[ANN][Security] Ruby 1.9.1-p429 is out

Discussion in 'Ruby' started by Yuki Sonoda (Yugui), Jul 2, 2010.

  1. -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Hi,

    Ruby 1.9.1-p429 has just been released. This is a patchlevel release for
    Ruby 1.9.1. This fixes many bugs and includes the fix for a security
    vulnerability that allows an attacker to execute an arbitrary code.

    See http://svn.ruby-lang.org/repos/ruby/tags/v1_9_1_429/ChangeLog for
    other fixes.

    == Vunerability
    A security vulnerability that causes buffer overflow when you assign a
    danger value to ARGF.inplace_mode on Windows. It possibly allows an
    attacker to execute an arbitrary code.

    The affected versions are:
    * Ruby 1.9.1 patchlevel 378 and all prior versions.
    * Ruby 1.9.2 preview 3 and all prior versions.
    * Development versions of Ruby 1.9 (1.9.3dev).
    I recommend you to upgrade your ruby 1.9 to 1.9.1-p429 or 1.9.2-preview3.

    The vulnerability does not directly affect to Ruby 1.8 series.

    === Credit
    The vulnerability was found and reported by Masaya TARUI.

    == Location
    * http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p429.tar.bz2
    SIZE: 7300923 bytes
    MD5: 09df32ae51b6337f7a2e3b1909b26213
    SHA256: e0b9471d77354628a8041068f45734eb2d99f5b5df08fe5a76d785d989a47bfb

    * http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p429.tar.gz
    SIZE: 9078126 bytes
    MD5: 0f6d7630f26042e00bc59875755cf879
    SHA256: fdd97f52873b70f378ac73c76a1b2778e210582ce5fe1e1c241c37bd906b43b2

    * http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p429.zip
    SIZE: 10347659 bytes
    MD5: fcd031414e5e4534f97aa195bb586d6c
    SHA256: c9fe2364b477ad004030f4feeb89aeaa2a01675ff95db1bed31a932806f85680

    - -- Yuki Sonoda (Yugui) <>
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.10 (Darwin)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

    iEYEARECAAYFAkwtxikACgkQOXzH5JLb/AWOawCfd1iGdmbzhcxwXfEwSSF0GQl5
    8IwAnjaOe4zU/E0qYTixgxOT7zD026OH
    =Xqbg
    -----END PGP SIGNATURE-----
     
    Yuki Sonoda (Yugui), Jul 2, 2010
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Aaron
    Replies:
    1
    Views:
    354
    John C. Bollinger
    Aug 4, 2003
  2. Luis Lavena
    Replies:
    0
    Views:
    108
    Luis Lavena
    Jul 6, 2010
  3. Mitko Kostov

    Ruby 1.9.1-p429

    Mitko Kostov, Jul 7, 2010, in forum: Ruby
    Replies:
    1
    Views:
    152
    Chuck Remes
    Jul 7, 2010
  4. Yuki Sonoda (Yugui)

    [ANN][Security] Ruby 1.9.1-p431 is released

    Yuki Sonoda (Yugui), Feb 18, 2011, in forum: Ruby
    Replies:
    0
    Views:
    127
    Yuki Sonoda (Yugui)
    Feb 18, 2011
  5. Yuki Sonoda (Yugui)

    [ANN][Security] Ruby 1.9.2-p180 is released

    Yuki Sonoda (Yugui), Feb 18, 2011, in forum: Ruby
    Replies:
    0
    Views:
    95
    Yuki Sonoda (Yugui)
    Feb 18, 2011
Loading...

Share This Page