Test ID:	1.3.6.1.4.1.25623.1.0.61370
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1618-1)
Summary:	The remote host is missing an update for the Debian 'ruby1.9' package(s) announced via the DSA-1618-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'ruby1.9' package(s) announced via the DSA-1618-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-2662 Drew Yao discovered that multiple integer overflows in the string processing code may lead to denial of service and potentially the execution of arbitrary code. CVE-2008-2663 Drew Yao discovered that multiple integer overflows in the string processing code may lead to denial of service and potentially the execution of arbitrary code. CVE-2008-2664 Drew Yao discovered that a programming error in the string processing code may lead to denial of service and potentially the execution of arbitrary code. CVE-2008-2725 Drew Yao discovered that an integer overflow in the array handling code may lead to denial of service and potentially the execution of arbitrary code. CVE-2008-2726 Drew Yao discovered that an integer overflow in the array handling code may lead to denial of service and potentially the execution of arbitrary code. CVE-2008-2376 It was discovered that an integer overflow in the array handling code may lead to denial of service and potentially the execution of arbitrary code. For the stable distribution (etch), these problems have been fixed in version 1.9.0+20060609-1etch2. For the unstable distribution (sid), these problems have been fixed in version 1.9.0.2-2. We recommend that you upgrade your ruby1.9 packages. Affected Software/OS: 'ruby1.9' package(s) on Debian 4. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2376 20080708 rPSA-2008-0218-1 ruby http://www.securityfocus.com/archive/1/494104/100/0/threaded 30927 http://secunia.com/advisories/30927 31006 http://secunia.com/advisories/31006 31062 http://secunia.com/advisories/31062 31090 http://secunia.com/advisories/31090 31181 http://secunia.com/advisories/31181 31256 http://secunia.com/advisories/31256 32219 http://secunia.com/advisories/32219 33178 http://secunia.com/advisories/33178 ADV-2008-2584 http://www.vupen.com/english/advisories/2008/2584 APPLE-SA-2008-09-15 http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html DSA-1612 http://www.debian.org/security/2008/dsa-1612 DSA-1618 http://www.debian.org/security/2008/dsa-1618 FEDORA-2008-6033 https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00112.html FEDORA-2008-6094 https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00161.html GLSA-200812-17 http://security.gentoo.org/glsa/glsa-200812-17.xml MDVSA-2008:140 http://www.mandriva.com/security/advisories?name=MDVSA-2008:140 MDVSA-2008:141 http://www.mandriva.com/security/advisories?name=MDVSA-2008:141 MDVSA-2008:142 http://www.mandriva.com/security/advisories?name=MDVSA-2008:142 RHSA-2008:0561 http://www.redhat.com/support/errata/RHSA-2008-0561.html TA08-260A http://www.us-cert.gov/cas/techalerts/TA08-260A.html USN-651-1 https://usn.ubuntu.com/651-1/ [oss-security] 20080702 More ruby integer overflows (rb_ary_fill / Array#fill) http://www.openwall.com/lists/oss-security/2008/07/02/3 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17756 http://wiki.rpath.com/Advisories:rPSA-2008-0218 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0218 https://issues.rpath.com/browse/RPL-2639 oval:org.mitre.oval:def:9863 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9863 Common Vulnerability Exposure (CVE) ID: CVE-2008-2662 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html BugTraq ID: 29903 http://www.securityfocus.com/bid/29903 Bugtraq: 20080626 rPSA-2008-0206-1 ruby (Google Search) http://www.securityfocus.com/archive/1/493688/100/0/threaded Debian Security Information: DSA-1612 (Google Search) Debian Security Information: DSA-1618 (Google Search) https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/ http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/ http://www.ruby-forum.com/topic/157034 http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11601 http://www.securitytracker.com/id?1020347 http://secunia.com/advisories/30802 http://secunia.com/advisories/30831 http://secunia.com/advisories/30867 http://secunia.com/advisories/30875 http://secunia.com/advisories/30894 http://secunia.com/advisories/31687 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562 SuSE Security Announcement: SUSE-SR:2008:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://www.ubuntu.com/usn/usn-621-1 http://www.vupen.com/english/advisories/2008/1907/references http://www.vupen.com/english/advisories/2008/1981/references XForce ISS Database: ruby-rbstrbufappend-code-execution(43345) https://exchange.xforce.ibmcloud.com/vulnerabilities/43345 Common Vulnerability Exposure (CVE) ID: CVE-2008-2663 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10524 XForce ISS Database: ruby-rbarystore-code-execution(43346) https://exchange.xforce.ibmcloud.com/vulnerabilities/43346 Common Vulnerability Exposure (CVE) ID: CVE-2008-2664 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9646 XForce ISS Database: ruby-rbstrformat-code-execution(43348) https://exchange.xforce.ibmcloud.com/vulnerabilities/43348 Common Vulnerability Exposure (CVE) ID: CVE-2008-2725 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2727 http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9606 XForce ISS Database: ruby-rbarysplice-code-execution(43350) https://exchange.xforce.ibmcloud.com/vulnerabilities/43350 Common Vulnerability Exposure (CVE) ID: CVE-2008-2726 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959 XForce ISS Database: ruby-rbarysplice-begrlen-code-execution(43351) https://exchange.xforce.ibmcloud.com/vulnerabilities/43351
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.