Ruby 1.9.1-p376 just has been released. This is a patch level release of Ruby 1.9.1 and includes the fix of CVE-2009-4124.
The previous release, Ruby 1.9.1-p243 has a security vulnerability that allows heap overflow. This vulnerability was found by Emmanouel Kellinis, KPMG London.
I recommend all Ruby 1.9.1 users to upgrade to p376. But the vulnerability does not affect Ruby 1.8 series.
In addition, 1.9.1-p376 includes > 100 bug fixes.
- Irb extension commands had been broken. It was fixed.
- Ripper had not been able to parse some Ruby codes. It was fixed.
- Fixed build failures on AIX.
- Some bug fixes of Matrix.
- Can load gems which is installed in an user's home directory.
- Some method became returning a string with a correct encoding.
See the ChangeLog for more detail.
- 7293106 bytes
- 9073007 bytes
- 10337871 bytes
Posted by Yugui on 7 Dec 2009