Ubuntu Security Notice USN-195-1
10th October, 2005
ruby1.8 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 5.04
- Ubuntu 4.10
Details
The object oriented scripting language Ruby supports safely executing
untrusted code with two mechanisms: safe level and taint flag on
objects. Dr. Yutaka Oiwa discovered a vulnerability that allows
Ruby methods to bypass these mechanisms. In systems which use this
feature, this could be exploited to execute Ruby code beyond the
restrictions specified in each safe level.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 5.04:
- ruby1.8
- Ubuntu 4.10:
- ruby1.8
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None