FREE Subscription to Dr. Dobb’s Digest: Same Great Content, New Digital Edition
Site Archive (Complete)
Security
Email
Print
Reprint

add to:
Del.icio.us
Digg
Google
Furl
Slashdot
Y! MyWeb
Blink
June 23, 2008
Security Flaws Discovered, Patched in Ruby 1.8 and 1.9

Patches have been issued for bugs in several of Ruby's array- and string-related functions.

Late last week, Drew Yao of Apple Product Security apparently discovered several vulnerabilities in multiple versions of Ruby that could allow attackers to execute arbitrary code or create a denial of service condition.

The vulnerabilities stemmed from unchecked overflow conditions in several array-handling routines, and from an unsafe memory allocation in Ruby's string processing. The Ruby maintainers have since released patches for these vulnerabilities. Vulnerable versions include:

  • 1.8.4 and all prior versions
  • 1.8.5-p230 and all prior versions
  • 1.8.6-p229 and all prior versions
  • 1.8.7-p21 and all prior versions
  • 1.9.0-1 and all prior versions

Patches are available here:
http://www.ruby-lang.org/en/news /2008/06/20/arbitrary-code-execution-vulnerabilities/

TOP 5 ARTICLES
No Top Articles.



MICROSITES
FEATURED TOPIC

ADDITIONAL TOPICS

INFO-LINK