Ruby 1.9.1-p376 is released

Ruby 1.9.1-p376 just has been released. This is a patch level release of Ruby 1.9.1 and includes the fix of CVE-2009-4124.

CVE-2009-4124

The previous release, Ruby 1.9.1-p243 has a security vulnerability that allows heap overflow. This vulnerability was found by Emmanouel Kellinis, KPMG London.

I recommend all Ruby 1.9.1 users to upgrade to p376. But the vulnerability does not affect Ruby 1.8 series.

Continue Reading…

Posted by Yugui on 07 Dec 2009

Heap overflow in String

There is a heap overflow vulnerability in String#ljust, String#center and String#rjust. This has allowed an attacker to run arbitrary code in some rare cases.

Vulnerable versions

  • All releases of Ruby 1.9.1.

This vulnerability does not affect Ruby 1.8 series.

Continue Reading…

Posted by Yugui on 07 Dec 2009

Other News

More News…

Downloads | Documentation | Libraries | Community | News | Security | About Ruby