Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Ruby > [ANN][Security] Ruby 1.9.1-p429 is out

Thread Tools

[ANN][Security] Ruby 1.9.1-p429 is out

Yuki Sonoda (Yugui)
Posts: n/a
Hash: SHA1


Ruby 1.9.1-p429 has just been released. This is a patchlevel release for
Ruby 1.9.1. This fixes many bugs and includes the fix for a security
vulnerability that allows an attacker to execute an arbitrary code.

See for
other fixes.

== Vunerability
A security vulnerability that causes buffer overflow when you assign a
danger value to ARGF.inplace_mode on Windows. It possibly allows an
attacker to execute an arbitrary code.

The affected versions are:
* Ruby 1.9.1 patchlevel 378 and all prior versions.
* Ruby 1.9.2 preview 3 and all prior versions.
* Development versions of Ruby 1.9 (1.9.3dev).
I recommend you to upgrade your ruby 1.9 to 1.9.1-p429 or 1.9.2-preview3.

The vulnerability does not directly affect to Ruby 1.8 series.

=== Credit
The vulnerability was found and reported by Masaya TARUI.

== Location
SIZE: 7300923 bytes
MD5: 09df32ae51b6337f7a2e3b1909b26213
SHA256: e0b9471d77354628a8041068f45734eb2d99f5b5df08fe5a76 d785d989a47bfb

SIZE: 9078126 bytes
MD5: 0f6d7630f26042e00bc59875755cf879
SHA256: fdd97f52873b70f378ac73c76a1b2778e210582ce5fe1e1c24 1c37bd906b43b2

SIZE: 10347659 bytes
MD5: fcd031414e5e4534f97aa195bb586d6c
SHA256: c9fe2364b477ad004030f4feeb89aeaa2a01675ff95db1bed3 1a932806f85680

- -- Yuki Sonoda (Yugui) <(E-Mail Removed)>
Version: GnuPG v1.4.10 (Darwin)
Comment: Using GnuPG with Mozilla -


Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Ruby extension (C++) on OS X [ruby 1.8.2] and Google-Sketchup [ruby 1.8.5] Nicholas Ruby 3 01-28-2007 01:48 AM
The Ruby Edge - Digg for Ruby and Ruby On Rails roschler Ruby 0 10-15-2006 11:35 PM
ruby-talk, comp.lang.ruby, ruby-talk-google Phrogz Ruby 4 09-06-2006 06:43 PM
#!/usr/bin/ruby , #!/usr/bin/ruby -w , #!/usr/bin/ruby -T?, #!/usr/bin/ruby -T1... anne001 Ruby 1 04-23-2006 03:02 PM
[ANN] ruby-freedb, ruby-serialport, ruby-mp3info moved to Rubyforge Ruby 0 08-31-2003 11:57 PM