Dr. Dobb's | Security Flaws Discovered, Patched in Ruby 1.8 and 1.9


	Email	Print Reprint
	add to:
	Del.icio.us Digg Google Furl	Slashdot Y! MyWeb Blink

June 23, 2008

Security Flaws Discovered, Patched in Ruby 1.8 and 1.9

Patches have been issued for bugs in several of Ruby's array- and string-related functions.

Late last week, Drew Yao of Apple Product Security apparently discovered several vulnerabilities in multiple versions of Ruby that could allow attackers to execute arbitrary code or create a denial of service condition.

The vulnerabilities stemmed from unchecked overflow conditions in several array-handling routines, and from an unsafe memory allocation in Ruby's string processing. The Ruby maintainers have since released patches for these vulnerabilities. Vulnerable versions include:

1.8.4 and all prior versions
1.8.5-p230 and all prior versions
1.8.6-p229 and all prior versions
1.8.7-p21 and all prior versions
1.9.0-1 and all prior versions

Patches are available here:
http://www.ruby-lang.org/en/news /2008/06/20/arbitrary-code-execution-vulnerabilities/


RELATED ARTICLES SafeCode Releases Guidelines for Secure Code Googling Security: Mapping, Directions, and Imagery Security Software Survey Focuses on User Likes, Dislikes ElcomSoft Claims 1 Billion Passwords/Sec Recovery; Uses GPUs in Parallel Security Is a State of Mind		TOP 5 ARTICLES No Top Articles.


			Site Archive (Complete)

	ABOUT US \| CONTACT \| ADVERTISE \| SUBSCRIBE \| SOURCE CODE \| CURRENT PRINT ISSUE \| NEWSLETTERS \| RESOURCES \| BLOGS \| PODCASTS \| CAREERS