U
Urabe Shyouhei
Hi all.
Vulnerabilities were found on a subsystem of WEBrick which enable
attackers to access private files. These are releases to fix those problems.
Also note, though no release were made for them, 1.9 series of ruby are
also affected.
Detailed information should be found at:
http://preview.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/
Released tarballs are available at:
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p114.tar.bz2
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p114.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p114.zip
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p115.tar.bz2
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p115.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p115.zip
And checksums:
MD5(ruby-1.8.6-p114.tar.gz)= 500a9f11613d6c8ab6dcf12bec1b3ed3
SHA256(ruby-1.8.6-p114.tar.gz)= 6cdf4dfa9266f85184d58a80007f0f8af1d933ed2820da448c1842690e55ef6a
SIZE(ruby-1.8.6-p114.tar.gz)= 4549333
MD5(ruby-1.8.6-p114.tar.bz2)= b4d0c74497f684814bcfbb41b7384a71
SHA256(ruby-1.8.6-p114.tar.bz2)= 4ac0d0271324c54525210f775e5fcc9a37e3d8a10b96d68cdfeeb361c6f64a63
SIZE(ruby-1.8.6-p114.tar.bz2)= 3920921
MD5(ruby-1.8.6-p114.zip)= cb7ad0a3a6536953e623d6f17938f80f
SHA256(ruby-1.8.6-p114.zip)= ecd80e33ce136d3144fb20c42162999e6cfa6387192e8cc91a6b2ff96d3dc12f
SIZE(ruby-1.8.6-p114.zip)= 5565408
MD5(ruby-1.8.5-p115.tar.gz)= 20ca6cc87eb077296806412feaac0356
SHA256(ruby-1.8.5-p115.tar.gz)= bd7989c07230962e5f79e2556e0c1043483dc981b11467be3f4de4bf20f56e47
SIZE(ruby-1.8.5-p115.tar.gz)= 4486245
MD5(ruby-1.8.5-p115.tar.bz2)= 03955e3c367b9beb3efe144c9f00d689
SHA256(ruby-1.8.5-p115.tar.bz2)= 3b5b799d6445b4ec8bc8b2944c6797dbd031b22e1756c9ae8b08c1f5d6cdc398
SIZE(ruby-1.8.5-p115.tar.bz2)= 3862732
MD5(ruby-1.8.5-p115.zip)= a959946329f219bde633646c64387821
SHA256(ruby-1.8.5-p115.zip)= f96d4c1973741bea8e5270ba468cf9af79bd81ae9222ab791043752bb90f5ca8
SIZE(ruby-1.8.5-p115.zip)= 5494089
Vulnerabilities were found on a subsystem of WEBrick which enable
attackers to access private files. These are releases to fix those problems.
Also note, though no release were made for them, 1.9 series of ruby are
also affected.
Detailed information should be found at:
http://preview.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/
Released tarballs are available at:
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p114.tar.bz2
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p114.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p114.zip
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p115.tar.bz2
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p115.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p115.zip
And checksums:
MD5(ruby-1.8.6-p114.tar.gz)= 500a9f11613d6c8ab6dcf12bec1b3ed3
SHA256(ruby-1.8.6-p114.tar.gz)= 6cdf4dfa9266f85184d58a80007f0f8af1d933ed2820da448c1842690e55ef6a
SIZE(ruby-1.8.6-p114.tar.gz)= 4549333
MD5(ruby-1.8.6-p114.tar.bz2)= b4d0c74497f684814bcfbb41b7384a71
SHA256(ruby-1.8.6-p114.tar.bz2)= 4ac0d0271324c54525210f775e5fcc9a37e3d8a10b96d68cdfeeb361c6f64a63
SIZE(ruby-1.8.6-p114.tar.bz2)= 3920921
MD5(ruby-1.8.6-p114.zip)= cb7ad0a3a6536953e623d6f17938f80f
SHA256(ruby-1.8.6-p114.zip)= ecd80e33ce136d3144fb20c42162999e6cfa6387192e8cc91a6b2ff96d3dc12f
SIZE(ruby-1.8.6-p114.zip)= 5565408
MD5(ruby-1.8.5-p115.tar.gz)= 20ca6cc87eb077296806412feaac0356
SHA256(ruby-1.8.5-p115.tar.gz)= bd7989c07230962e5f79e2556e0c1043483dc981b11467be3f4de4bf20f56e47
SIZE(ruby-1.8.5-p115.tar.gz)= 4486245
MD5(ruby-1.8.5-p115.tar.bz2)= 03955e3c367b9beb3efe144c9f00d689
SHA256(ruby-1.8.5-p115.tar.bz2)= 3b5b799d6445b4ec8bc8b2944c6797dbd031b22e1756c9ae8b08c1f5d6cdc398
SIZE(ruby-1.8.5-p115.tar.bz2)= 3862732
MD5(ruby-1.8.5-p115.zip)= a959946329f219bde633646c64387821
SHA256(ruby-1.8.5-p115.zip)= f96d4c1973741bea8e5270ba468cf9af79bd81ae9222ab791043752bb90f5ca8
SIZE(ruby-1.8.5-p115.zip)= 5494089