ruby-1.8.5-5.1.1AXS3
エラータID: AXSA:2008-86:01
リリース日:
2008/09/22 Monday - 20:52
題名:
ruby-1.8.5-5.1.1AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Asianux Server 3 for ppc
Asianux Server 3 for ia64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
Ruby の rb_str_buf_append 関数には、複数の整数オーバーフローの脆弱性が存在します。 (CVE-2008-2662)
Ruby の rb_ary_store 関数には、複数の整数オーバーフローの脆弱性が存在します。(CVE-2008-2663)
Ruby の rb_str_format 関数には、メモリ破壊の脆弱性が存在します。 (CVE-2008-2664)
Ruby の rb_ary_splice 関数には、整数オーバーフローの脆弱性が存在します。
“REALLOC_N” variant 型 と関連しています。 (CVE-2008-2725)
Ruby の rb_ary_splice 関数には、整数オーバーフローの脆弱性が存在します。
これは "beg + rlen" と関連しています。 (CVE-2008-2726)
Ruby の array.c の rb_ary_fill 関数には、ARY_MAX_SIZE より大きい start 引数を伴う Array#fill メソッドを呼び出す際に整数オーバーフローが発生する脆弱性が存在します。 (CVE-2008-2376)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください
CVE:
CVE-2008-2662
Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.
Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.
CVE-2008-2663
Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
CVE-2008-2664
The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
CVE-2008-2725
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
CVE-2008-2726
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
CVE-2008-2376
Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.
Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.
追加情報:
N/A
ダウンロード:
Asianux Server 3 for x86
- ruby-1.8.5-5.1.1AXS3.i386.rpm
MD5: 8a750dea188201b78153412cd6ebf113
SHA-256: 8ea343810742feeed6ed4d158c0864fbdc2c3fa9ba4dd0ebafb412983eafd9e2
Size: 282.29 kB - ruby-devel-1.8.5-5.1.1AXS3.i386.rpm
MD5: b0a224c9dd2372dd8f29552a2a11e8c7
SHA-256: 323162ecccd2a778e445f629442e524d2089f0222f8ee78efa4f05d4f2b613b9
Size: 547.85 kB - ruby-docs-1.8.5-5.1.1AXS3.i386.rpm
MD5: 2cadc0b712de298b2e111f1cb96de791
SHA-256: 8fe22199f674dde68572c8a064e82ec2db2183d5451c1e0e6ff4ee78b3fe7834
Size: 1.50 MB - ruby-irb-1.8.5-5.1.1AXS3.i386.rpm
MD5: bd5f0c661355923c3828527b2aa69375
SHA-256: 736b6325075309cf78dba4f5846c610ab2824e3c684642637b73233c3e104b5c
Size: 68.73 kB - ruby-libs-1.8.5-5.1.1AXS3.i386.rpm
MD5: 6e07916a2cf561ae8097f5b831c07523
SHA-256: 644378f97f531346cbd2b0432809e8663a960b499bafa583ca35f4a91497da70
Size: 1.64 MB - ruby-mode-1.8.5-5.1.1AXS3.i386.rpm
MD5: ffa4d774e641501e6a3f1e2c61a4fd85
SHA-256: 7980113126c86ceccd50b864564b538e4bb25ef41168f10eb577267a67c8ed77
Size: 53.60 kB - ruby-tcltk-1.8.5-5.1.1AXS3.i386.rpm
MD5: f9bfa8b73e05dd676d2bbcb3cb326f0e
SHA-256: 858c7d4046e08a0352fd996f71a812ecf986cc0783e3132a8286d147b3fea744
Size: 1.67 MB
Asianux Server 3 for x86_64
- ruby-1.8.5-5.1.1AXS3.x86_64.rpm
MD5: 435af76615099ad743549e6f119e9294
SHA-256: 7bd03f18f213aea761986cf0307b331a9ba6d86aab0dadc8e96dc73e2c38e40c
Size: 282.12 kB - ruby-devel-1.8.5-5.1.1AXS3.x86_64.rpm
MD5: ff43e488000fd1ef1c0f598e54fae411
SHA-256: e0b4d744af10c2a3792aa29f57596b247337243aae1904e0b1392b86977c75b9
Size: 557.77 kB - ruby-docs-1.8.5-5.1.1AXS3.x86_64.rpm
MD5: 038e93176318f129acd28c2bca87f113
SHA-256: 41c71169ad939e879a431b70c4f5c98a8cbcf326497cc3d4f56719ec70270d0a
Size: 1.50 MB - ruby-irb-1.8.5-5.1.1AXS3.x86_64.rpm
MD5: 362a79fa811af8f08b3e669f72ab4a72
SHA-256: e529151ef7cd3e2af58f8e329493c725040b81b8cf105715a12f7594d9d2a486
Size: 68.95 kB - ruby-libs-1.8.5-5.1.1AXS3.x86_64.rpm
MD5: 0d1006117968a7b8d3711f1f3bfc8a85
SHA-256: 3190cd9e3904f0379b3fac27c0dd9d13ebdf732fee24e1871f6242a7845a916b
Size: 1.65 MB - ruby-mode-1.8.5-5.1.1AXS3.x86_64.rpm
MD5: 835ce3bbd312574145810de89c7eb9a8
SHA-256: 6b9942859bf7f2fc89dbd6671a75132558bbf0e92f1eb64effaf7b2a2be28441
Size: 53.62 kB - ruby-tcltk-1.8.5-5.1.1AXS3.x86_64.rpm
MD5: 343391685d9821d51fed689c2d992948
SHA-256: 600b783f7fcbad23957bc34052b6447217492f9c3a226c55ecc08eb4af04e6e6
Size: 1.67 MB