=========================================================== Ubuntu Security Notice USN-691-1 December 16, 2008 ruby1.9 vulnerability CVE-2008-3443, CVE-2008-3790 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: ruby1.9 1.9.0.2-7ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Laurent Gaffie discovered that Ruby did not properly check for memory allocation failures. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service. (CVE-2008-3443) This update also fixes a regression in the upstream patch previously applied to fix CVE-2008-3790. The regression would cause parsing of some XML documents to fail.