Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Ruby > [ANN][Security] Ruby 1.9.1-p429 is out

Reply
Thread Tools

[ANN][Security] Ruby 1.9.1-p429 is out

 
 
Yuki Sonoda (Yugui)
Guest
Posts: n/a
 
      07-02-2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Ruby 1.9.1-p429 has just been released. This is a patchlevel release for
Ruby 1.9.1. This fixes many bugs and includes the fix for a security
vulnerability that allows an attacker to execute an arbitrary code.

See http://svn.ruby-lang.org/repos/ruby/..._429/ChangeLog for
other fixes.

== Vunerability
A security vulnerability that causes buffer overflow when you assign a
danger value to ARGF.inplace_mode on Windows. It possibly allows an
attacker to execute an arbitrary code.

The affected versions are:
* Ruby 1.9.1 patchlevel 378 and all prior versions.
* Ruby 1.9.2 preview 3 and all prior versions.
* Development versions of Ruby 1.9 (1.9.3dev).
I recommend you to upgrade your ruby 1.9 to 1.9.1-p429 or 1.9.2-preview3.

The vulnerability does not directly affect to Ruby 1.8 series.

=== Credit
The vulnerability was found and reported by Masaya TARUI.

== Location
* http://ftp.ruby-lang.org/pub/ruby/1....1-p429.tar.bz2
SIZE: 7300923 bytes
MD5: 09df32ae51b6337f7a2e3b1909b26213
SHA256: e0b9471d77354628a8041068f45734eb2d99f5b5df08fe5a76 d785d989a47bfb

* http://ftp.ruby-lang.org/pub/ruby/1.....1-p429.tar.gz
SIZE: 9078126 bytes
MD5: 0f6d7630f26042e00bc59875755cf879
SHA256: fdd97f52873b70f378ac73c76a1b2778e210582ce5fe1e1c24 1c37bd906b43b2

* http://ftp.ruby-lang.org/pub/ruby/1....1.9.1-p429.zip
SIZE: 10347659 bytes
MD5: fcd031414e5e4534f97aa195bb586d6c
SHA256: c9fe2364b477ad004030f4feeb89aeaa2a01675ff95db1bed3 1a932806f85680

- -- Yuki Sonoda (Yugui) <(E-Mail Removed)>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkwtxikACgkQOXzH5JLb/AWOawCfd1iGdmbzhcxwXfEwSSF0GQl5
8IwAnjaOe4zU/E0qYTixgxOT7zD026OH
=Xqbg
-----END PGP SIGNATURE-----

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Ruby extension (C++) on OS X [ruby 1.8.2] and Google-Sketchup [ruby 1.8.5] Nicholas Ruby 3 01-28-2007 01:48 AM
The Ruby Edge - Digg for Ruby and Ruby On Rails roschler Ruby 0 10-15-2006 11:35 PM
ruby-talk, comp.lang.ruby, ruby-talk-google Phrogz Ruby 4 09-06-2006 06:43 PM
#!/usr/bin/ruby , #!/usr/bin/ruby -w , #!/usr/bin/ruby -T?, #!/usr/bin/ruby -T1... anne001 Ruby 1 04-23-2006 03:02 PM
[ANN] ruby-freedb, ruby-serialport, ruby-mp3info moved to Rubyforge guillaume.pierronnet@ratp.fr Ruby 0 08-31-2003 11:57 PM



Advertisments