Upstream information

CVE-2008-2726 at MITRE

Description

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

SUSE information

Overall state of this security issue: Ignore

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.8
Vector AV:N/AC:L/Au:N/C:N/I:N/A:C
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
SUSE Bugzilla entries: 383299 [RESOLVED / FIXED], 397346 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise SDK 10 SP2
  • ruby >= 1.8.4-17.19
  • ruby-devel >= 1.8.4-17.19
  • ruby-doc-html >= 1.8.4-17.19
  • ruby-doc-ri >= 1.8.4-17.19
  • ruby-examples >= 1.8.4-17.19
  • ruby-test-suite >= 1.8.4-17.19
  • ruby-tk >= 1.8.4-17.19
sled10-sp2.x86
sle10-sp2-sdk.s390x
sle10-sp1-sdk.ia64
sle10-sp1-sdk.x86-64
core9.x86-64
core9.s390
core9.ia64
sled10.x86-64
sle10-sp1-sdk.x86
sle10-sp1-sdk.s390x
sle10-sp1-sdk.ppc
sle-ha.s390x
sles9-nld.x86-64
sle10-sp2-sdk.ppc
sle-ha.x86
sles9-nlpos.x86
core9.x86
sles9-oes.x86
sle10-sp2-sdk.x86
sle10-sp2-sdk.ia64
core9.s390x
sle-ha.ppc
sled10-sp2.x86-64
sle-ha.ia64
sled10.x86
sle-ha.x86-64
sle10-sp2-sdk.x86-64
sles9-nld.x86
core9.ppc
ZYPP Patch Nr: 5484
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
Open Enterprise Server
  • ruby >= 1.8.1-42.24
sled10-sp2.x86
sle10-sp2-sdk.s390x
sle10-sp1-sdk.ia64
sle10-sp1-sdk.x86-64
core9.x86-64
core9.s390
core9.ia64
sled10.x86-64
sle10-sp1-sdk.x86
sle10-sp1-sdk.s390x
sle10-sp1-sdk.ppc
sle-ha.s390x
sles9-nld.x86-64
sle10-sp2-sdk.ppc
sle-ha.x86
sles9-nlpos.x86
core9.x86
sles9-oes.x86
sle10-sp2-sdk.x86
sle10-sp2-sdk.ia64
core9.s390x
sle-ha.ppc
sled10-sp2.x86-64
sle-ha.ia64
sled10.x86
sle-ha.x86-64
sle10-sp2-sdk.x86-64
sles9-nld.x86
core9.ppc
ZYPP Patch Nr: 5484
openSUSE 11.0
  • ruby-debuginfo >= 1.8.6.p114-6.2
  • ruby-debugsource >= 1.8.6.p114-6.2
openSUSE 11.0
  • ruby >= 1.8.6.p114-6.2
  • ruby-devel >= 1.8.6.p114-6.2
  • ruby-doc-html >= 1.8.6.p114-6.2
  • ruby-doc-ri >= 1.8.6.p114-6.2
  • ruby-examples >= 1.8.6.p114-6.2
  • ruby-test-suite >= 1.8.6.p114-6.2
  • ruby-tk >= 1.8.6.p114-6.2