Arbitrary code execution vulnerabilities

Discussion in 'Ruby' started by Mike Berrow, Jun 21, 2008.

  1. Mike Berrow

    Mike Berrow Guest

    Mike Berrow, Jun 21, 2008
    #1
    1. Advertising

  2. RnJvbTogTWlrZSBCZXJyb3cgW21haWx0bzptYmVycm93MUBwYWNiZWxsLm5ldF0gDQojIFNvbWUg
    cGVvcGxlIHNlZW0gdG8gYmUgc2VlaW5nIHByb2JsZW1zIHdpdGggdGhlIDEuOC42LXAyMzAgdXBn
    cmFkZSwNCiMgdGhvdWdoLg0KIyBTZWUgY29tbWVudHMgYXQ6DQojIGh0dHA6Ly93ZWJsb2cucnVi
    eW9ucmFpbHMuY29tLzIwMDgvNi8yMS9tdWx0aXBsZS1ydWJ5LXNlY3VyaXR5DQojIC12dWxuZXJh
    YmlsaXRpZXMNCg0KcnVieSBpcyBub3QgcmFpbHMuIHVwZ3JhZGluZyBydWJ5IGRvZXMgbm90IG1l
    YW4geW91J3ZlIHVwZ3JhZGVkIHJhaWxzIHRvby4gd2FpdCBmb3IgdGhlIHJhaWxzIHVwZ3JhZGUu
    IGFzayB0aGUgcmFpbHMgbGlzdCBvciBkaGguDQoNCmtpbmQgcmVnYXJkcyAtYm90cA0KDQoNCg==
     
    Peña, Botp, Jun 21, 2008
    #2
    1. Advertising

  3. On Fri, Jun 20, 2008 at 11:31 PM, Pe=F1a, Botp <> wro=
    te:
    > From: Mike Berrow [mailto:]
    > # Some people seem to be seeing problems with the 1.8.6-p230 upgrade,
    > # though.
    > # See comments at:
    > # http://weblog.rubyonrails.com/2008/6/21/multiple-ruby-security
    > # -vulnerabilities
    >
    > ruby is not rails. upgrading ruby does not mean you've upgraded rails too=

    wait for the rails upgrade. ask the rails list or dhh.

    You misunderstood. The latest patchlevels of 1.8.5 and 1.8.6 are segfaultin=
    g.

    jeremy
     
    Jeremy Kemper, Jun 21, 2008
    #3
  4. Jeremy Kemper wrote:
    > On Fri, Jun 20, 2008 at 11:31 PM, Peña, Botp <> wrote:
    >> From: Mike Berrow [mailto:]
    >> # Some people seem to be seeing problems with the 1.8.6-p230 upgrade,
    >> # though.
    >> # See comments at:
    >> # http://weblog.rubyonrails.com/2008/6/21/multiple-ruby-security
    >> # -vulnerabilities
    >>
    >> ruby is not rails. upgrading ruby does not mean you've upgraded rails too. wait for the rails upgrade. ask the rails list or dhh.

    >
    > You misunderstood. The latest patchlevels of 1.8.5 and 1.8.6 are segfaulting.
    >
    > jeremy
    >
    >


    1. Is this on simple reproducible cases or do you need Rails to get a
    segfault?

    2. gdb is your friend. :)
     
    M. Edward (Ed) Borasky, Jun 21, 2008
    #4
  5. Mike Berrow

    Mike Berrow Guest

    Mike Berrow, Jun 22, 2008
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. wijhierbeneden

    vulnerabilities

    wijhierbeneden, Oct 21, 2004, in forum: C++
    Replies:
    5
    Views:
    1,431
    Christopher Benson-Manica
    Oct 22, 2004
  2. Dave Vandervies

    Re: vulnerabilities

    Dave Vandervies, Oct 22, 2004, in forum: C++
    Replies:
    3
    Views:
    374
    Dan Pop
    Oct 22, 2004
  3. Honestmath
    Replies:
    5
    Views:
    593
    Honestmath
    Dec 13, 2004
  4. Replies:
    2
    Views:
    1,021
    Chris Uppal
    Feb 5, 2007
  5. wijhierbeneden

    vulnerabilities

    wijhierbeneden, Oct 21, 2004, in forum: C Programming
    Replies:
    72
    Views:
    1,608
    Peter Pichler
    Nov 6, 2004
Loading...

Share This Page