Debian Security Advisory DSA 1139-1 (ruby1.6) Network Vulnerability

Summary

The remote host is missing an update to ruby1.6 announced via advisory DSA 1139-1. It was discovered that the interpreter for the Ruby language does not properly maintain safe levels for aliasing, directory accesses and regular expressions, which might lead to a bypass of security restrictions.

Solution

For the stable distribution (sarge) this problem has been fixed in version 1.6.8-12sarge2. The unstable distribution (sid) does no longer contain ruby1.6 packages. We recommend that you upgrade your Ruby packages. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201139-1

Severity

Classification

CVE CVE-2006-3694
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 036-1 (mc)
Debian Security Advisory DSA 1096-1 (webcalendar)
Debian Security Advisory DSA 103-1 (glibc)
Debian Security Advisory DSA 1055-1 (mozilla-firefox)
Debian Security Advisory DSA 1081-1 (libextractor)

Take action and discover your vulnerabilities