Y
Yugui (Yuki Sonoda)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I just have released Ruby 1.9.1-p378. This is a patch level release of
Ruby 1.9.1. This release fixes a vulnerability in WEBrick.
== WEBrick Vulnerability
WEBrick lets attackers to inject malicious escape sequences to its logs,
making it possible for dangerous control characters to be executed on a
victim's terminal emulator.
I recommand all 1.9 users to upgrade your ruby.
See also:
http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection/
== Location
* http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p378.tar.bz2
SIZE: 7296416 bytes
MD5: 5922459622a23612eb9b68a3586cb5f8
SHA256: 649e623f77190990d990089a819bc4ee60e21816f682ec37cee98d43adb46e51
* http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p378.tar.gz
SIZE: 9074768 bytes
MD5: 9fc5941bda150ac0a33b299e1e53654c
SHA256: b2960c330aa097c0cf90157a3133c6553ccdf8198e4c717c72cbe87c7f277547
* http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p378.zip
SIZE: 10338471 bytes
MD5: 126865c62cd298e12195519f0c52000a
SHA256: c3397be8c5372118d0fb011946df6a48e93eeaea4bad8fd8567ed1ddd34ff86c
== Credit
Credit to Giovanni "evilaliv3" Pellerano, Alessandro "jekil" Tanasi, and
Francesco "ascii" Ongaro for discovering this vulnerability.
- -- Yugui (Yuki Sonoda) <[email protected]>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAktJxj4ACgkQOXzH5JLb/AUUGACcCFYPoFfxZroDvnV835BegnKe
zzsAnRwD3dviHZ6uZbLnHz9U7JrFC2e0
=QhZD
-----END PGP SIGNATURE-----
Hash: SHA1
Urabe said:
I just have released Ruby 1.9.1-p378. This is a patch level release of
Ruby 1.9.1. This release fixes a vulnerability in WEBrick.
== WEBrick Vulnerability
WEBrick lets attackers to inject malicious escape sequences to its logs,
making it possible for dangerous control characters to be executed on a
victim's terminal emulator.
I recommand all 1.9 users to upgrade your ruby.
See also:
http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection/
== Location
* http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p378.tar.bz2
SIZE: 7296416 bytes
MD5: 5922459622a23612eb9b68a3586cb5f8
SHA256: 649e623f77190990d990089a819bc4ee60e21816f682ec37cee98d43adb46e51
* http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p378.tar.gz
SIZE: 9074768 bytes
MD5: 9fc5941bda150ac0a33b299e1e53654c
SHA256: b2960c330aa097c0cf90157a3133c6553ccdf8198e4c717c72cbe87c7f277547
* http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p378.zip
SIZE: 10338471 bytes
MD5: 126865c62cd298e12195519f0c52000a
SHA256: c3397be8c5372118d0fb011946df6a48e93eeaea4bad8fd8567ed1ddd34ff86c
== Credit
Credit to Giovanni "evilaliv3" Pellerano, Alessandro "jekil" Tanasi, and
Francesco "ascii" Ongaro for discovering this vulnerability.
- -- Yugui (Yuki Sonoda) <[email protected]>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAktJxj4ACgkQOXzH5JLb/AUUGACcCFYPoFfxZroDvnV835BegnKe
zzsAnRwD3dviHZ6uZbLnHz9U7JrFC2e0
=QhZD
-----END PGP SIGNATURE-----