oss-sec mailing list archives
Re: patch sets for recent ruby vulnerabilities
From: Jamie Strandboge <jamie () canonical com>
Date: Mon, 30 Jun 2008 17:54:01 -0400
Passing this along from the ruby developers. I asked for comments regarding the regressions, but did not get any, but the commit to string.c on 2008/06/22 (ie after the announcement) is probably part of that. These commits are what I thought were the commits, but there was so much confusion at [1] and [2] that I went straight to the developers for confirmation. Hope this helps. Jamie [1] http://www.ruby-forum.com/topic/157034 [2] http://weblog.rubyonrails.com/2008/6/21/multiple-ruby-security-vulnerabilities On Wed, 25 Jun 2008, Shugo Maeda wrote:
Hello, 2008/6/25 Jamie Strandboge <jamie () canonical com>:Can you provide more details on the vulnerabilities as well as what files and commits pertain to these issues? If you don't mind, I would like to forward this information to the vendor-sec mailing list as well, so the other vendors can patch their distributions.The following commits pertain to the vulnerabilities. The SVN repository is at http://svn.ruby-lang.org/repos/ruby/. Please forward this information to the vendor-sec. ------------------------------------------------------------------------ r17530 | nobu | 2008-06-22 07:16:45 +0900 (Sun, 22 Jun 2008) | 2 lines Changed paths: M /branches/ruby_1_8/ChangeLog M /branches/ruby_1_8/string.c * string.c (str_buf_cat): check for self concatenation. ------------------------------------------------------------------------ r17483 | nobu | 2008-06-20 18:16:03 +0900 (Fri, 20 Jun 2008) | 2 lines Changed paths: M /branches/ruby_1_8/ChangeLog M /branches/ruby_1_8/string.c * string.c (rb_str_buf_append): should infect. ------------------------------------------------------------------------ r17472 | nobu | 2008-06-20 15:42:07 +0900 (Fri, 20 Jun 2008) | 5 lines Changed paths: M /branches/ruby_1_8/array.c M /branches/ruby_1_8/string.c M /trunk/array.c M /trunk/string.c * array.c (rb_ary_store, rb_ary_splice): not depend on unspecified behavior at integer overflow. * string.c (str_buf_cat): ditto. ------------------------------------------------------------------------ r17471 | nobu | 2008-06-20 15:40:10 +0900 (Fri, 20 Jun 2008) | 5 lines Changed paths: M /branches/ruby_1_8/ChangeLog M /trunk/ChangeLog * array.c (rb_ary_store, rb_ary_splice): not depend on unspecified behavior at integer overflow. * string.c (str_buf_cat): ditto. ------------------------------------------------------------------------ r17460 | shyouhei | 2008-06-20 08:12:46 +0900 (Fri, 20 Jun 2008) | 13 lines Changed paths: M /branches/ruby_1_8/ChangeLog M /branches/ruby_1_8/array.c M /branches/ruby_1_8/intern.h M /branches/ruby_1_8/sprintf.c M /branches/ruby_1_8/string.c M /branches/ruby_1_8_5/ChangeLog M /branches/ruby_1_8_5/array.c M /branches/ruby_1_8_5/intern.h M /branches/ruby_1_8_5/sprintf.c M /branches/ruby_1_8_5/string.c M /branches/ruby_1_8_5/version.h M /branches/ruby_1_8_6/ChangeLog M /branches/ruby_1_8_6/array.c M /branches/ruby_1_8_6/intern.h M /branches/ruby_1_8_6/sprintf.c M /branches/ruby_1_8_6/string.c M /branches/ruby_1_8_6/version.h M /branches/ruby_1_8_7/ChangeLog M /branches/ruby_1_8_7/array.c M /branches/ruby_1_8_7/intern.h M /branches/ruby_1_8_7/sprintf.c M /branches/ruby_1_8_7/string.c M /branches/ruby_1_8_7/version.h M /trunk/ChangeLog M /trunk/array.c M /trunk/string.c * array.c (ary_new, rb_ary_initialize, rb_ary_store, rb_ary_aplice, rb_ary_times): integer overflows should be checked. based on patches from Drew Yao <ayao at apple.com> fixed CVE-2008-2726 * string.c (rb_str_buf_append): fixed unsafe use of alloca, which led memory corruption. based on a patch from Drew Yao <ayao at apple.com> fixed CVE-2008-2726 * sprintf.c (rb_str_format): backported from trunk. * intern.h: ditto. -- Shugo Maeda
-- Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/
Attachment:
signature.asc
Description: Digital signature
Current thread:
- Re: patch sets for recent ruby vulnerabilities Jamie Strandboge (Jun 30)
- <Possible follow-ups>
- Re: patch sets for recent ruby vulnerabilities Jamie Strandboge (Jun 30)