A vulnerability was found on WEBrick, a part of Ruby's standard library.
WEBrick lets attackers to inject malicious escape sequences to its logs,
making it possible for dangerous control characters to be executed on a
victim's terminal emulator.
We already have a fix for it. Releases for every active branches are to follow
this announce. But for a meantime, we recommend you to avoid looking at your
WEBrick logs, until you update your WEBrick process.
Continue Reading…
Posted by Urabe Shyouhei on 10 Jan 2010
We now have a series of patches to fix various bugs against 1.8.7 so I (Urabe Shyouhei) decided to release them. Here they are.
And excuse me for absence of a detailed release note... Please read the ChangeLog instead.
Continue Reading…
Posted by Urabe Shyouhei on 25 Dec 2009
Ruby 1.9.1-p376 just has been released. This is a patch level release of Ruby 1.9.1 and includes the fix of CVE-2009-4124.
The previous release, Ruby 1.9.1-p243 has a security vulnerability that allows heap overflow. This vulnerability was found by Emmanouel Kellinis, KPMG London.
I recommend all Ruby 1.9.1 users to upgrade to p376. But the vulnerability does not affect Ruby 1.8 series.
Continue Reading…
Posted by Yugui on 07 Dec 2009
There is a heap overflow vulnerability in String#ljust, String#center and String#rjust. This has allowed an attacker to run arbitrary code in some rare cases.
- All releases of Ruby 1.9.1.
This vulnerability does not affect Ruby 1.8 series.
Continue Reading…
Posted by Yugui on 07 Dec 2009
MountainWest RubyConf 2010 will be held March 11 and 12, 2010, in Salt Lake City, UT, USA.
http://mtnwestrubyconf.org
Talk proposals are being accepted right this very minute!
Submit yours here.
But don’t delay! The submission deadline is midnight (MST) on December 31st, 2009.
Continue Reading…
Posted by james on 03 Dec 2009
2009 Archives…
