Ruby Vulnerability Fixed in Ubuntu 12.10 and Ubuntu 12.04 LTS

Users will have to update the operating system in order to fix the problem

  Ruby logo
On March 25, in a security notice Canonical published details about Ruby vulnerabilities for its Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10, and Ubuntu 10.04 LTS operating system.

On March 25, in a security notice Canonical published details about Ruby vulnerabilities for its Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10, and Ubuntu 10.04 LTS operating system.

According to Canonical, Ruby could be made to hang, if it received specially crafted input.

It was discovered that the Ruby REXML library incorrectly handled XML entity expansion. An attacker could use this flaw to cause Ruby to consume large amounts of memory, resulting in a denial of service.

For a more detailed description of the security problems, you can visit Canonical's security notification.

The security flaws can be fixed if you upgrade your system(s) to the latest ruby1.8, ruby1.9.1, libruby1.8, and libruby1.9.1 packages, specific to each operating system. To apply the update, run the Update Manager application.

In general, a standard system update will make all the necessary changes. A system restart won't be necessary to implement the changes.

Comments