Ubuntu Update For Ruby1.8 USN-2035-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. An attacker could possibly use this issue with an application that converts text to floating point numbers to cause the application to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-4164) Vit Ondruch discovered that Ruby did not perform taint checking for certain functions. An attacker could possibly use this issue to bypass certain intended restrictions. (CVE-2013-2065)

Affected

ruby1.8 on Ubuntu 13.10 , Ubuntu 13.04 , Ubuntu 12.10 , Ubuntu 12.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-November/002323.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-2065, CVE-2013-4164
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for apache2 USN-1903-1
Ubuntu Update for dnsmasq vulnerability USN-627-1
Ubuntu Update for ceilometer USN-2311-2
Ubuntu Update for curl USN-2167-1
Ubuntu Update for cinder USN-2208-1

Ubuntu Update for ruby1.8 USN-2035-1

Take action and discover your vulnerabilities