Posted by Yugui on 7 Dec 2009
There is a heap overflow vulnerability in String#ljust
,
String#center
and String#rjust
. This has allowed an attacker to run
arbitrary code in some rare cases.
Vulnerable versions
- All releases of Ruby 1.9.1.
This vulnerability does not affect Ruby 1.8 series.
Solution
Please upgrade to Ruby 1.9.1-p376.
Credit
Credit to Emmanouel Kellinis, KPMG London for disclosing the problem to Ruby Security team.
Changes
- 2009-12-07 14:52 +0900 add link to CVE (but not opened yet when writing this page)