.9-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.9-elisp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.9-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|8\\.04|8\\.10|9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 8.10 / 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"irb1.8\", pkgver:\"1.8.4-1ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libdbm-ruby1.8\", pkgver:\"1.8.4-1ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libgdbm-ruby1.8\", pkgver:\"1.8.4-1ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libopenssl-ruby1.8\", pkgver:\"1.8.4-1ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libreadline-ruby1.8\", pkgver:\"1.8.4-1ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libruby1.8\", pkgver:\"1.8.4-1ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libruby1.8-dbg\", pkgver:\"1.8.4-1ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libtcltk-ruby1.8\", pkgver:\"1.8.4-1ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"rdoc1.8\", pkgver:\"1.8.4-1ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ri1.8\", pkgver:\"1.8.4-1ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ruby1.8\", pkgver:\"1.8.4-1ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ruby1.8-dev\", pkgver:\"1.8.4-1ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ruby1.8-elisp\", pkgver:\"1.8.4-1ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ruby1.8-examples\", pkgver:\"1.8.4-1ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"irb1.8\", pkgver:\"1.8.6.111-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libdbm-ruby1.8\", pkgver:\"1.8.6.111-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libgdbm-ruby1.8\", pkgver:\"1.8.6.111-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libopenssl-ruby1.8\", pkgver:\"1.8.6.111-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libreadline-ruby1.8\", pkgver:\"1.8.6.111-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libruby1.8\", pkgver:\"1.8.6.111-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libruby1.8-dbg\", pkgver:\"1.8.6.111-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libtcltk-ruby1.8\", pkgver:\"1.8.6.111-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"rdoc1.8\", pkgver:\"1.8.6.111-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"ri1.8\", pkgver:\"1.8.6.111-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"ruby1.8\", pkgver:\"1.8.6.111-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"ruby1.8-dev\", pkgver:\"1.8.6.111-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"ruby1.8-elisp\", pkgver:\"1.8.6.111-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"ruby1.8-examples\", pkgver:\"1.8.6.111-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"irb1.8\", pkgver:\"1.8.7.72-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"irb1.9\", pkgver:\"1.9.0.2-7ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libdbm-ruby1.8\", pkgver:\"1.8.7.72-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libdbm-ruby1.9\", pkgver:\"1.9.0.2-7ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libgdbm-ruby1.8\", pkgver:\"1.8.7.72-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libgdbm-ruby1.9\", pkgver:\"1.9.0.2-7ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libopenssl-ruby1.8\", pkgver:\"1.8.7.72-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libopenssl-ruby1.9\", pkgver:\"1.9.0.2-7ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libreadline-ruby1.8\", pkgver:\"1.8.7.72-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libreadline-ruby1.9\", pkgver:\"1.9.0.2-7ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libruby1.8\", pkgver:\"1.8.7.72-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libruby1.8-dbg\", pkgver:\"1.8.7.72-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libruby1.9\", pkgver:\"1.9.0.2-7ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libruby1.9-dbg\", pkgver:\"1.9.0.2-7ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libtcltk-ruby1.8\", pkgver:\"1.8.7.72-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libtcltk-ruby1.9\", pkgver:\"1.9.0.2-7ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"rdoc1.8\", pkgver:\"1.8.7.72-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"rdoc1.9\", pkgver:\"1.9.0.2-7ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"ri1.8\", pkgver:\"1.8.7.72-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"ri1.9\", pkgver:\"1.9.0.2-7ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"ruby1.8\", pkgver:\"1.8.7.72-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"ruby1.8-dev\", pkgver:\"1.8.7.72-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"ruby1.8-elisp\", pkgver:\"1.8.7.72-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"ruby1.8-examples\", pkgver:\"1.8.7.72-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"ruby1.9\", pkgver:\"1.9.0.2-7ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"ruby1.9-dev\", pkgver:\"1.9.0.2-7ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"ruby1.9-elisp\", pkgver:\"1.9.0.2-7ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"ruby1.9-examples\", pkgver:\"1.9.0.2-7ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"irb1.8\", pkgver:\"1.8.7.72-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"irb1.9\", pkgver:\"1.9.0.2-9ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libdbm-ruby1.8\", pkgver:\"1.8.7.72-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libdbm-ruby1.9\", pkgver:\"1.9.0.2-9ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libgdbm-ruby1.8\", pkgver:\"1.8.7.72-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libgdbm-ruby1.9\", pkgver:\"1.9.0.2-9ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libopenssl-ruby1.8\", pkgver:\"1.8.7.72-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libopenssl-ruby1.9\", pkgver:\"1.9.0.2-9ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libreadline-ruby1.8\", pkgver:\"1.8.7.72-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libreadline-ruby1.9\", pkgver:\"1.9.0.2-9ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libruby1.8\", pkgver:\"1.8.7.72-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libruby1.8-dbg\", pkgver:\"1.8.7.72-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libruby1.9\", pkgver:\"1.9.0.2-9ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libruby1.9-dbg\", pkgver:\"1.9.0.2-9ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libtcltk-ruby1.8\", pkgver:\"1.8.7.72-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libtcltk-ruby1.9\", pkgver:\"1.9.0.2-9ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"rdoc1.8\", pkgver:\"1.8.7.72-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"rdoc1.9\", pkgver:\"1.9.0.2-9ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"ri1.8\", pkgver:\"1.8.7.72-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"ri1.9\", pkgver:\"1.9.0.2-9ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"ruby1.8\", pkgver:\"1.8.7.72-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"ruby1.8-dev\", pkgver:\"1.8.7.72-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"ruby1.8-elisp\", pkgver:\"1.8.7.72-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"ruby1.8-examples\", pkgver:\"1.8.7.72-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"ruby1.9\", pkgver:\"1.9.0.2-9ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"ruby1.9-dev\", pkgver:\"1.9.0.2-9ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"ruby1.9-elisp\", pkgver:\"1.9.0.2-9ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"ruby1.9-examples\", pkgver:\"1.9.0.2-9ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"irb1.8 / irb1.9 / libdbm-ruby1.8 / libdbm-ruby1.9 / libgdbm-ruby1.8 / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:52:27", "description": "Multiple vulnerabilities was discovered and corrected in ruby :\n\next/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check\nthe return value from the OCSP_basic_verify function, which might\nallow remote attackers to successfully present an invalid X.509\ncertificate, possibly involving a revoked certificate (CVE-2009-0642).\n\nThe BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173\nallows context-dependent attackers to cause a denial of service\n(application crash) via a string argument that represents a large\nnumber, as demonstrated by an attempted conversion to the Float data\ntype (CVE-2009-1904).\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\n\nThis update provides a solution to these vulnerabilities.", "edition": 25, "published": "2009-12-08T00:00:00", "title": "Mandriva Linux Security Advisory : ruby (MDVSA-2009:325)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1904", "CVE-2009-0642"], "modified": "2009-12-08T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:ruby", "p-cpe:/a:mandriva:linux:ruby-doc", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:ruby-tk", "p-cpe:/a:mandriva:linux:ruby-devel"], "id": "MANDRIVA_MDVSA-2009-325.NASL", "href": "https://www.tenable.com/plugins/nessus/43044", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:325. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43044);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-0642\", \"CVE-2009-1904\");\n script_bugtraq_id(35278);\n script_xref(name:\"MDVSA\", value:\"2009:325\");\n\n script_name(english:\"Mandriva Linux Security Advisory : ruby (MDVSA-2009:325)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities was discovered and corrected in ruby :\n\next/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check\nthe return value from the OCSP_basic_verify function, which might\nallow remote attackers to successfully present an invalid X.509\ncertificate, possibly involving a revoked certificate (CVE-2009-0642).\n\nThe BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173\nallows context-dependent attackers to cause a denial of service\n(application crash) via a string argument that represents a large\nnumber, as demonstrated by an attempted conversion to the Float data\ntype (CVE-2009-1904).\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\n\nThis update provides a solution to these vulnerabilities.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"ruby-1.8.6-5.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"ruby-devel-1.8.6-5.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"ruby-doc-1.8.6-5.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"ruby-tk-1.8.6-5.4mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:06:52", "description": "Updated ruby packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nRuby is an extensible, interpreted, object-oriented, scripting\nlanguage. It has features to process text files and to do system\nmanagement tasks.\n\nA flaw was found in the way the Ruby POP module processed certain APOP\nauthentication requests. By sending certain responses when the Ruby\nAPOP module attempted to authenticate using APOP against a POP server,\na remote attacker could, potentially, acquire certain portions of a\nuser's authentication credentials. (CVE-2007-1558)\n\nIt was discovered that Ruby did not properly check the return value\nwhen verifying X.509 certificates. This could, potentially, allow a\nremote attacker to present an invalid X.509 certificate, and have Ruby\ntreat it as valid. (CVE-2009-0642)\n\nA flaw was found in the way Ruby converted BigDecimal objects to Float\nnumbers. If an attacker were able to provide certain input for the\nBigDecimal object converter, they could crash an application using\nthis class. (CVE-2009-1904)\n\nAll Ruby users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", "edition": 28, "published": "2009-07-03T00:00:00", "title": "RHEL 4 / 5 : ruby (RHSA-2009:1140)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1558", "CVE-2009-1904", "CVE-2009-0642"], "modified": "2009-07-03T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:irb", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:ruby", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:ruby-rdoc", "p-cpe:/a:redhat:enterprise_linux:ruby-irb", "cpe:/o:redhat:enterprise_linux:5.3", "p-cpe:/a:redhat:enterprise_linux:ruby-docs", "p-cpe:/a:redhat:enterprise_linux:ruby-ri", "p-cpe:/a:redhat:enterprise_linux:ruby-mode", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:ruby-libs", "p-cpe:/a:redhat:enterprise_linux:ruby-devel", "p-cpe:/a:redhat:enterprise_linux:ruby-tcltk"], "id": "REDHAT-RHSA-2009-1140.NASL", "href": "https://www.tenable.com/plugins/nessus/39599", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1140. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39599);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1558\", \"CVE-2009-0642\", \"CVE-2009-1904\");\n script_bugtraq_id(23257, 35278);\n script_xref(name:\"RHSA\", value:\"2009:1140\");\n\n script_name(english:\"RHEL 4 / 5 : ruby (RHSA-2009:1140)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ruby packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nRuby is an extensible, interpreted, object-oriented, scripting\nlanguage. It has features to process text files and to do system\nmanagement tasks.\n\nA flaw was found in the way the Ruby POP module processed certain APOP\nauthentication requests. By sending certain responses when the Ruby\nAPOP module attempted to authenticate using APOP against a POP server,\na remote attacker could, potentially, acquire certain portions of a\nuser's authentication credentials. (CVE-2007-1558)\n\nIt was discovered that Ruby did not properly check the return value\nwhen verifying X.509 certificates. This could, potentially, allow a\nremote attacker to present an invalid X.509 certificate, and have Ruby\ntreat it as valid. (CVE-2009-0642)\n\nA flaw was found in the way Ruby converted BigDecimal objects to Float\nnumbers. If an attacker were able to provide certain input for the\nBigDecimal object converter, they could crash an application using\nthis class. (CVE-2009-1904)\n\nAll Ruby users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1140\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-mode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-ri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1140\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"irb-1.8.1-7.el4_8.3\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"ruby-1.8.1-7.el4_8.3\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"ruby-devel-1.8.1-7.el4_8.3\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"ruby-docs-1.8.1-7.el4_8.3\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"ruby-libs-1.8.1-7.el4_8.3\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"ruby-mode-1.8.1-7.el4_8.3\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"ruby-tcltk-1.8.1-7.el4_8.3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"ruby-1.8.5-5.el5_3.7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"ruby-1.8.5-5.el5_3.7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"ruby-1.8.5-5.el5_3.7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"ruby-devel-1.8.5-5.el5_3.7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"ruby-docs-1.8.5-5.el5_3.7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"ruby-docs-1.8.5-5.el5_3.7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"ruby-docs-1.8.5-5.el5_3.7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"ruby-irb-1.8.5-5.el5_3.7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"ruby-irb-1.8.5-5.el5_3.7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"ruby-irb-1.8.5-5.el5_3.7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"ruby-libs-1.8.5-5.el5_3.7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"ruby-mode-1.8.5-5.el5_3.7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"ruby-mode-1.8.5-5.el5_3.7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"ruby-mode-1.8.5-5.el5_3.7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"ruby-rdoc-1.8.5-5.el5_3.7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"ruby-rdoc-1.8.5-5.el5_3.7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"ruby-rdoc-1.8.5-5.el5_3.7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"ruby-ri-1.8.5-5.el5_3.7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"ruby-ri-1.8.5-5.el5_3.7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"ruby-ri-1.8.5-5.el5_3.7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"ruby-tcltk-1.8.5-5.el5_3.7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"ruby-tcltk-1.8.5-5.el5_3.7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"ruby-tcltk-1.8.5-5.el5_3.7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"irb / ruby / ruby-devel / ruby-docs / ruby-irb / ruby-libs / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:25:48", "description": "Updated ruby packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nRuby is an extensible, interpreted, object-oriented, scripting\nlanguage. It has features to process text files and to do system\nmanagement tasks.\n\nA flaw was found in the way the Ruby POP module processed certain APOP\nauthentication requests. By sending certain responses when the Ruby\nAPOP module attempted to authenticate using APOP against a POP server,\na remote attacker could, potentially, acquire certain portions of a\nuser's authentication credentials. (CVE-2007-1558)\n\nIt was discovered that Ruby did not properly check the return value\nwhen verifying X.509 certificates. This could, potentially, allow a\nremote attacker to present an invalid X.509 certificate, and have Ruby\ntreat it as valid. (CVE-2009-0642)\n\nA flaw was found in the way Ruby converted BigDecimal objects to Float\nnumbers. If an attacker were able to provide certain input for the\nBigDecimal object converter, they could crash an application using\nthis class. (CVE-2009-1904)\n\nAll Ruby users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", "edition": 28, "published": "2010-01-06T00:00:00", "title": "CentOS 5 : ruby (CESA-2009:1140)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1558", "CVE-2009-1904", "CVE-2009-0642"], "modified": "2010-01-06T00:00:00", "cpe": ["p-cpe:/a:centos:centos:ruby-tcltk", "p-cpe:/a:centos:centos:ruby", "p-cpe:/a:centos:centos:ruby-rdoc", "p-cpe:/a:centos:centos:ruby-libs", "p-cpe:/a:centos:centos:ruby-mode", "p-cpe:/a:centos:centos:ruby-docs", "p-cpe:/a:centos:centos:ruby-devel", "p-cpe:/a:centos:centos:ruby-ri", "p-cpe:/a:centos:centos:ruby-irb", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2009-1140.NASL", "href": "https://www.tenable.com/plugins/nessus/43767", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1140 and \n# CentOS Errata and Security Advisory 2009:1140 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43767);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-1558\", \"CVE-2009-0642\", \"CVE-2009-1904\");\n script_bugtraq_id(23257, 35278);\n script_xref(name:\"RHSA\", value:\"2009:1140\");\n\n script_name(english:\"CentOS 5 : ruby (CESA-2009:1140)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ruby packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nRuby is an extensible, interpreted, object-oriented, scripting\nlanguage. It has features to process text files and to do system\nmanagement tasks.\n\nA flaw was found in the way the Ruby POP module processed certain APOP\nauthentication requests. By sending certain responses when the Ruby\nAPOP module attempted to authenticate using APOP against a POP server,\na remote attacker could, potentially, acquire certain portions of a\nuser's authentication credentials. (CVE-2007-1558)\n\nIt was discovered that Ruby did not properly check the return value\nwhen verifying X.509 certificates. This could, potentially, allow a\nremote attacker to present an invalid X.509 certificate, and have Ruby\ntreat it as valid. (CVE-2009-0642)\n\nA flaw was found in the way Ruby converted BigDecimal objects to Float\nnumbers. If an attacker were able to provide certain input for the\nBigDecimal object converter, they could crash an application using\nthis class. (CVE-2009-1904)\n\nAll Ruby users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-July/016025.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9d49c05e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-July/016026.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7b8781ca\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-mode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-ri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-1.8.5-5.el5_3.7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-devel-1.8.5-5.el5_3.7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-docs-1.8.5-5.el5_3.7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-irb-1.8.5-5.el5_3.7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-libs-1.8.5-5.el5_3.7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-mode-1.8.5-5.el5_3.7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-rdoc-1.8.5-5.el5_3.7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-ri-1.8.5-5.el5_3.7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-tcltk-1.8.5-5.el5_3.7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby / ruby-devel / ruby-docs / ruby-irb / ruby-libs / ruby-mode / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:14", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1904"], "description": "\nThe official ruby site reports:\n\nA denial of service (DoS) vulnerability was found on the\n\t BigDecimal standard library of Ruby. Conversion from BigDecimal\n\t objects into Float numbers had a problem which enables attackers\n\t to effectively cause segmentation faults.\nAn attacker can cause a denial of service by causing BigDecimal\n\t to parse an insanely large number, such as:\nBigDecimal(\"9E69999999\").to_s(\"F\")\n\n", "edition": 4, "modified": "2010-05-02T00:00:00", "published": "2009-06-09T00:00:00", "id": "62E0FBE5-5798-11DE-BB78-001CC0377035", "href": "https://vuxml.freebsd.org/freebsd/62e0fbe5-5798-11de-bb78-001cc0377035.html", "title": "ruby -- BigDecimal denial of service vulnerability", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "seebug": [{"lastseen": "2017-11-19T18:46:54", "description": "BUGTRAQ ID: 35278\r\nCVE(CAN) ID: CVE-2009-1904\r\n\r\nRuby\u662f\u4e00\u79cd\u529f\u80fd\u5f3a\u5927\u7684\u9762\u5411\u5bf9\u8c61\u7684\u811a\u672c\u8bed\u8a00\u3002\r\n\r\nRuby\u6240\u4f7f\u7528\u7684BigDecimal\u6807\u51c6\u51fd\u6570\u5e93\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u5728\u5c06BigDecimal\u5bf9\u8c61\u8f6c\u6362\u4e3a\u6d6e\u70b9\u6570\u65f6\u53ef\u80fd\u4f1a\u89e6\u53d1\u5206\u6bb5\u9519\u8bef\uff0c\u5bfc\u81f4\u94fe\u63a5\u5230\u8be5\u5e93\u7684\u5e94\u7528\u5d29\u6e83\u3002\n\nYukihiro Matsumoto Ruby 1.8.x\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nYukihiro%20Matsumoto\r\n------------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=\"ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p369.tar.gz\" target=\"_blank\" rel=external nofollow>ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p369.tar.gz</a>\r\n<a href=\"ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p174.tar.gz\" target=\"_blank\" rel=external nofollow>ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p174.tar.gz</a>", "published": "2009-06-18T00:00:00", "type": "seebug", "title": "Ruby BigDecimal\u5e93\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-1904"], "modified": "2009-06-18T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-11656", "id": "SSV:11656", "sourceData": "\n BigDecimal("9E69999999").to_s("F")\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-11656", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:22:04", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1904", "CVE-2009-0642"], "description": "It was discovered that Ruby did not properly validate certificates. An \nattacker could exploit this and present invalid or revoked X.509 \ncertificates. (CVE-2009-0642)\n\nIt was discovered that Ruby did not properly handle string arguments that \nrepresent large numbers. An attacker could exploit this and cause a denial \nof service. (CVE-2009-1904)", "edition": 5, "modified": "2009-07-20T00:00:00", "published": "2009-07-20T00:00:00", "id": "USN-805-1", "href": "https://ubuntu.com/security/notices/USN-805-1", "title": "Ruby vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-09T00:24:30", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4124", "CVE-2009-1904", "CVE-2009-4492"], "description": "Emmanouel Kellinis discovered that Ruby did not properly handle certain \nstring operations. An attacker could exploit this issue and possibly \nexecute arbitrary code with application privileges. (CVE-2009-4124)\n\nGiovanni Pellerano, Alessandro Tanasi, and Francesco Ongaro discovered that \nRuby did not properly sanitize data written to log files. An attacker could \ninsert specially-crafted data into log files which could affect certain \nterminal emulators and cause arbitrary files to be overwritten, or even \npossibly execute arbitrary commands. (CVE-2009-4492)\n\nIt was discovered that Ruby did not properly handle string arguments that \nrepresent large numbers. An attacker could exploit this and cause a denial \nof service. This issue only affected Ubuntu 9.10. (CVE-2009-1904)", "edition": 5, "modified": "2010-02-16T00:00:00", "published": "2010-02-16T00:00:00", "id": "USN-900-1", "href": "https://ubuntu.com/security/notices/USN-900-1", "title": "Ruby vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:16:11", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1904", "CVE-2009-0642"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1860-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nAugust 12, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : ruby1.8, ruby1.9\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2009-0642 CVE-2009-1904\n\nSeveral vulnerabilities have been discovered in Ruby. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2009-0642\n\n The return value from the OCSP_basic_verify function was not checked\n properly, allowing continued use of a revoked certificate.\n\nCVE-2009-1904\n\n An issue in parsing BigDecimal numbers can result in a\n denial-of-service condition (crash).\n\nThe following matrix identifies fixed versions:\n\n ruby1.8 ruby1.9\n oldstable (etch) 1.8.5-4etch5 1.9.0+20060609-1etch5\n stable (lenny) 1.8.7.72-3lenny1 1.9.0.2-9lenny1\n unstable (sid) 1.8.7.173-1 (soon)\n\nWe recommend that you upgrade your Ruby packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5.orig.tar.gz\n Size/MD5 checksum: 4434227 aae9676332fcdd52f66c3d99b289878f\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609.orig.tar.gz\n Size/MD5 checksum: 4450198 483d9b46a973c7e14f7586f0b1129891\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch5.diff.gz\n Size/MD5 checksum: 36468 8197232070673e4af27d060bacd34d71\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch5.diff.gz\n Size/MD5 checksum: 148191 71712b0eadff68c89993a9152b9a211d\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch5.dsc\n Size/MD5 checksum: 1102 9d6d9eedc0166711d69dcb3bf2cbc77f\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch5.dsc\n Size/MD5 checksum: 1079 b7a7a9e210b6150df9df9de965148b9d\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.5-4etch5_all.deb\n Size/MD5 checksum: 1246256 4653efb9c298e63f3a83a21cec8dbbd9\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-elisp_1.9.0+20060609-1etch5_all.deb\n Size/MD5 checksum: 229678 b3ee42c0cfa95e930fb72babd56aeb16\n http://security.debian.org/pool/updates/main/r/ruby1.9/rdoc1.9_1.9.0+20060609-1etch5_all.deb\n Size/MD5 checksum: 320308 7a80ef48b0e3302db11d9306de82c0ea\n http://security.debian.org/pool/updates/main/r/ruby1.9/irb1.9_1.9.0+20060609-1etch5_all.deb\n Size/MD5 checksum: 256978 74141346a6f6a229b653fa64d74014e3\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-examples_1.9.0+20060609-1etch5_all.deb\n Size/MD5 checksum: 263824 1aa2a6808360406297bf3541a94d874c\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.5-4etch5_all.deb\n Size/MD5 checksum: 243532 4ffcc8d7c6689b68f78a3283aff69eed\n http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.5-4etch5_all.deb\n Size/MD5 checksum: 236942 3d8d4fcf267f874877306da49169270a\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.5-4etch5_all.deb\n Size/MD5 checksum: 211018 7d332e6c11203c6a370d2c79fab9334f\n http://security.debian.org/pool/updates/main/r/ruby1.9/ri1.9_1.9.0+20060609-1etch5_all.deb\n Size/MD5 checksum: 691458 ae5f6f1ac87e900ae065682cc9c17c5f\n http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.5-4etch5_all.deb\n Size/MD5 checksum: 311556 5d41413d43090616020e66fcbec0fd45\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch5_alpha.deb\n Size/MD5 checksum: 325022 57b181370e9f5a2c919382b3dced68e8\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch5_alpha.deb\n Size/MD5 checksum: 238058 e11ef79ffb45581f284368bb1a95588d\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch5_alpha.deb\n Size/MD5 checksum: 217876 a578ced847038930fb362a72cdf9a7b2\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch5_alpha.deb\n Size/MD5 checksum: 903780 da8848cb063d706c8d78c8281491fe3b\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch5_alpha.deb\n Size/MD5 checksum: 1869364 05cc1cd324be3c05071e578fd605be5c\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch5_alpha.deb\n Size/MD5 checksum: 199496 dbfb5c1813976b990449da1373b2424b\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch5_alpha.deb\n Size/MD5 checksum: 217208 01c722b15e4f9afc400b242bdd512667\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch5_alpha.deb\n Size/MD5 checksum: 1890206 be88366e483e9e8c3814a54047dbeafa\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch5_alpha.deb\n Size/MD5 checksum: 1638840 ceb08ea201bc4066f973cadf63df1df0\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch5_alpha.deb\n Size/MD5 checksum: 340472 b6b7f071b361e5901d2fab4fa03c3541\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch5_alpha.deb\n Size/MD5 checksum: 219740 effa9ae4b3103e7d7d1bf815a4ba3e00\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch5_alpha.deb\n Size/MD5 checksum: 199460 6d6f32a7f8ac5fb8b3e1d91e41f77815\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch5_alpha.deb\n Size/MD5 checksum: 1881622 abfe20f24ca2660e1d4a6dfb4afa483a\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch5_alpha.deb\n Size/MD5 checksum: 217888 cb8989a23ccee352d3eb687fc22f9a6c\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch5_alpha.deb\n Size/MD5 checksum: 198552 9ad969112bf1fd8458b88052c92ea80f\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch5_alpha.deb\n Size/MD5 checksum: 1075238 9e23b12c751c71deafecbc731954eee1\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch5_alpha.deb\n Size/MD5 checksum: 301378 8b5d74020054ca085cbd7c53a9524f4a\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch5_alpha.deb\n Size/MD5 checksum: 961296 9eca0f07fd9116ae497766986c1d4ecd\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch5_amd64.deb\n Size/MD5 checksum: 1846432 b18fb120185c841f2678b2c2c4e55fa6\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch5_amd64.deb\n Size/MD5 checksum: 1586256 d0ae07ef7f46ad498571ad9124950102\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch5_amd64.deb\n Size/MD5 checksum: 217606 4c623e6f99b21330d5518b5c42415f70\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch5_amd64.deb\n Size/MD5 checksum: 1843260 f99fdb79c5786ff52fed264432a1e9df\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch5_amd64.deb\n Size/MD5 checksum: 1864622 7bab0c78096d8cb0ad79f3c96d84534c\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch5_amd64.deb\n Size/MD5 checksum: 1071096 1c8c07234fd87db8ba7642a8455d0b41\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch5_amd64.deb\n Size/MD5 checksum: 806288 bf4490d88967112cd1e8d7ad155a1836\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch5_amd64.deb\n Size/MD5 checksum: 199010 863d610b65704dde469efb92891c5b89\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch5_amd64.deb\n Size/MD5 checksum: 197960 3319732db4b7a1555ae6e95d4ef88801\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch5_amd64.deb\n Size/MD5 checksum: 217294 eec0adf1a03ba4f93528f29dccb39110\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch5_amd64.deb\n Size/MD5 checksum: 322964 ebed9eeeeded81f46d225941f484b2fe\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch5_amd64.deb\n Size/MD5 checksum: 748704 4666c6d5e0898d74f910caf850503959\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch5_amd64.deb\n Size/MD5 checksum: 303190 9260dfe74e217fa1011a686ff2bdc5ba\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch5_amd64.deb\n Size/MD5 checksum: 347916 6223b00985d23d74960dda5db9af3318\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch5_amd64.deb\n Size/MD5 checksum: 217330 e44a629c5231f66fc6dd5f340879bace\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch5_amd64.deb\n Size/MD5 checksum: 235678 10a34f27682b9c17ec90f7b127884c38\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch5_amd64.deb\n Size/MD5 checksum: 216654 539302564500fc842214a320d9270952\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch5_amd64.deb\n Size/MD5 checksum: 198398 d08e04df5dd3d3bb33c2ad2e75b8ab6f\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch5_arm.deb\n Size/MD5 checksum: 315694 13f5a2b60c1cfa353914bbfeeadf7b74\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch5_arm.deb\n Size/MD5 checksum: 216544 21628a2a1c9fdd2317740eb3757c73f6\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch5_arm.deb\n Size/MD5 checksum: 216600 12cc9c1b1bab7f88593beb74c38b41d3\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch5_arm.deb\n Size/MD5 checksum: 197650 7d919d6bdcc6195b5473bbb00fe99a0a\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch5_arm.deb\n Size/MD5 checksum: 1527196 ec5fb45c723c0387289983105030b150\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch5_arm.deb\n Size/MD5 checksum: 791090 3367af9fa3a33f0a1b3a2616d005e0dd\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch5_arm.deb\n Size/MD5 checksum: 1882088 235fa4ad2fb7b352d387d5ba48bcd845\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch5_arm.deb\n Size/MD5 checksum: 1859330 f324c81cbda73ecd194f9c002ecb3551\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch5_arm.deb\n Size/MD5 checksum: 219638 085774027df16e13c4c8244d8d771d0a\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch5_arm.deb\n Size/MD5 checksum: 1794398 d190b884d8ee3bc66c482d5f68055616\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch5_arm.deb\n Size/MD5 checksum: 215908 72e9b106ece245d3485c4963c2e14514\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch5_arm.deb\n Size/MD5 checksum: 198046 450c2d593a6b332ab3fddd4e135a9e22\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch5_arm.deb\n Size/MD5 checksum: 196952 3b2a4270dfd28a6f10e441e285e35dd4\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch5_arm.deb\n Size/MD5 checksum: 991808 15112818e7af2949f847ac981a5330e9\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch5_arm.deb\n Size/MD5 checksum: 236166 48bf6739338e01a9046c058af1d0c612\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch5_arm.deb\n Size/MD5 checksum: 287836 f7fc6fadfaab0cc9b7815c3d65b98809\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch5_arm.deb\n Size/MD5 checksum: 697482 53eac2e37036cadc8e53b104cc2b8d14\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch5_arm.deb\n Size/MD5 checksum: 365562 4a0b61f5b9d7761e017a0d14e0657f86\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch5_hppa.deb\n Size/MD5 checksum: 1881144 1eaf5fb445d24b7e4b38b8545c0b198f\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch5_hppa.deb\n Size/MD5 checksum: 333686 5b6d3a8c4cfe94c0b3f439ec3fad0657\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch5_hppa.deb\n Size/MD5 checksum: 218214 cf6ef5139e499da83bb66c6acd8d1b82\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch5_hppa.deb\n Size/MD5 checksum: 218268 3ba7b7b69d9d34663738d0498de4d7a5\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch5_hppa.deb\n Size/MD5 checksum: 395710 608441a3ef2a5deffbf43f757dd1a4e4\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch5_hppa.deb\n Size/MD5 checksum: 217898 44697461227286b83ac34c6d40ae552e\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch5_hppa.deb\n Size/MD5 checksum: 888388 6b3e8516605dd71a7a14ea16b2a3abd1\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch5_hppa.deb\n Size/MD5 checksum: 237616 2cdead15426999541ce00bacc5502b66\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch5_hppa.deb\n Size/MD5 checksum: 1856116 932916f937a9898f3576ff6926529b16\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch5_i386.deb\n Size/MD5 checksum: 719382 bf56c8d1116cb0feea9900e9ef1b43e0\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch5_i386.deb\n Size/MD5 checksum: 1853230 c2d30ddfb3e59273116e3b2f6b8e3fe6\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch5_i386.deb\n Size/MD5 checksum: 198126 c66917166067ab139a0f58d00d1f40eb\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch5_i386.deb\n Size/MD5 checksum: 757150 5f3088042bc9f3049b0906b37fc31006\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch5_i386.deb\n Size/MD5 checksum: 236584 946d51a9ef132856eaff67c4f4c0162f\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch5_i386.deb\n Size/MD5 checksum: 197876 04bdfe45af02628c3f17b0b758c9f564\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch5_i386.deb\n Size/MD5 checksum: 346084 66ce83689e51aca96ca34391a92131d7\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch5_i386.deb\n Size/MD5 checksum: 218366 e1d88dd7d41132ea31f828889f748c58\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch5_i386.deb\n Size/MD5 checksum: 215930 08cd2b6508e281fb9dae03e9ea2963ae\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch5_i386.deb\n Size/MD5 checksum: 1755610 ab0b4a99849d0fe3db5de974604901da\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch5_i386.deb\n Size/MD5 checksum: 1538914 9eeb903b69453e47d1328afd487d33c6\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch5_i386.deb\n Size/MD5 checksum: 216872 a5424f035f53bb03333fda131ccc68f4\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch5_i386.deb\n Size/MD5 checksum: 198540 2bf51f7534fb8c0a569c72fc68587764\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch5_i386.deb\n Size/MD5 checksum: 216606 cbe35c04621712f1c43110f245b1e5fc\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch5_i386.deb\n Size/MD5 checksum: 310342 124fc930f89480a61f237795483eaf62\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch5_i386.deb\n Size/MD5 checksum: 293860 c29b7d97460d0294212abdbe2431d610\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch5_i386.deb\n Size/MD5 checksum: 1864550 c5f6d6d154620c7686fd455ed6d5aeb8\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch5_i386.deb\n Size/MD5 checksum: 1000878 2ac28d3a8923af0e846794cbfdd969ef\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch5_ia64.deb\n Size/MD5 checksum: 1024768 de539c70fc9564a3a7ad078ed83a3902\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch5_ia64.deb\n Size/MD5 checksum: 351644 25af9efbef77c16293991b4fa6f1fd31\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch5_ia64.deb\n Size/MD5 checksum: 1096002 359cd681be6ed978ceaa0712858ffb51\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch5_ia64.deb\n Size/MD5 checksum: 220944 0416c76ad81babf6a6d9067ac6dcd516\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch5_ia64.deb\n Size/MD5 checksum: 203688 b70872f5d07eaf9676524d1e6cbe731a\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch5_ia64.deb\n Size/MD5 checksum: 351482 a3987d0f0e8141080546c907b2e6b100\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch5_ia64.deb\n Size/MD5 checksum: 1864760 fd37cfa912e4398ca3262056a6de162a\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch5_ia64.deb\n Size/MD5 checksum: 331010 02dc2b5d9d374009b68f93e735cd13c0\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch5_ia64.deb\n Size/MD5 checksum: 202736 9416b09262f796fc83746d476af53652\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch5_ia64.deb\n Size/MD5 checksum: 1862126 a06b4329bb448568111b6c40b127b5bf\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch5_ia64.deb\n Size/MD5 checksum: 201768 3cc7968a63213cad4c8ab56781dcc84d\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch5_ia64.deb\n Size/MD5 checksum: 220936 b3270e468d6f4d3d2bdc7aae53354155\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch5_ia64.deb\n Size/MD5 checksum: 220408 f26d999c8e8fcb22c157bb8acf2579ef\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch5_ia64.deb\n Size/MD5 checksum: 218902 e6ee98e72b2c798f46f1f4904c926006\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch5_ia64.deb\n Size/MD5 checksum: 972062 2e2cdf6fbe324327952bc6b05f1cb3e6\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch5_ia64.deb\n Size/MD5 checksum: 236646 53127cd06df83d47f068a461acae5f87\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch5_ia64.deb\n Size/MD5 checksum: 2226252 a839b7104fac27d959ce1435a9cff6a1\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch5_ia64.deb\n Size/MD5 checksum: 1896228 7d52bc4b253279d266d0be6bc0177626\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch5_mips.deb\n Size/MD5 checksum: 301974 ac50f9c5ecc2a8172bb55deab7539134\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch5_mips.deb\n Size/MD5 checksum: 1851206 3bebd99ba13e763e818194632dbada68\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch5_mips.deb\n Size/MD5 checksum: 196938 278cdfda74ff02ec7d49c9b8e2e18702\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch5_mips.deb\n Size/MD5 checksum: 216396 c7583deee980bc01c5bbfc6c0cdcaa6b\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch5_mips.deb\n Size/MD5 checksum: 1862270 5a37baa43400fee22849c6d948e5323b\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch5_mips.deb\n Size/MD5 checksum: 874708 e0e9fa683fc0d613236128352e865e3a\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch5_mips.deb\n Size/MD5 checksum: 197854 7c30568ac89df49228f27ebba0d331a1\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch5_mips.deb\n Size/MD5 checksum: 372496 c90381498c987587ef3a92e2f37145df\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch5_mips.deb\n Size/MD5 checksum: 216264 02a4b2f78398b2fb1f14e60a7024acd0\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch5_mips.deb\n Size/MD5 checksum: 1085034 cb03dc474b0bc32197e41737402acfa0\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch5_mips.deb\n Size/MD5 checksum: 215540 b0742f62bf75a486c2e23129d756ff9c\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch5_mips.deb\n Size/MD5 checksum: 218246 a52b2e998f6b4a1adb20a587083881ee\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch5_mips.deb\n Size/MD5 checksum: 1540570 8a5e70ecef4da6cc1cfcfbab2768223a\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch5_mips.deb\n Size/MD5 checksum: 1680678 d9f374148a544ca1e7b2a207932930d4\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch5_mips.deb\n Size/MD5 checksum: 236432 0ace32fea4a7ebdcbdfdca85adf0da2b\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch5_mips.deb\n Size/MD5 checksum: 281802 b4ffd26a3bf2f88a4f8901294d455bd4\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch5_mips.deb\n Size/MD5 checksum: 197728 8f5e803d3a1f0a30b4de5442e8fede95\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch5_mips.deb\n Size/MD5 checksum: 802602 c12814537678654dd922dd707d32a6ce\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch5_mipsel.deb\n Size/MD5 checksum: 215718 affdf4233ebef026f83c7e4fbe3d50b5\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch5_mipsel.deb\n Size/MD5 checksum: 218420 86460cfb0189c33600bb8444e0423ebf\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch5_mipsel.deb\n Size/MD5 checksum: 1838084 87085502ca401ce0eaa4fbceee00e571\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch5_mipsel.deb\n Size/MD5 checksum: 368096 f27ac88823b7fb50f36d59b9dc5b5199\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch5_mipsel.deb\n Size/MD5 checksum: 1830628 87b4e403596a8a19040aee9b7fdba050\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch5_mipsel.deb\n Size/MD5 checksum: 197990 e7779a32b7a1d57234ca78f02f44bd5d\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch5_mipsel.deb\n Size/MD5 checksum: 858954 efa32af962feb8f82ce19606d27eb5a9\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch5_mipsel.deb\n Size/MD5 checksum: 1060410 6e605192433f107304185acea33f1f82\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch5_mipsel.deb\n Size/MD5 checksum: 216476 878f284e76a5f24bc9d917fcb7b2bfd1\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch5_mipsel.deb\n Size/MD5 checksum: 216620 d56b995863a742cdf09bd8023c2df68f\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch5_mipsel.deb\n Size/MD5 checksum: 793624 3e831d705f1050a07ae03f6100df072b\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch5_mipsel.deb\n Size/MD5 checksum: 1668194 ee25b3200a5cc2fb32a60505054c288a\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch5_mipsel.deb\n Size/MD5 checksum: 197396 b53d519e6bbc43856314c947ef98c971\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch5_mipsel.deb\n Size/MD5 checksum: 235948 50ca9724abd369eea5afd1a156596feb\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch5_mipsel.deb\n Size/MD5 checksum: 1538648 240ebc15b70d8c499b4e8feabba1f7ec\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch5_mipsel.deb\n Size/MD5 checksum: 198344 76185d4dc12b82856fa5d71f65405151\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch5_mipsel.deb\n Size/MD5 checksum: 279568 8fecd76f186919c95959915dee537a2d\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch5_mipsel.deb\n Size/MD5 checksum: 299818 22a2cab47a1f6f6b422311f1afaf4ba6\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch5_powerpc.deb\n Size/MD5 checksum: 1599042 794688eb99eef65a4693abd0d7020fa1\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch5_powerpc.deb\n Size/MD5 checksum: 1865468 5c127fe057a1196b94875f26653bccc9\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch5_powerpc.deb\n Size/MD5 checksum: 777718 f59d396e7ee4adcf5788a6419f8dd6fb\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch5_powerpc.deb\n Size/MD5 checksum: 1103754 b3f2132f0d9d67056636619676a2b172\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch5_powerpc.deb\n Size/MD5 checksum: 199962 78435574f3763e7ecf0981c515a5fa13\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch5_powerpc.deb\n Size/MD5 checksum: 1816886 949bd5c797746265e04721cdd22678a0\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch5_powerpc.deb\n Size/MD5 checksum: 199650 61bcf30ac7f7b16a6b42885fab274ec0\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch5_powerpc.deb\n Size/MD5 checksum: 218550 4ce0f3e742da9a2533b8b86aef414f27\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch5_powerpc.deb\n Size/MD5 checksum: 718320 f1658a02e83d1f4162d36805bc43473c\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch5_powerpc.deb\n Size/MD5 checksum: 294370 8563d69c2998909435e34a784d0ca476\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch5_powerpc.deb\n Size/MD5 checksum: 373440 798e970be9efc2eda4b771c1ffff06e5\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch5_powerpc.deb\n Size/MD5 checksum: 221008 1b899377c03fa241c68ba408e020d6d9\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch5_powerpc.deb\n Size/MD5 checksum: 1875404 98b793fbdc8e6457e992c522d7af49c8\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch5_powerpc.deb\n Size/MD5 checksum: 313072 1dc741f297942959be3969bd7359e1d7\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch5_powerpc.deb\n Size/MD5 checksum: 218796 db71d4ddc4f220262b9e5932960ce56d\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch5_powerpc.deb\n Size/MD5 checksum: 217924 17a3ec533709db96adfc0d94c181b02c\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch5_powerpc.deb\n Size/MD5 checksum: 200206 0ee2e9403f2b61abdd5547b82909338b\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch5_powerpc.deb\n Size/MD5 checksum: 238924 4a457f0a91c8b6e8df2452ab55f744db\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch5_s390.deb\n Size/MD5 checksum: 199726 65954efc613c738912736c39cb973c28\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch5_s390.deb\n Size/MD5 checksum: 235824 7132e9d5f8a7c936bd5e2d115c3b8dff\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch5_s390.deb\n Size/MD5 checksum: 1052480 78fcc05d557667585aadf10545ae337f\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch5_s390.deb\n Size/MD5 checksum: 1839206 b558d6eb710ff1f07d6794e962ca2d16\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch5_s390.deb\n Size/MD5 checksum: 779860 f1afef65be2984c81465147c65e4f5f8\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch5_s390.deb\n Size/MD5 checksum: 218330 1f444328a2a12617cb735bd7fc51f7e2\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch5_s390.deb\n Size/MD5 checksum: 328020 f10092e2c227380db99152b30d63c82e\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch5_s390.deb\n Size/MD5 checksum: 371766 c51b8650ad00d45b5b4cc7eb1fc0ed26\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch5_s390.deb\n Size/MD5 checksum: 884768 51a687f2ee9c574deffec24395c4f03c\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch5_s390.deb\n Size/MD5 checksum: 198930 d11d77db1cec9a09b0b0452df86dcbe9\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch5_s390.deb\n Size/MD5 checksum: 1856282 9096fab40d73922efb6420a25b0fbaa7\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch5_s390.deb\n Size/MD5 checksum: 199246 6981bb5d2a001261c74faded2415b087\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch5_s390.deb\n Size/MD5 checksum: 217852 4b8b2f4ef935d7f64de0fba875f6b61e\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch5_s390.deb\n Size/MD5 checksum: 1620792 07587a28b3b92d8ea099e1ab0812e2c0\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch5_s390.deb\n Size/MD5 checksum: 217798 24304a0ca4b82732563798d352601c30\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch5_s390.deb\n Size/MD5 checksum: 218298 17150a990aa8d2dd515b1e0b7ad2ec65\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch5_s390.deb\n Size/MD5 checksum: 305682 c4799de82526b3718a55f0f27475ec0a\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch5_s390.deb\n Size/MD5 checksum: 1850246 e60b5e5c7c0e8612db63c75db06fc7a6\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72.orig.tar.gz\n Size/MD5 checksum: 4805594 5e5b7189674b3a7f69401284f6a7a36d\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2.orig.tar.gz\n Size/MD5 checksum: 6407910 2a848b81ed1d6393b88eec8aa6173b75\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1.diff.gz\n Size/MD5 checksum: 50437 b176db79acaea95b6263c3971e2bda49\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1.dsc\n Size/MD5 checksum: 1641 ee8fab4977d9a8ceeb4d54d8f801983a\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1.dsc\n Size/MD5 checksum: 1667 b9f34023c78ac97a7bfeb71919a21faa\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1.diff.gz\n Size/MD5 checksum: 53625 d9974ae779b6c65077141cf8522912ee\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/irb1.9_1.9.0.2-9lenny1_all.deb\n Size/MD5 checksum: 474392 0e46640cd57c61869af57e9313bcce50\n http://security.debian.org/pool/updates/main/r/ruby1.9/ri1.9_1.9.0.2-9lenny1_all.deb\n Size/MD5 checksum: 1431978 9bb7a68928048b7688f75c9eedb6a17b\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-examples_1.9.0.2-9lenny1_all.deb\n Size/MD5 checksum: 481818 4eda15071b908b855b51ab101da6927d\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-elisp_1.9.0.2-9lenny1_all.deb\n Size/MD5 checksum: 449352 db6093b7d6350cb1a7d1483825b4187b\n http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.7.72-3lenny1_all.deb\n Size/MD5 checksum: 378512 22c353a878ab290a440b2ad3527bddf8\n http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.7.72-3lenny1_all.deb\n Size/MD5 checksum: 304454 ea1fb3987035a3cf40739a44ca6e3133\n http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.7.72-3lenny1_all.deb\n Size/MD5 checksum: 1410008 e6fd2021bd625212a9eb86a3853e9f44\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.7.72-3lenny1_all.deb\n Size/MD5 checksum: 308396 3c1217cfaaebd3d72bb696c3d309a6fb\n http://security.debian.org/pool/updates/main/r/ruby1.9/rdoc1.9_1.9.0.2-9lenny1_all.deb\n Size/MD5 checksum: 536898 a183ca85e9b28a2655b5cfd5407fcc8c\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.7.72-3lenny1_all.deb\n Size/MD5 checksum: 278076 eaed4e326f77664ecd3824c0e749ee89\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-9lenny1_alpha.deb\n Size/MD5 checksum: 2170498 658a6c3b2a189f235241ca8de18896a7\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-9lenny1_alpha.deb\n Size/MD5 checksum: 436052 7e20db2859890b29eb3174d12da9f60e\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3lenny1_alpha.deb\n Size/MD5 checksum: 1027272 3d63a820f86b382b0d9e464434472fb2\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3lenny1_alpha.deb\n Size/MD5 checksum: 1992626 7f766f5e2ec5d90a5372028a35e6e843\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3lenny1_alpha.deb\n Size/MD5 checksum: 265266 99f3e207e7dbe0de5051fc7678f30be3\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1_alpha.deb\n Size/MD5 checksum: 452316 93e4ec41b79e9e68384d380ccd238491\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-9lenny1_alpha.deb\n Size/MD5 checksum: 1560750 9f361cf1699275ce1d7726d6816e31fd\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1_alpha.deb\n Size/MD5 checksum: 283886 5c6d350272f76f9de4ef47c8a6f212a6\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3lenny1_alpha.deb\n Size/MD5 checksum: 266008 32bb3977ad4ef2d5e88d72f23a7b31eb\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3lenny1_alpha.deb\n Size/MD5 checksum: 389266 c54b52e25d3430eff61e0f0d3fb59f59\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3lenny1_alpha.deb\n Size/MD5 checksum: 265132 8488c9596ae28e2e37057e8899a87966\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-9lenny1_alpha.deb\n Size/MD5 checksum: 556932 1ff753305f7f898665afe08a17ad8515\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-9lenny1_alpha.deb\n Size/MD5 checksum: 436310 ee21d63b28693086a557e2c0ac8b9be0\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.7.72-3lenny1_alpha.deb\n Size/MD5 checksum: 1782616 a2fae9855ca79ee5bc81a3bb730c3c3e\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0.2-9lenny1_alpha.deb\n Size/MD5 checksum: 2737390 34a9d2b4ad58d6816055adb643f07f39\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3lenny1_alpha.deb\n Size/MD5 checksum: 1486516 ff2e2e3c32b02a60f73af3e822f5c231\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-9lenny1_alpha.deb\n Size/MD5 checksum: 436678 b6fb5d508066c835d4f6995a23828c66\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-9lenny1_alpha.deb\n Size/MD5 checksum: 2434114 cdb52100bd3a4442da1fbc350ade1dae\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3lenny1_amd64.deb\n Size/MD5 checksum: 1989446 ac05b5efce7210333696e670a148dc48\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-9lenny1_amd64.deb\n Size/MD5 checksum: 2187796 9609d888198d0d8040404fdd620fef4c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-9lenny1_amd64.deb\n Size/MD5 checksum: 2521292 2d26ac7d2bd5e0c8d4d4c99eb4923f42\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3lenny1_amd64.deb\n Size/MD5 checksum: 1541882 86ab4d1c491ca21bed03db7d5176a74c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-9lenny1_amd64.deb\n Size/MD5 checksum: 435910 3e03d7455bbead1e665a25b1b8e573a3\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.7.72-3lenny1_amd64.deb\n Size/MD5 checksum: 1737962 628155bdcdc1801322ebbeeb20414e02\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3lenny1_amd64.deb\n Size/MD5 checksum: 264680 f8ee28ac6ce54cc3e33d1282d1d7998f\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-9lenny1_amd64.deb\n Size/MD5 checksum: 1362962 e87c9ae5f9e37b4fedfbf505c638d524\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3lenny1_amd64.deb\n Size/MD5 checksum: 866050 fba0e0da08ee4185a2be7322881b952e\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3lenny1_amd64.deb\n Size/MD5 checksum: 265926 5dc981f852a83b993326bbc897cdb327\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-9lenny1_amd64.deb\n Size/MD5 checksum: 560664 59fb382a87713f280bebd0f0ba4aaa7f\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1_amd64.deb\n Size/MD5 checksum: 282858 739f9b1ccd3979ebec77383034602d4c\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3lenny1_amd64.deb\n Size/MD5 checksum: 392634 70fdc8415b8bee75947f8ed2a9153b12\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1_amd64.deb\n Size/MD5 checksum: 451966 72ca4369a65e8bd2e90102bc373f5e8a\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-9lenny1_amd64.deb\n Size/MD5 checksum: 436636 54799e30d424bc0bb8114b8863ebebee\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-9lenny1_amd64.deb\n Size/MD5 checksum: 435734 ffb5bebd508202cb29ee5522d006accd\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3lenny1_amd64.deb\n Size/MD5 checksum: 265140 9697ff8d4383fea210cd45fb8825fd70\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0.2-9lenny1_amd64.deb\n Size/MD5 checksum: 2694820 f85531789f28d2c6a18b23f66830fc5c\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3lenny1_arm.deb\n Size/MD5 checksum: 263872 cc5bf5946501b9113227d797f89ad0ad\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3lenny1_arm.deb\n Size/MD5 checksum: 1446348 44151de05f902d496a0c15ef84a1c97a\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3lenny1_arm.deb\n Size/MD5 checksum: 814206 3c7a4e7169e6040cb33e8b877a37515e\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3lenny1_arm.deb\n Size/MD5 checksum: 2008878 79b1f7e2a7e9fd797d9d1a90bd1927b8\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3lenny1_arm.deb\n Size/MD5 checksum: 263560 59380ce9bd732d58d2f5a1e65b17a337\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0.2-9lenny1_arm.deb\n Size/MD5 checksum: 2499866 a83df6c0ad4c2e8865453248e813b40e\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-9lenny1_arm.deb\n Size/MD5 checksum: 2326624 755d58faef0dcc015d6a76f8da13f6d5\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-9lenny1_arm.deb\n Size/MD5 checksum: 538790 72b43a23aba33b546fb262bed1327abd\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-9lenny1_arm.deb\n Size/MD5 checksum: 1257424 2a24fc52e95a498fae0005314808c148\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-9lenny1_arm.deb\n Size/MD5 checksum: 2181018 8bc49c9e26e4424cac851f2ace30e241\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-9lenny1_arm.deb\n Size/MD5 checksum: 434980 dad8509eec03572f66bc211bfa966381\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1_arm.deb\n Size/MD5 checksum: 283074 2dfb4ad94a5e2b935fbf0c98d59bc503\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3lenny1_arm.deb\n Size/MD5 checksum: 378206 5a23f0e6d109e9d2105873a394e123a0\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.7.72-3lenny1_arm.deb\n Size/MD5 checksum: 1673786 1e433ddb725aec6f0d2d0431efae2ffb\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-9lenny1_arm.deb\n Size/MD5 checksum: 435034 c250e05f62eea4af231227b2daf2f83a\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1_arm.deb\n Size/MD5 checksum: 453382 3a31eaa5e41035aad6767474aff3b9e4\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3lenny1_arm.deb\n Size/MD5 checksum: 263020 9597792e019b76cbf8f7f1f0a05daaa8\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-9lenny1_arm.deb\n Size/MD5 checksum: 434154 37bd0b15e0c627288173b3301c0e7a94\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-9lenny1_armel.deb\n Size/MD5 checksum: 434990 35508e5deab86776ef443af174dc32aa\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3lenny1_armel.deb\n Size/MD5 checksum: 264386 7379bdedeea23d589b19ea0f2575a0de\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-9lenny1_armel.deb\n Size/MD5 checksum: 2340788 897b051492c475124eb2b0dd39b233ab\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-9lenny1_armel.deb\n Size/MD5 checksum: 1264582 8ad695dc3ca783baaebe847e70b76517\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3lenny1_armel.deb\n Size/MD5 checksum: 820056 1e38e71b02597e8ce81bb65e4cab3503\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3lenny1_armel.deb\n Size/MD5 checksum: 263974 6878d74ef368c6cbb73e8996cd37247f\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.7.72-3lenny1_armel.deb\n Size/MD5 checksum: 1682486 4f1e26706ac2d4d2e481e5bb507ff1b0\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3lenny1_armel.deb\n Size/MD5 checksum: 379176 bef6d43d92b3c12eb7970a85c1c85a74\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1_armel.deb\n Size/MD5 checksum: 452308 6d0bf869ae132dd3f9182dd6a6850bda\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-9lenny1_armel.deb\n Size/MD5 checksum: 434412 5bb5ed062e9d959e1a7fec50700c08ff\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-9lenny1_armel.deb\n Size/MD5 checksum: 544832 0528e80681fb0cd32fb4909465936d2f\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-9lenny1_armel.deb\n Size/MD5 checksum: 2179862 9eda0cd0a2605cea2b8ebe0238f4813b\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-9lenny1_armel.deb\n Size/MD5 checksum: 435140 ae8ed6096b2999ff7578aa7134ba35bf\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1_armel.deb\n Size/MD5 checksum: 283162 a99b701b6e8e51321bcf7a564dc2c917\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3lenny1_armel.deb\n Size/MD5 checksum: 2003924 f92e561401fa4d75ee5db8dcf35f3701\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3lenny1_armel.deb\n Size/MD5 checksum: 263518 452cdd79d0d5b83268c90b8605435716\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0.2-9lenny1_armel.deb\n Size/MD5 checksum: 2506890 a741d58b2c3c376f0a08458dfe55b1e9\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3lenny1_armel.deb\n Size/MD5 checksum: 1456988 afd04b67f5e764709bfbd45e682a4a2c\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3lenny1_hppa.deb\n Size/MD5 checksum: 1509392 4f4e758434b917a10362f6ebfd754c58\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1_hppa.deb\n Size/MD5 checksum: 283444 f9d9114bea16ac326a3d7ffece338e24\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3lenny1_hppa.deb\n Size/MD5 checksum: 404622 c1cf3f99c2b6fd413db47eb6f32704b4\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3lenny1_hppa.deb\n Size/MD5 checksum: 932234 49b63847776b88a75b91fc8c56eb660b\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3lenny1_hppa.deb\n Size/MD5 checksum: 265594 5dd272a47fb2778a03290e16de56919b\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3lenny1_hppa.deb\n Size/MD5 checksum: 266126 7fb2f132ca2e9496927cd6b3cf4b996f\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3lenny1_hppa.deb\n Size/MD5 checksum: 265324 3986d6bff8620e5a9538ab961a13dd29\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.7.72-3lenny1_hppa.deb\n Size/MD5 checksum: 1807378 5449167da8508d7eb6719e8e9942d519\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3lenny1_hppa.deb\n Size/MD5 checksum: 2016518 20922e5e35cf81a42930d3429e5f7058\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-9lenny1_i386.deb\n Size/MD5 checksum: 435492 bc971a776f87ad0a34fb4f5817546360\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-9lenny1_i386.deb\n Size/MD5 checksum: 2174782 862da330e681290fd870b50581454d17\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3lenny1_i386.deb\n Size/MD5 checksum: 1448898 d01cda762af82e639be488de872738ab\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3lenny1_i386.deb\n Size/MD5 checksum: 264712 df9ea6fdead207738cf353d93244c308\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1_i386.deb\n Size/MD5 checksum: 452186 f66d0514c262e3ae88fa42edc3dd1732\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3lenny1_i386.deb\n Size/MD5 checksum: 263846 b2978963f37844f3a6044ffc25dd1f9c\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3lenny1_i386.deb\n Size/MD5 checksum: 378588 68d3bcf256702167fca19d689ba10e0c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-9lenny1_i386.deb\n Size/MD5 checksum: 435116 a20f5ac6cfb2d2666eba58458a9a854d\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3lenny1_i386.deb\n Size/MD5 checksum: 263564 e3f86af4c0db7384a5ce3349598557fb\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-9lenny1_i386.deb\n Size/MD5 checksum: 1310038 00afb0eff2ce23eecb63b8452cdba7f7\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-9lenny1_i386.deb\n Size/MD5 checksum: 434844 1ae9967dfd597ae8aa3b838a3d7e33a7\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-9lenny1_i386.deb\n Size/MD5 checksum: 2329338 4b26c9cfcc4bd214f9c7ced72c1de45b\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3lenny1_i386.deb\n Size/MD5 checksum: 824762 a4efdf9dcf2d2187e31a46a05060dfa9\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1_i386.deb\n Size/MD5 checksum: 283524 d7086ed4eb7e99ec76df318d1e8a421c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-9lenny1_i386.deb\n Size/MD5 checksum: 545646 795fdc7c12ab66721ae5fc7fc4e5353f\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3lenny1_i386.deb\n Size/MD5 checksum: 1996318 b4ce32eb0c4723fa0c7e1f3e6e9ade0e\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0.2-9lenny1_i386.deb\n Size/MD5 checksum: 2553242 901952b2e983e310f2592708d2ab7cad\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.7.72-3lenny1_i386.deb\n Size/MD5 checksum: 1674552 b916f4042c77ce78132458d65f94d0c0\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-9lenny1_ia64.deb\n Size/MD5 checksum: 1720524 8de8786acccb3318aa816fb855d490fc\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.7.72-3lenny1_ia64.deb\n Size/MD5 checksum: 2067858 a027276d17ced6101781250298241dbc\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-9lenny1_ia64.deb\n Size/MD5 checksum: 2320022 5ea0aea1ea435e7ec77c34144e43b011\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1_ia64.deb\n Size/MD5 checksum: 284358 bbe9c6b17149fd1705e52c0c4a284453\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0.2-9lenny1_ia64.deb\n Size/MD5 checksum: 3219334 28fb3e8010c2bbe0edaee8bf1cafc63c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-9lenny1_ia64.deb\n Size/MD5 checksum: 438806 8b4aee340c4202a812bcf5f6697201fa\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-9lenny1_ia64.deb\n Size/MD5 checksum: 599598 be54f2a588d51eba69cd9698d67e42f6\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3lenny1_ia64.deb\n Size/MD5 checksum: 269488 814400984160e1f696b34b82bbe4d92f\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3lenny1_ia64.deb\n Size/MD5 checksum: 268586 59b69853a7a87384b1b1983756d1c316\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3lenny1_ia64.deb\n Size/MD5 checksum: 1103032 ca262a6f756cdb2ec6d83e2baa3c3866\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3lenny1_ia64.deb\n Size/MD5 checksum: 2018086 3d97e2f88a2c830e936b2bd1630fc4ef\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3lenny1_ia64.deb\n Size/MD5 checksum: 267488 1a42fc58fd861242eae9791efc654cfc\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-9lenny1_ia64.deb\n Size/MD5 checksum: 439158 e17defba5b5722a0a50561e32b85efb5\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3lenny1_ia64.deb\n Size/MD5 checksum: 427384 efd566508ad6ce4e6ce9f076d5884267\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-9lenny1_ia64.deb\n Size/MD5 checksum: 2197890 93956fc527dccea00c4cf8f80b9f0967\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3lenny1_ia64.deb\n Size/MD5 checksum: 1402658 08b88e23c45ab2ab83a14220fcf1846c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-9lenny1_ia64.deb\n Size/MD5 checksum: 439942 ff33774ef8af0b6946f9e101d9010673\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1_ia64.deb\n Size/MD5 checksum: 452866 9937603ef0ffd6f28ca7ad93fcdb1665\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3lenny1_mips.deb\n Size/MD5 checksum: 913054 fd6269357b7e533513aeea701d3879ec\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3lenny1_mips.deb\n Size/MD5 checksum: 264642 e4ac152602575f7aaa4b344a133e38b1\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3lenny1_mips.deb\n Size/MD5 checksum: 1984172 76a86aae5187496960d64afed56afd8b\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0.2-9lenny1_mips.deb\n Size/MD5 checksum: 2420648 2b4a5c54e701ca111b190fc67ccc523b\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-9lenny1_mips.deb\n Size/MD5 checksum: 533440 b5190771a274a77fd3d34be82c40601b\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-9lenny1_mips.deb\n Size/MD5 checksum: 434982 6549c66a1c45b8e8a61a3701b05e7936\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-9lenny1_mips.deb\n Size/MD5 checksum: 1420906 7d6bcd9013050006b5ce98b40c2f812d\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3lenny1_mips.deb\n Size/MD5 checksum: 263864 7cb3766ceed5a068bbabc62498017455\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.7.72-3lenny1_mips.deb\n Size/MD5 checksum: 1668950 9778d4110efb8a7ab70756d701947a22\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3lenny1_mips.deb\n Size/MD5 checksum: 1545228 73cb3e438eb4e3301b861b1ba296ffb1\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-9lenny1_mips.deb\n Size/MD5 checksum: 2459346 c0015a0fb3f6a7749aa413fb0af9b1ee\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-9lenny1_mips.deb\n Size/MD5 checksum: 434712 103ef06507551e80c67af05fbfa0409f\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3lenny1_mips.deb\n Size/MD5 checksum: 365480 4f2e13c381c6e20479d364c3590912f3\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1_mips.deb\n Size/MD5 checksum: 283836 4c8ceca544c5103965ef9a9151a221a1\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-9lenny1_mips.deb\n Size/MD5 checksum: 2160366 4f68f563f448d43ea16c44420772932d\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1_mips.deb\n Size/MD5 checksum: 452208 7cd5446abd0a5692b532e11cf1a5d566\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3lenny1_mips.deb\n Size/MD5 checksum: 263710 0b2ed4cca67a67287401e25c6cd8e88c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-9lenny1_mips.deb\n Size/MD5 checksum: 435410 9f26090f302bcac56a1325c771ca86f2\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3lenny1_mipsel.deb\n Size/MD5 checksum: 1510996 859e1681cddef5805c33cc2b887e4ed8\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-9lenny1_mipsel.deb\n Size/MD5 checksum: 532508 486b870e2edda9d54a2994dd09aa7b42\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3lenny1_mipsel.deb\n Size/MD5 checksum: 364472 53c4af400bbafda6d30ceef9a117c356\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-9lenny1_mipsel.deb\n Size/MD5 checksum: 434708 090d7afdbad592a801ac0fd95b64b2fc\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-9lenny1_mipsel.deb\n Size/MD5 checksum: 435410 370e179b1b0266b1ba42defa952c95b8\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3lenny1_mipsel.deb\n Size/MD5 checksum: 263834 8416a54dc90810a68b4c805e6af5ab64\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.7.72-3lenny1_mipsel.deb\n Size/MD5 checksum: 1667430 c94096ddd3307c100c6c59042d72b218\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1_mipsel.deb\n Size/MD5 checksum: 452218 ef700798c7a215cb01386dc86a150cf9\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0.2-9lenny1_mipsel.deb\n Size/MD5 checksum: 2436280 8616d2978326a017dcc3d39e835dcae9\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3lenny1_mipsel.deb\n Size/MD5 checksum: 902974 d3c0cf68a46bc98cb69083247d9861fb\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3lenny1_mipsel.deb\n Size/MD5 checksum: 263736 6370313380fe68d4dc5e72894276ef29\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3lenny1_mipsel.deb\n Size/MD5 checksum: 264658 90b2b6cf8342c91cfc0259836ef75dd5\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3lenny1_mipsel.deb\n Size/MD5 checksum: 1984196 76fe356dba6e3de10fb0277f755fcd74\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1_mipsel.deb\n Size/MD5 checksum: 283830 c1e4fea2c9b15f4512bed3598a8aba44\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-9lenny1_mipsel.deb\n Size/MD5 checksum: 1404910 bb6f4107b68ee8ca468ccec94b5cea1d\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-9lenny1_mipsel.deb\n Size/MD5 checksum: 2399648 506e1c0e117ae22138ab304aba617473\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-9lenny1_mipsel.deb\n Size/MD5 checksum: 434920 6e07409e02ae64cac50c1dfe021fac11\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-9lenny1_mipsel.deb\n Size/MD5 checksum: 2160410 119ffb63a253aad295235195efeb1c04\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1_powerpc.deb\n Size/MD5 checksum: 285696 7dff45df22f251a361890f84dd12b1f1\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1_powerpc.deb\n Size/MD5 checksum: 455238 6550ed5501c9728c49630a60d2104089\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3lenny1_powerpc.deb\n Size/MD5 checksum: 267654 8e556e91120628519e2498b6d5a6494b\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.7.72-3lenny1_powerpc.deb\n Size/MD5 checksum: 1778978 3d30344100c9e444f0928eeb362ae46f\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3lenny1_powerpc.deb\n Size/MD5 checksum: 266514 785cc0db18eab27c26841835dee06825\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3lenny1_powerpc.deb\n Size/MD5 checksum: 393704 da5ff74c3f10c5471a7eb8c4017302ef\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-9lenny1_powerpc.deb\n Size/MD5 checksum: 2500754 c67af37bcb59e629eb505a9b47d21dce\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3lenny1_powerpc.deb\n Size/MD5 checksum: 1544850 2c622631f48cb2afd0c600f525b78207\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-9lenny1_powerpc.deb\n Size/MD5 checksum: 1321078 8cd4776a8d7d570bf648b0f1dbc793f8\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3lenny1_powerpc.deb\n Size/MD5 checksum: 840824 5954a27ffa614c67cf23e1f9a3c89e8a\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-9lenny1_powerpc.deb\n Size/MD5 checksum: 437700 15e53751ebe97e6c6e0aeb7ef4ec00c3\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-9lenny1_powerpc.deb\n Size/MD5 checksum: 560574 94a41637eb2f13a7f10e833562226653\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-9lenny1_powerpc.deb\n Size/MD5 checksum: 438210 2cf782449cb20f0fba1dc81bebc7e32c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-9lenny1_powerpc.deb\n Size/MD5 checksum: 437412 8623f181475032704e07a478ac1564e4\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3lenny1_powerpc.deb\n Size/MD5 checksum: 266646 fd7061eb0cbc37e645f948b07ea5098f\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3lenny1_powerpc.deb\n Size/MD5 checksum: 2012188 d38873973a7350f1b6ee8d5e7d85c5ee\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0.2-9lenny1_powerpc.deb\n Size/MD5 checksum: 2676404 b027a82d71676d2b8eedd32e36b22fcc\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-9lenny1_powerpc.deb\n Size/MD5 checksum: 2188862 2fa10021f08127a03d7e65b215ce974b\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-9lenny1_s390.deb\n Size/MD5 checksum: 1389726 edb4553e097905d8ec3cb18a00664ee3\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-9lenny1_s390.deb\n Size/MD5 checksum: 436258 c5c439bf49965a4cd74c16032cf99317\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.7.72-3lenny1_s390.deb\n Size/MD5 checksum: 1768450 31c4b7c29ca6847aa072ef94d1886c3a\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-9lenny1_s390.deb\n Size/MD5 checksum: 436232 4b0900f6fbeb2d78d512876e91c6ed5e\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3lenny1_s390.deb\n Size/MD5 checksum: 265326 83a288b31d81eb9520f1cba37086e77e\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-9lenny1_s390.deb\n Size/MD5 checksum: 2433192 8670206af47354640a11828470749122\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-9lenny1_s390.deb\n Size/MD5 checksum: 563748 d8059b3559a0e06c4a60d887da9ada54\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1_s390.deb\n Size/MD5 checksum: 452172 1d4accb91e3d7eae8b474d41acdf7e9c\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3lenny1_s390.deb\n Size/MD5 checksum: 894234 f02ede2f023ad9d9c2f0e8a45cd1f291\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1_s390.deb\n Size/MD5 checksum: 283744 5259ef0e9a5f3a84e5af6267db0266b8\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3lenny1_s390.deb\n Size/MD5 checksum: 1993764 166e896e744dec3ba97770d4599ebe40\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3lenny1_s390.deb\n Size/MD5 checksum: 266208 224fe6a72a3e2ac5ad4b228a35385d3f\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3lenny1_s390.deb\n Size/MD5 checksum: 265080 93e0f5ce11af6c0473d0d4b6ca2c9050\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-9lenny1_s390.deb\n Size/MD5 checksum: 2171154 8144e1fafb6eb0c589bf965a78de2fc4\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3lenny1_s390.deb\n Size/MD5 checksum: 397132 6ed3027198557d5412aa1fefe285135c\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3lenny1_s390.deb\n Size/MD5 checksum: 1530082 0ffde31a63ad2b57301ca89a1d1a5780\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-9lenny1_s390.deb\n Size/MD5 checksum: 436828 8c37b24cbb0e030c03eb50edc7072994\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0.2-9lenny1_s390.deb\n Size/MD5 checksum: 2581944 c5353ec17dc5d4d4f333618495db38d1\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1_sparc.deb\n Size/MD5 checksum: 452114 fcff92f12684767e3dbd5bb4ac4037e8\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-9lenny1_sparc.deb\n Size/MD5 checksum: 435148 d7993b4ecc6bb66e87daad0769cde477\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3lenny1_sparc.deb\n Size/MD5 checksum: 1998284 3fd6a40d82afabf5c14514278fe64663\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3lenny1_sparc.deb\n Size/MD5 checksum: 263888 b4b94fd25a8800d37d6f2caccb84e4e3\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-9lenny1_sparc.deb\n Size/MD5 checksum: 1303002 23f44685f4aa09260368dcd677b748b9\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-9lenny1_sparc.deb\n Size/MD5 checksum: 434696 7e3d2cb8e896171ecfd167146acbe1f9\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-9lenny1_sparc.deb\n Size/MD5 checksum: 2164908 eac2869dd57906f77a4852625e3431b1\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-9lenny1_sparc.deb\n Size/MD5 checksum: 435514 45148357d70a5cf009028f7ef530843a\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-9lenny1_sparc.deb\n Size/MD5 checksum: 551252 a3f9475c93e8485c3023c25ed52a033b\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3lenny1_sparc.deb\n Size/MD5 checksum: 383042 1c562032396c0adb1e32ebdf25e1c6b0\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3lenny1_sparc.deb\n Size/MD5 checksum: 1369184 ce552763cadf6e64566e354e9d1cc0be\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.7.72-3lenny1_sparc.deb\n Size/MD5 checksum: 1689814 12502373566cccaabb5145619b9be788\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3lenny1_sparc.deb\n Size/MD5 checksum: 263792 84abb3a751c3d7b67ebdfb0fb7002fe3\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-9lenny1_sparc.deb\n Size/MD5 checksum: 2202156 b4f06c5cd9c6334b2f9ca3477f269120\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3lenny1_sparc.deb\n Size/MD5 checksum: 844066 829c9b37d481a474cc3e6104c11e703c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0.2-9lenny1_sparc.deb\n Size/MD5 checksum: 2524792 6ae5f58a3b8627c6b12ae021d31f1c06\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1_sparc.deb\n Size/MD5 checksum: 283398 c6aced2249503a2ebd3cd9d429736725\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3lenny1_sparc.deb\n Size/MD5 checksum: 264772 77b73fdd32eb10d3b90f21b5bd844609\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 9, "modified": "2009-08-12T19:50:09", "published": "2009-08-12T19:50:09", "id": "DEBIAN:DSA-1860-1:272C6", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00177.html", "title": "[SECURITY] [DSA 1860-1] New Ruby packages fix several issues", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1904", "CVE-2009-4492"], "description": "Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. ", "modified": "2010-01-14T01:27:31", "published": "2010-01-14T01:27:31", "id": "FEDORA:ED49A10FB17", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: ruby-1.8.6.383-6.fc11", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3790", "CVE-2008-5189", "CVE-2009-1904"], "description": "Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. ", "modified": "2009-12-11T18:18:17", "published": "2009-12-11T18:18:17", "id": "FEDORA:1A83510F85C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: ruby-1.8.6.368-2.fc10", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:25:26", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1558", "CVE-2009-1904", "CVE-2009-0642"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1140\n\n\nRuby is an extensible, interpreted, object-oriented, scripting language. It\nhas features to process text files and to do system management tasks.\n\nA flaw was found in the way the Ruby POP module processed certain APOP\nauthentication requests. By sending certain responses when the Ruby APOP\nmodule attempted to authenticate using APOP against a POP server, a remote\nattacker could, potentially, acquire certain portions of a user's\nauthentication credentials. (CVE-2007-1558)\n\nIt was discovered that Ruby did not properly check the return value when\nverifying X.509 certificates. This could, potentially, allow a remote\nattacker to present an invalid X.509 certificate, and have Ruby treat it as\nvalid. (CVE-2009-0642)\n\nA flaw was found in the way Ruby converted BigDecimal objects to Float\nnumbers. If an attacker were able to provide certain input for the\nBigDecimal object converter, they could crash an application using this\nclass. (CVE-2009-1904)\n\nAll Ruby users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-July/028063.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-July/028064.html\n\n**Affected packages:**\nruby\nruby-devel\nruby-docs\nruby-irb\nruby-libs\nruby-mode\nruby-rdoc\nruby-ri\nruby-tcltk\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1140.html", "edition": 3, "modified": "2009-07-02T23:49:01", "published": "2009-07-02T23:49:01", "href": "http://lists.centos.org/pipermail/centos-announce/2009-July/028063.html", "id": "CESA-2009:1140", "title": "ruby security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:46", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1558", "CVE-2009-1904", "CVE-2009-0642"], "description": "[1.8.5-5.el5_3.7]\n- security fixes. (#505087)\n- CVE-2007-1558: APOP password disclosure vulnerability.\n- CVE-2009-0642: Incorrect checks for validity of X.509 certificates.\n- CVE-2009-1904: DoS vulnerability in BigDecimal.", "edition": 4, "modified": "2009-07-02T00:00:00", "published": "2009-07-02T00:00:00", "id": "ELSA-2009-1140", "href": "http://linux.oracle.com/errata/ELSA-2009-1140.html", "title": "ruby security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:44:45", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1558", "CVE-2009-0642", "CVE-2009-1904"], "description": "Ruby is an extensible, interpreted, object-oriented, scripting language. It\nhas features to process text files and to do system management tasks.\n\nA flaw was found in the way the Ruby POP module processed certain APOP\nauthentication requests. By sending certain responses when the Ruby APOP\nmodule attempted to authenticate using APOP against a POP server, a remote\nattacker could, potentially, acquire certain portions of a user's\nauthentication credentials. (CVE-2007-1558)\n\nIt was discovered that Ruby did not properly check the return value when\nverifying X.509 certificates. This could, potentially, allow a remote\nattacker to present an invalid X.509 certificate, and have Ruby treat it as\nvalid. (CVE-2009-0642)\n\nA flaw was found in the way Ruby converted BigDecimal objects to Float\nnumbers. If an attacker were able to provide certain input for the\nBigDecimal object converter, they could crash an application using this\nclass. (CVE-2009-1904)\n\nAll Ruby users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", "modified": "2017-09-08T12:20:29", "published": "2009-07-02T04:00:00", "id": "RHSA-2009:1140", "href": "https://access.redhat.com/errata/RHSA-2009:1140", "type": "redhat", "title": "(RHSA-2009:1140) Moderate: ruby security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:52:34", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3655", "CVE-2009-1886", "CVE-2009-1904", "CVE-2009-2042", "CVE-2008-3443", "CVE-2009-0642", "CVE-2008-3657", "CVE-2009-0692", "CVE-2008-3905", "CVE-2008-3790", "CVE-2009-1888", "CVE-2008-3656"], "description": "The DHCP client (dhclient) could be crashed by a malicious DHCP server sending an overlong subnet field (CVE-2009-0692). In theory a malicious DHCP server could exploit the flaw to execute arbitrary code as root on machines using dhclient to obtain network settings. Newer distributions (SLES10+, openSUSE) do have buffer overflow checking that guards against this kind of stack overflow though. So actual exploitability is rather unlikely.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2009-07-15T16:27:03", "published": "2009-07-15T16:27:03", "id": "SUSE-SA:2009:037", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html", "type": "suse", "title": "remote code execution in dhcp-client", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T23:08:12", "bulletinFamily": "info", "cvelist": ["CVE-2003-0063", "CVE-2006-1329", "CVE-2008-0564", "CVE-2008-0888", "CVE-2008-2712", "CVE-2008-4101", "CVE-2008-4456", "CVE-2008-5302", "CVE-2008-5303", "CVE-2008-5515", "CVE-2008-7247", "CVE-2009-0033", "CVE-2009-0037", "CVE-2009-0316", "CVE-2009-0580", "CVE-2009-0688", "CVE-2009-0689", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-1904", "CVE-2009-2042", "CVE-2009-2417", "CVE-2009-2422", "CVE-2009-2446", "CVE-2009-2632", "CVE-2009-2693", "CVE-2009-2801", "CVE-2009-2901", "CVE-2009-2902", "CVE-2009-2906", "CVE-2009-3009", "CVE-2009-3095", "CVE-2009-3557", "CVE-2009-3558", "CVE-2009-3559", "CVE-2009-4017", "CVE-2009-4019", "CVE-2009-4030", "CVE-2009-4142", "CVE-2009-4143", "CVE-2009-4214", "CVE-2010-0041", "CVE-2010-0042", "CVE-2010-0043", "CVE-2010-0055", "CVE-2010-0056", "CVE-2010-0057", "CVE-2010-0058", "CVE-2010-0059", "CVE-2010-0060", "CVE-2010-0062", "CVE-2010-0063", "CVE-2010-0064", "CVE-2010-0065", "CVE-2010-0393", "CVE-2010-0497", "CVE-2010-0498", "CVE-2010-0500", "CVE-2010-0501", "CVE-2010-0502", "CVE-2010-0503", "CVE-2010-0504", "CVE-2010-0505", "CVE-2010-0506", "CVE-2010-0507", "CVE-2010-0508", "CVE-2010-0509", "CVE-2010-0510", "CVE-2010-0511", "CVE-2010-0512", "CVE-2010-0513", "CVE-2010-0514", "CVE-2010-0515", "CVE-2010-0516", "CVE-2010-0517", "CVE-2010-0518", "CVE-2010-0519", "CVE-2010-0520", "CVE-2010-0521", "CVE-2010-0522", "CVE-2010-0523", "CVE-2010-0524", "CVE-2010-0525", "CVE-2010-0526", "CVE-2010-0533", "CVE-2010-0534", "CVE-2010-0535", "CVE-2010-0537"], "description": "Apple Mega Patch Covers 88 Mac OS X Vulnerabilities\n\nApple today released one of its biggest Mac OS X security updates in recent memory, covering a whopping with fixes for 88 documented vulnerabilities.\n\nThe Mac OS X v10.6.3 update, which is considered \u201ccritical,\u201d covers flaws that could lead to remote code execution, information disclosure and denial-of-service attacks.\n\nSecurity Update 2010-002 / Mac OS X v10.6.3 is now available and\n\naddresses the following:\n\nAppKit\n\nCVE-ID: CVE-2010-0056\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Spell checking a maliciously crafted document may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow exists in the spell checking feature\n\nused by Cocoa applications. Spell checking a maliciously crafted\n\ndocument may lead to an unexpected application termination or\n\narbitrary code execution. This issue is addressed through improved\n\nbounds checking. This issue does not affect Mac OS X v10.6 systems.\n\nCredit: Apple.\n\nApplication Firewall\n\nCVE-ID: CVE-2009-2801\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Certain rules in the Application Firewall may become\n\ninactive after restart\n\nDescription: A timing issue in the Application Firewall may cause\n\ncertain rules to become inactive after reboot. The issue is addressed\n\nthrough improved handling of Firewall rules. This issue does not\n\naffect Mac OS X v10.6 systems. Credit to Michael Kisor of\n\nOrganicOrb.com for reporting this issue.\n\nAFP Server\n\nCVE-ID: CVE-2010-0057\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: When guest access is disabled, a remote user may be able to\n\nmount AFP shares as a guest\n\nDescription: An access control issue in AFP Server may allow a\n\nremote user to mount AFP shares as a guest, even if guest access is\n\ndisabled. This issue is addressed through improved access control\n\nchecks. Credit: Apple.\n\nAFP Server\n\nCVE-ID: CVE-2010-0533\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A remote user with guest access to an AFP share may access\n\nthe contents of world-readable files outside the Public share\n\nDescription: A directory traversal issue exists in the path\n\nvalidation for AFP shares. A remote user may enumerate the parent\n\ndirectory of the share root, and read or write files within that\n\ndirectory that are accessible to the \u2018nobody\u2019 user. This issue is\n\naddressed through improved handling of file paths. Credit to Patrik\n\nKarlsson of cqure.net for reporting this issue.\n\nApache\n\nCVE-ID: CVE-2009-3095\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may be able to bypass access control\n\nrestrictions\n\nDescription: An input validation issue exists in Apache\u2019s handling\n\nof proxied FTP requests. A remote attacker with the ability to issue\n\nrequests through the proxy may be able to bypass access control\n\nrestrictions specified in the Apache configuration. This issue is\n\naddressed by updating Apache to version 2.2.14.\n\nClamAV\n\nCVE-ID: CVE-2010-0058\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: ClamAV virus definitions may not receive updates\n\nDescription: A configuration issue introduced in Security Update\n\n2009-005 prevents freshclam from running. This may prevent virus\n\ndefinitions from being updated. This issue is addressed by updating\n\nfreshclam\u2019s launchd plist ProgramArguments key values. This issue\n\ndoes not affect Mac OS X v10.6 systems. Credit to Bayard Bell, Wil\n\nShipley of Delicious Monster, and David Ferrero of Zion Software, LLC\n\nfor reporting this issue.\n\nCoreAudio\n\nCVE-ID: CVE-2010-0059\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Playing maliciously crafted audio content may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nQDM2 encoded audio content. Playing maliciously crafted audio content\n\nmay lead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed through improved bounds checking.\n\nCredit to an anonymous researcher working with TippingPoint\u2019s Zero\n\nDay Initiative for reporting this issue.\n\nCoreAudio\n\nCVE-ID: CVE-2010-0060\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Playing maliciously crafted audio content may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nQDMC encoded audio content. Playing maliciously crafted audio content\n\nmay lead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed through improved bounds checking.\n\nCredit to an anonymous researcher working with TippingPoint\u2019s Zero\n\nDay Initiative for reporting this issue.\n\nCoreMedia\n\nCVE-ID: CVE-2010-0062\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in CoreMedia\u2019s handling\n\nof H.263 encoded movie files. Viewing a maliciously crafted movie\n\nfile may lead to an unexpected application termination or arbitrary\n\ncode execution. This issue is addressed by performing additional\n\nvalidation of H.263 encoded movie files. Credit to Damian Put working\n\nwith TippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nCoreTypes\n\nCVE-ID: CVE-2010-0063\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Users are not warned before opening certain potentially\n\nunsafe content types\n\nDescription: This update adds .ibplugin and .url to the system\u2019s\n\nlist of content types that will be flagged as potentially unsafe\n\nunder certain circumstances, such as when they are downloaded from a\n\nweb page. While these content types are not automatically launched,\n\nif manually opened they could lead to the execution of a malicious\n\nJavaScript payload or arbitrary code execution. This update improves\n\nthe system\u2019s ability to notify users before handling content types\n\nused by Safari. Credit to Clint Ruoho of Laconic Security for\n\nreporting this issue.\n\nCUPS\n\nCVE-ID: CVE-2010-0393\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A local user may be able to obtain system privileges\n\nDescription: A format string issue exists in the lppasswd CUPS\n\nutility. This may allow a local user to obtain system privileges. Mac\n\nOS X v10.6 systems are only affected if the setuid bit has been set\n\non the binary. This issue is addressed by using default directories\n\nwhen running as a setuid process. Credit to Ronald Volgers for\n\nreporting this issue.\n\ncurl\n\nCVE-ID: CVE-2009-2417\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A man-in-the-middle attacker may be able to impersonate a\n\ntrusted server\n\nDescription: A canonicalization issue exists in curl\u2019s handling of\n\nNULL characters in the subject\u2019s Common Name (CN) field of X.509\n\ncertificates. This may lead to man-in-the-middle attacks against\n\nusers of the curl command line tool, or applications using libcurl.\n\nThis issue is addressed through improved handling of NULL characters.\n\ncurl\n\nCVE-ID: CVE-2009-0037\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Using curl with -L may allow a remote attacker to read or\n\nwrite local files\n\nDescription: curl will follow HTTP and HTTPS redirects when used\n\nwith the -L option. When curl follows a redirect, it allows file://\n\nURLs. This may allow a remote attacker to access local files. This\n\nissue is addressed through improved validation of redirects. This\n\nissue does not affect Mac OS X v10.6 systems. Credit to Daniel\n\nStenberg of Haxx AB for reporting this issue.\n\nCyrus IMAP\n\nCVE-ID: CVE-2009-2632\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: A local user may be able to obtain the privileges of the\n\nCyrus user\n\nDescription: A buffer overflow exists in the handling of sieve\n\nscripts. By running a maliciously crafted sieve script, a local user\n\nmay be able to obtain the privileges of the Cyrus user. This issue is\n\naddressed through improved bounds checking. This issue does not\n\naffect Mac OS X v10.6 systems.\n\nCyrus SASL\n\nCVE-ID: CVE-2009-0688\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: An unauthenticated remote attacker may cause unexpected\n\napplication termination or arbitrary code execution\n\nDescription: A buffer overflow exists in the Cyrus SASL\n\nauthentication module. Using Cyrus SASL authentication may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed through improved bounds checking. This issue does\n\nnot affect Mac OS X v10.6 systems.\n\nDesktopServices\n\nCVE-ID: CVE-2010-0064\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Items copied in the Finder may be assigned an unexpected\n\nfile owner\n\nDescription: When performing an authenticated copy in the Finder,\n\noriginal file ownership may be unexpectedly copied. This update\n\naddresses the issue by ensuring that copied files are owned by the\n\nuser performing the copy. This issue does not affect systems prior to\n\nMac OS X v10.6. Credit to Gerrit DeWitt of Auburn University (Auburn,\n\nAL) for reporting this issue.\n\nDesktopServices\n\nCVE-ID: CVE-2010-0537\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may gain access to user data via a multi-\n\nstage attack\n\nDescription: A path resolution issue in DesktopServices is\n\nvulnerable to a multi-stage attack. A remote attacker must first\n\nentice the user to mount an arbitrarily named share, which may be\n\ndone via a URL scheme. When saving a file using the default save\n\npanel in any application, and using \u201cGo to folder\u201d or dragging\n\nfolders to the save panel, the data may be unexpectedly saved to the\n\nmalicious share. This issue is addressed through improved path\n\nresolution. This issue does not affect systems prior to Mac OS X\n\nv10.6. Credit to Sidney San Martin working with DeepTech, Inc. for\n\nreporting this issue.\n\nDisk Images\n\nCVE-ID: CVE-2010-0065\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Mounting a maliciously crafted disk image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nbzip2 compressed disk images. Mounting a maliciously crafted disk\n\nimage may lead to an unexpected application termination or arbitrary\n\ncode execution. This issue is addressed through improved bounds\n\nchecking. Credit: Apple.\n\nDisk Images\n\nCVE-ID: CVE-2010-0497\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Mounting a maliciously crafted disk image may lead to\n\narbitrary code execution\n\nDescription: A design issue exists in the handling of internet\n\nenabled disk images. Mounting an internet enabled disk image\n\ncontaining a package file type will open it rather than revealing it\n\nin the Finder. This file quarantine feature helps to mitigate this\n\nissue by providing a warning dialog for unsafe file types. This issue\n\nis addressed through improved handling of package file types on\n\ninternet enabled disk images. Credit to Brian Mastenbrook working\n\nwith TippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nDirectory Services\n\nCVE-ID: CVE-2010-0498\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A local user may obtain system privileges\n\nDescription: An authorization issue in Directory Services\u2019 handling\n\nof record names may allow a local user to obtain system privileges.\n\nThis issue is addressed through improved authorization checks.\n\nCredit: Apple.\n\nDovecot\n\nCVE-ID: CVE-2010-0535\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: An authenticated user may be able to send and receive mail\n\neven if the user is not on the SACL of users who are permitted to do\n\nso\n\nDescription: An access control issue exists in Dovecot when Kerberos\n\nauthentication is enabled. This may allow an authenticated user to\n\nsend and receive mail even if the user is not on the service access\n\ncontrol list (SACL) of users who are permitted to do so. This issue\n\nis addressed through improved access control checks. This issue does\n\nnot affect systems prior to Mac OS X v10.6.\n\nEvent Monitor\n\nCVE-ID: CVE-2010-0500\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may cause arbitrary systems to be added to\n\nthe firewall blacklist\n\nDescription: A reverse DNS lookup is performed on remote ssh clients\n\nthat fail to authenticate. A plist injection issue exists in the\n\nhandling of resolved DNS names. This may allow a remote attacker to\n\ncause arbitrary systems to be added to the firewall blacklist. This\n\nissue is addressed by properly escaping resolved DNS names. Credit:\n\nApple.\n\nFreeRADIUS\n\nCVE-ID: CVE-2010-0524\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may obtain access to a network via RADIUS\n\nauthentication\n\nDescription: A certificate authentication issue exists in the\n\ndefault Mac OS X configuration of the FreeRADIUS server. A remote\n\nattacker may use EAP-TLS with an arbitrary valid certificate to\n\nauthenticate and connect to a network configured to use FreeRADIUS\n\nfor authentication. This issue is addressed by disabling support for\n\nEAP-TLS in the configuration. RADIUS clients should use EAP-TTLS\n\ninstead. This issue only affects Mac OS X Server systems. Credit to\n\nChris Linstruth of Qnet for reporting this issue.\n\nFTP Server\n\nCVE-ID: CVE-2010-0501\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Users may be able to retrieve files outside the FTP root\n\ndirectory\n\nDescription: A directory traversal issue exists in FTP Server. This\n\nmay allow a user to retrieve files outside the FTP root directory.\n\nThis issue is addressed through improved handling of file names. This\n\nissue only affects Mac OS X Server systems. Credit: Apple.\n\niChat Server\n\nCVE-ID: CVE-2006-1329\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: An implementation issue exists in jabberd\u2019s handling of\n\nSASL negotiation. A remote attacker may be able to terminate the\n\noperation of jabberd. This issue is addressed through improved\n\nhandling of SASL negotiation. This issue only affects Mac OS X Server\n\nsystems.\n\niChat Server\n\nCVE-ID: CVE-2010-0502\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Chat messages may not be logged\n\nDescription: A design issue exists in iChat Server\u2019s support for\n\nconfigurable group chat logging. iChat Server only logs messages with\n\ncertain message types. This may allow a remote user to send a message\n\nthrough the server without it being logged. The issue is addressed by\n\nremoving the capability to disable group chat logs, and logging all\n\nmessages that are sent through the server. This issue only affects\n\nMac OS X Server systems. Credit: Apple.\n\niChat Server\n\nCVE-ID: CVE-2010-0503\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: An authenticated user may be able to cause an unexpected\n\napplication termination or arbitrary code execution\n\nDescription: A use-after-free issue exists in iChat Server. An\n\nauthenticated user may be able to cause an unexpected application\n\ntermination or arbitrary code execution. This issue is addressed\n\nthrough improved memory reference tracking. This issue only affects\n\nMac OS X Server systems, and does not affect versions 10.6 or later.\n\niChat Server\n\nCVE-ID: CVE-2010-0504\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: An authenticated user may be able to cause an unexpected\n\napplication termination or arbitrary code execution\n\nDescription: Multiple stack buffer overflow issues exist in iChat\n\nServer. An authenticated user may be able to cause an unexpected\n\napplication termination or arbitrary code execution. These issues are\n\naddressed through improved memory management. These issues only\n\naffect Mac OS X Server systems. Credit: Apple.\n\nImageIO\n\nCVE-ID: CVE-2010-0505\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted JP2 image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in the handling of JP2\n\nimages. Viewing a maliciously crafted JP2 image may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed through improved bounds checking. Credit to Chris\n\nRies of Carnegie Mellon University Computing Service, and researcher\n\n\u201c85319bb6e6ab398b334509c50afce5259d42756e\u201d working with\n\nTippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nImageIO\n\nCVE-ID: CVE-2010-0041\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Visiting a maliciously crafted website may result in sending\n\ndata from Safari\u2019s memory to the website\n\nDescription: An uninitialized memory access issue exists in\n\nImageIO\u2019s handling of BMP images. Visiting a maliciously crafted\n\nwebsite may result in sending data from Safari\u2019s memory to the\n\nwebsite. This issue is addressed through improved memory\n\ninitialization and additional validation of BMP images. Credit to\n\nMatthew \u2018j00ru\u2019 Jurczyk of Hispasec for reporting this issue.\n\nImageIO\n\nCVE-ID: CVE-2010-0042\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Visiting a maliciously crafted website may result in sending\n\ndata from Safari\u2019s memory to the website\n\nDescription: An uninitialized memory access issue exists in\n\nImageIO\u2019s handling of TIFF images. Visiting a maliciously crafted\n\nwebsite may result in sending data from Safari\u2019s memory to the\n\nwebsite. This issue is addressed through improved memory\n\ninitialization and additional validation of TIFF images. Credit to\n\nMatthew \u2018j00ru\u2019 Jurczyk of Hispasec for reporting this issue.\n\nImageIO\n\nCVE-ID: CVE-2010-0043\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Processing a maliciously crafted TIFF image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nTIFF images. Processing a maliciously crafted TIFF image may lead to\n\nan unexpected application termination or arbitrary code execution.\n\nThis issue is addressed through improved memory handling. This issue\n\ndoes not affect systems prior to Mac OS X v10.6. Credit to Gus\n\nMueller of Flying Meat for reporting this issue.\n\nImage RAW\n\nCVE-ID: CVE-2010-0506\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Viewing a maliciously crafted NEF image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow exists in Image RAW\u2019s handling of NEF\n\nimages. Viewing a maliciously crafted NEF image may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed through improved bounds checking. This issue does\n\nnot affect Mac OS X v10.6 systems. Credit: Apple.\n\nImage RAW\n\nCVE-ID: CVE-2010-0507\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted PEF image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow exists in Image RAW\u2019s handling of PEF\n\nimages. Viewing a maliciously crafted PEF image may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed through improved bounds checking. Credit to Chris\n\nRies of Carnegie Mellon University Computing Services for reporting\n\nthis issue.\n\nLibsystem\n\nCVE-ID: CVE-2009-0689\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Applications that convert untrusted data between binary\n\nfloating point and text may be vulnerable to an unexpected\n\napplication termination or arbitrary code execution\n\nDescription: A buffer overflow exists in the floating point binary\n\nto text conversion code within Libsystem. An attacker who can cause\n\nan application to convert a floating point value into a long string,\n\nor to parse a maliciously crafted string as a floating point value,\n\nmay be able to cause an unexpected application termination or\n\narbitrary code execution. This issue is addressed through improved\n\nbounds checking. Credit to Maksymilian Arciemowicz of\n\nSecurityReason.com for reporting this issue.\n\nMail\n\nCVE-ID: CVE-2010-0508\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Rules associated with a deleted mail account remain in\n\neffect\n\nDescription: When a mail account is deleted, user-defined filter\n\nrules associated with that account remain active. This may result in\n\nunexpected actions. This issue is addressed by disabling associated\n\nrules when a mail account is deleted.\n\nMail\n\nCVE-ID: CVE-2010-0525\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Mail may use a weaker encryption key for outgoing email\n\nDescription: A logic issue exists in Mail\u2019s handling of encryption\n\ncertificates. When multiple certificates for the recipient exist in\n\nthe keychain, Mail may select an encryption key that is not intended\n\nfor encipherment. This may lead to a security issue if the chosen key\n\nis weaker than expected. This issue is addressed by ensuring that the\n\nkey usage extension within certificates is evaluated when selecting a\n\nmail encryption key. Credit to Paul Suh of ps Enable, Inc. for\n\nreporting this issue.\n\nMailman\n\nCVE-ID: CVE-2008-0564\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: Multiple vulnerabilities in Mailman 2.1.9\n\nDescription: Multiple cross-site scripting issues exist in Mailman\n\n2.1.9. These issues are addressed by updating Mailman to version\n\n2.1.13. Further information is available via the Mailman site at\n\nhttp://mail.python.org/pipermail/mailman-\n\nannounce/2009-January/000128.html These issues only affect Mac OS X\n\nServer systems, and do not affect versions 10.6 or later.\n\nMySQL\n\nCVE-ID: CVE-2008-4456, CVE-2008-7247, CVE-2009-2446, CVE-2009-4019,\n\nCVE-2009-4030\n\nAvailable for: Mac OS X Server v10.6 through v10.6.2\n\nImpact: Multiple vulnerabilities in MySQL 5.0.82\n\nDescription: MySQL is updated to version 5.0.88 to address multiple\n\nvulnerabilities, the most serious of which may lead to arbitrary code\n\nexecution. These issues only affect Mac OS X Server systems. Further\n\ninformation is available via the MySQL web site at\n\nhttp://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html\n\nOS Services\n\nCVE-ID: CVE-2010-0509\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A local user may be able to obtain elevated privileges\n\nDescription: A privilege escalation issue exists in SFLServer, as it\n\nruns as group \u2018wheel\u2019 and accesses files in users\u2019 home directories.\n\nThis issue is addressed through improved privilege management. Credit\n\nto Kevin Finisterre of DigitalMunition for reporting this issue.\n\nPassword Server\n\nCVE-ID: CVE-2010-0510\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may be able to log in with an outdated\n\npassword\n\nDescription: An implementation issue in Password Server\u2019s handling\n\nof replication may cause passwords to not be replicated. A remote\n\nattacker may be able to log in to a system using an outdated\n\npassword. This issue is addressed through improved handling of\n\npassword replication. This issue only affects Mac OS X Server\n\nsystems. Credit to Jack Johnson of Anchorage School District for\n\nreporting this issue.\n\nperl\n\nCVE-ID: CVE-2008-5302, CVE-2008-5303\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: A local user may cause arbitrary files to be deleted\n\nDescription: Multiple race condition issues exist in the rmtree\n\nfunction of the perl module File::Path. A local user with write\n\naccess to a directory that is being deleted may cause arbitrary files\n\nto be removed with the privileges of the perl process. This issue is\n\naddressed through improved handling of symbolic links. This issue\n\ndoes not affect Mac OS X v10.6 systems.\n\nPHP\n\nCVE-ID: CVE-2009-3557, CVE-2009-3558, CVE-2009-3559, CVE-2009-4017\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Multiple vulnerabilities in PHP 5.3.0\n\nDescription: PHP is updated to version 5.3.1 to address multiple\n\nvulnerabilities, the most serious of which may lead to arbitary code\n\nexecution. Further information is available via the PHP website at\n\nhttp://www.php.net/\n\nPHP\n\nCVE-ID: CVE-2009-3557, CVE-2009-3558, CVE-2009-3559, CVE-2009-4142,\n\nCVE-2009-4143\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Multiple vulnerabilities in PHP 5.2.11\n\nDescription: PHP is updated to version 5.2.12 to address multiple\n\nvulnerabilities, the most serious of which may lead to cross-site\n\nscripting. Further information is available via the PHP website at\n\nhttp://www.php.net/\n\nPodcast Producer\n\nCVE-ID: CVE-2010-0511\n\nAvailable for: Mac OS X Server v10.6 through v10.6.2\n\nImpact: An unauthorized user may be able to access a Podcast\n\nComposer workflow\n\nDescription: When a Podcast Composer workflow is overwritten, the\n\naccess restrictions are removed. This may allow an unauthorized user\n\nto access a Podcast Composer workflow. This issue is addressed\n\nthrough improved handling of workflow access restrictions. Podcast\n\nComposer was introduced in Mac OS X Server v10.6.\n\nPreferences\n\nCVE-ID: CVE-2010-0512\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A network user may be able to bypass system login\n\nrestrictions\n\nDescription: An implementation issue exists in the handling of\n\nsystem login restrictions for network accounts. If the network\n\naccounts allowed to log in to the system at the Login Window are\n\nidentified by group membership only, the restriction will not be\n\nenforced, and all network users will be allowed to log in to the\n\nsystem. The issue is addressed through improved group restriction\n\nmanagement in the Accounts preference pane. This issue only affects\n\nsystems configured to use a network account server, and does not\n\naffect systems prior to Mac OS X v10.6. Credit to Christopher D.\n\nGrieb of University of Michigan MSIS for reporting this issue.\n\nPS Normalizer\n\nCVE-ID: CVE-2010-0513\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted PostScript file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A stack buffer overflow exists in the handling of\n\nPostScript files. Viewing a maliciously crafted PostScript file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of PostScript files. On Mac OS X v10.6 systems this issue\n\nis mitigated by the -fstack-protector compiler flag. Credit: Apple.\n\nQuickTime\n\nCVE-ID: CVE-2010-0062\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in QuickTime\u2019s handling\n\nof H.263 encoded movie files. Viewing a maliciously crafted movie\n\nfile may lead to an unexpected application termination or arbitrary\n\ncode execution. This issue is addressed by performing additional\n\nvalidation of H.263 encoded movie files. Credit to Damian Put working\n\nwith TippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0514\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in the handling of H.261\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of H.261 encoded movie files. Credit to Will Dormann of\n\nthe CERT/CC for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0515\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption in the handling of H.264 encoded\n\nmovie files. Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed by performing additional validation of H.264\n\nencoded movie files.\n\nQuickTime\n\nCVE-ID: CVE-2010-0516\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow in the handling of RLE encoded\n\nmovie files. Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed by performing additional validation of RLE encoded\n\nmovie files. Credit to an anonymous researcher working with\n\nTippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0517\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow in the handling of M-JPEG\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of M-JPEG encoded movie files. Credit to Damian Put\n\nworking with TippingPoint\u2019s Zero Day Initiative for reporting this\n\nissue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0518\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nSorenson encoded movie files. Viewing a maliciously crafted movie\n\nfile may lead to an unexpected application termination or arbitrary\n\ncode execution. This issue is addressed by performing additional\n\nvalidation of Sorenson encoded movie files. Credit to Will Dormann of\n\nthe CERT/CC for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0519\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: An integer overflow exists in the handling of FlashPix\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed through improved bounds checking.\n\nCredit to an anonymous researcher working with TippingPoint\u2019s Zero\n\nDay Initiative for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0520\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in the handling of FLC\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of FLC encoded movie files. Credit to Moritz Jodeit of\n\nn.runs AG, working with TippingPoint\u2019s Zero Day Initiative, and\n\nNicols Joly of VUPEN Security for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0526\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted MPEG file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in the handling of MPEG\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of MPEG encoded movie files. Credit to an anonymous\n\nresearcher working with TippingPoint\u2019s Zero Day Initiative for\n\nreporting this issue.\n\nRuby\n\nCVE-ID: CVE-2009-2422, CVE-2009-3009, CVE-2009-4214\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Multiple issues in Ruby on Rails\n\nDescription: Multiple vulnerabilities exist in Ruby on Rails, the\n\nmost serious of which may lead to cross-site scripting. On Mac OS X\n\nv10.6 systems, these issues are addressed by updating Ruby on Rails\n\nto version 2.3.5. Mac OS X v10.5 systems are affected only by\n\nCVE-2009-4214, and this issue is addressed through improved\n\nvalidation of arguments to strip_tags.\n\nRuby\n\nCVE-ID: CVE-2009-1904\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Running a Ruby script that uses untrusted input to\n\ninitialize a BigDecimal object may lead to an unexpected application\n\ntermination\n\nDescription: A stack exhaustion issue exists in Ruby\u2019s handling of\n\nBigDecimal objects with very large values. Running a Ruby script that\n\nuses untrusted input to initialize a BigDecimal object may lead to an\n\nunexpected application termination. For Mac OS X v10.6 systems, this\n\nissue is addressed by updating Ruby to version 1.8.7-p173. For Mac OS\n\nv10.5 systems, this issue is addressed by updating Ruby to version\n\n1.8.6-p369.\n\nServer Admin\n\nCVE-ID: CVE-2010-0521\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may extract information from Open\n\nDirectory\n\nDescription: A design issue exists in the handling of authenticated\n\ndirectory binding. A remote attacker may be able to anonymously\n\nextract information from Open Directory, even if the \u201cRequire\n\nauthenticated binding between directory and clients\u201d option is\n\nenabled. The issue is addressed by removing this configuration\n\noption. This issue only affects Mac OS X Server systems. Credit to\n\nScott Gruby of Gruby Solutions, and Mathias Haack of GRAVIS\n\nComputervertriebsgesellschaft mbH for reporting this issue.\n\nServer Admin\n\nCVE-ID: CVE-2010-0522\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: A former administrator may have unauthorized access to\n\nscreen sharing\n\nDescription: A user who is removed from the \u2018admin\u2019 group may still\n\nconnect to the server using screen sharing. This issue is addressed\n\nthrough improved handling of administrator privileges. This issue\n\nonly affects Mac OS X Server systems, and does not affect version\n\n10.6 or later. Credit: Apple.\n\nSMB\n\nCVE-ID: CVE-2009-2906\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: An infinite loop issue exists in Samba\u2019s handling of\n\nSMB \u2018oplock\u2019 break notifications. A remote attacker may be able to\n\ntrigger an infinite loop in smbd, causing it to consume excessive CPU\n\nresources. The issue is addressed through improved handling of\n\n\u2018oplock\u2019 break notifications.\n\nTomcat\n\nCVE-ID: CVE-2009-0580, CVE-2009-0033, CVE-2009-0783, CVE-2008-5515,\n\nCVE-2009-0781, CVE-2009-2901, CVE-2009-2902, CVE-2009-2693\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Multiple vulnerabilities in Tomcat 6.0.18\n\nDescription: Tomcat is updated to version 6.0.24 to address multiple\n\nvulnerabilities, the most serious of which may lead to a cross site\n\nscripting attack. Tomcat is only provided on Mac OS X Server systems.\n\nFurther information is available via the Tomcat site at\n\nhttp://tomcat.apache.org/\n\nunzip\n\nCVE-ID: CVE-2008-0888\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Extracting maliciously crafted zip files using the unzip\n\ncommand tool may lead to an unexpected application termination or\n\ncode execution\n\nDescription: An uninitialized pointer issue exists is the handling\n\nof zip files. Extracting maliciously crafted zip files using the\n\nunzip command tool may lead to an unexpected application termination\n\nor arbitrary code execution. This issue is addressed by performing\n\nadditional validation of zip files. This issue does not affect Mac OS\n\nX v10.6 systems.\n\nvim\n\nCVE-ID: CVE-2008-2712, CVE-2008-4101, CVE-2009-0316\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Multiple vulnerabilities in vim 7.0\n\nDescription: Multiple vulnerabilities exist in vim 7.0, the most\n\nserious of which may lead to arbitrary code execution when working\n\nwith maliciously crafted files. These issues are addressed by\n\nupdating to vim 7.2.102. These issues do not affect Mac OS X v10.6\n\nsystems. Further information is available via the vim website at\n\nhttp://www.vim.org/\n\nWiki Server\n\nCVE-ID: CVE-2010-0523\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: Uploading a maliciously crafted applet may lead to the\n\ndisclosure of sensitive information\n\nDescription: Wiki Server allows users to upload active content such\n\nas Java applets. A remote attacker may obtain sensitive information\n\nby uploading a maliciously crafted applet and directing a Wiki Server\n\nuser to view it. The issue is addressed by restricting the file types\n\nthat may be uploaded to the Wiki Server. This issue only affects Mac\n\nOS X Server systems, and does not affect versions 10.6 or later.\n\nWiki Server\n\nCVE-ID: CVE-2010-0534\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: An authenticated user may bypass weblog creation\n\nrestrictions\n\nDescription: Wiki Server supports service access control lists\n\n(SACLs), allowing an administrator to control the publication of\n\ncontent. Wiki Server fails to consult the weblog SACL during the\n\ncreation of a user\u2019s weblog. This may allow an authenticated user to\n\npublish content to the Wiki Server, even though publication should be\n\ndisallowed by the service ACL. This issue does not affect systems\n\nprior to Mac OS X v10.6.\n\nX11\n\nCVE-ID: CVE-2009-2042\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted image may lead to the\n\ndisclosure of sensitive information\n\nDescription: libpng is updated to version 1.2.37 to address an issue\n\nthat may result in the disclosure of sensitive information. Further\n\ninformation is available via the libpng site at\n\nhttp://www.libpng.org/pub/png/libpng.html\n\nX11\n\nCVE-ID: CVE-2003-0063\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Displaying maliciously crafted data within an xterm terminal\n\nmay lead to arbitrary code execution\n\nDescription: The xterm program supports a command sequence to change\n\nthe window title, and to print the window title to the terminal. The\n\ninformation returned is provided to the terminal as though it were\n\nkeyboard input from the user. Within an xterm terminal, displaying\n\nmaliciously crafted data containing such sequences may result in\n\ncommand injection. The issue is addressed by disabling the affected\n\ncommand sequence.\n\nxar\n\nCVE-ID: CVE-2010-0055\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: A modified package may appear as validly signed\n\nDescription: A design issue exists in xar when validating a package\n\nsignature. This may allow a modified package to appear as validly\n\nsigned. This issue is fixed through improved package signature\n\nvalidation. This issue does not affect Mac OS X v10.6 systems.\n\nCredit: Apple.\n\nSecurity Update 2010-002 / Mac OS X v10.6.3 may be obtained from\n\nthe Software Update pane in System Preferences, or Apple\u2019s Software\n\nDownloads web site:\n\nhttp://www.apple.com/support/downloads/\n\n[](<https://threatpost.com/apple-mega-patch-covers-88-mac-os-x-vulnerabilities-032910/>)Apple today released one of its biggest Mac OS X security updates in recent memory, covering a whopping 88 documented vulnerabilities.\n\nThe Mac OS X v10.6.3 update, which is considered \u201ccritical,\u201d covers flaws that could lead to remote code execution, information disclosure and denial-of-service attacks.\n\nIn some scenarios, a malicious hacker could take complete control of a Mac-powered machine if a user simply views a malicious image or movie file.\n\nThe update covers critical vulnerabilities in AppKit, QuickTime,CoreMedia, CoreTypes, DiskImages, ImageIO and Image RAW.\n\nIt also covers holes in several open-source components, including Apache, ClamAV, MySQL, PHP.\n\nHere\u2019s [the full list](<http://support.apple.com/kb/HT4077>) of the patched vulnerabilities. \n\nThe Security Update 2010-002 / Mac OS X v10.6.3 may be obtained from the Software Update pane in System Preferences, or [Apple\u2019s Software Downloads](<site:http://www.apple.com/support/downloads/>) web page.\n", "modified": "2013-04-17T16:37:25", "published": "2010-03-29T17:15:44", "id": "THREATPOST:4F867C686B7E31697E158FBD04A5DD35", "href": "https://threatpost.com/apple-mega-patch-covers-88-mac-os-x-vulnerabilities-032910/73753/", "type": "threatpost", "title": "Apple Mega Patch Covers 88 Mac OS X Vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
