News

=========================================================== Ubuntu Security Notice USN-146-1 June 29, 2005 ruby1.8 vulnerability CAN-2005-1992 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: libxmlrpc-ruby1.8 ruby1.8 The problem can be corrected by upgrading the affected package to version 1.8.1+1.8.2pre2-3ubuntu0.2 (for Ubuntu 4.10), or 1.8.1+1.8.2pre4-1ubuntu0.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes; however, if you run custom XMLRPC servers implemented in Ruby, you have to restart them. Details follow: Nobuhiro IMAI discovered that the changed default value of the Module#public_instance_methods() method broke the security protection of XMLRPC server handlers. A remote attacker could exploit this to execute arbitrary commands on an XMLRPC server.