K
Kirk Haines
We have released Ruby 1.8.6-pl369. This is primarily a security release.
A flaw was found with BigDecimal that could be exploited to cause the
interpreter to segfault because it mishandled certain large input
values. As ActiveRecord uses BigDecimal, this issue could potentially
affect many Rails installations, though this is not a Rails specific
issue. The result is that an attacker could potentially deliver a
denial of service attack to many applications. This vulnerability has
been assigned the CVE name CVE-2009-1904.
This issue affects all Ruby 1.8.6 versions prior to pl369. New
versions can be found at ruby-lang.org:
* ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p369.tar.gz
MD5(ruby-1.8.6-p369.tar.bz2)= c3c1f3dd0dfbd2e17a04e59c2f12cfc8
SHA256(ruby-1.8.6-p369.tar.bz2)=
fb6974ab8a0de52511e846eacf113432b5227a867e3c9741d65775f162e13715
SIZE(ruby-1.8.6-p369.tar.bz2)= 3981771
MD5(ruby-1.8.6-p369.tar.gz)= 8c140ae28b4c3947b92dfad69109d90b
SHA256(ruby-1.8.6-p369.tar.gz)=
edd3707a24dcf53d36a8722fe5addeb0d9077481a272451a9e662374863ba42c
SIZE(ruby-1.8.6-p369.tar.gz)= 4578207
MD5(ruby-1.8.6-p369.zip)= 139d301368533207919befed9ddd92e7
SHA256(ruby-1.8.6-p369.zip)=
fde0c634f98a08ba4c1fb012a22122579f22154134d281ef4e22692a1c1c6ff4
SIZE(ruby-1.8.6-p369.zip)= 5620911
Thank you,
Kirk Haines
Engine Yard
(e-mail address removed)
irc: wyhaines
A flaw was found with BigDecimal that could be exploited to cause the
interpreter to segfault because it mishandled certain large input
values. As ActiveRecord uses BigDecimal, this issue could potentially
affect many Rails installations, though this is not a Rails specific
issue. The result is that an attacker could potentially deliver a
denial of service attack to many applications. This vulnerability has
been assigned the CVE name CVE-2009-1904.
This issue affects all Ruby 1.8.6 versions prior to pl369. New
versions can be found at ruby-lang.org:
* ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p369.tar.gz
MD5(ruby-1.8.6-p369.tar.bz2)= c3c1f3dd0dfbd2e17a04e59c2f12cfc8
SHA256(ruby-1.8.6-p369.tar.bz2)=
fb6974ab8a0de52511e846eacf113432b5227a867e3c9741d65775f162e13715
SIZE(ruby-1.8.6-p369.tar.bz2)= 3981771
MD5(ruby-1.8.6-p369.tar.gz)= 8c140ae28b4c3947b92dfad69109d90b
SHA256(ruby-1.8.6-p369.tar.gz)=
edd3707a24dcf53d36a8722fe5addeb0d9077481a272451a9e662374863ba42c
SIZE(ruby-1.8.6-p369.tar.gz)= 4578207
MD5(ruby-1.8.6-p369.zip)= 139d301368533207919befed9ddd92e7
SHA256(ruby-1.8.6-p369.zip)=
fde0c634f98a08ba4c1fb012a22122579f22154134d281ef4e22692a1c1c6ff4
SIZE(ruby-1.8.6-p369.zip)= 5620911
Thank you,
Kirk Haines
Engine Yard
(e-mail address removed)
irc: wyhaines