Ruby 1.9.1 Update With Fix for Heap Overflow

Posted by Werner Schuster on Dec 10, 2009

Sections

Architecture & Design,

Development

Topics

Ruby ,

Runtimes ,

Java ,

Dynamic Languages ,

Languages ,

Programming ,

Security ,

Open Source Project Releases ,

Ruby1.9

Share |

RELATED Research

A new Ruby 1.9.1 release, Ruby 1.9.1-p376 is out.

Everyone using Ruby 1.9.1 should consider upgrading to p376 because it contains a fix for a heap overflow vulnerability:

There is a heap overflow vulnerability in String#ljust, String#center and String#rjust. This has allowed an attacker to run arbitrary code in some rare cases.

The bug is in rb_str_justify, more details about the bug are available. The vulnerability only exists on 1.9.1.

1.9.1-p376 also brings many bug fixes for other problems, details from the 1.9.1-p376 release notes:

* Irb extension commands had been broken. It was fixed.
* Ripper had not been able to parse some Ruby codes. It was fixed.
* Fixed build failures on AIX.
* Some bug fixes of Matrix.
* Can load gems which is installed in an user's home directory.
* Some method became returning a string with a correct encoding.

 Meanwhile, work on Ruby 1.9.2 is progressing (Changelog for the Ruby 1.9 trunk (Caution: large file)). Ruby 1.9.2 was delayed earlier this year to make sure it actually complies with RubySpec tests.

RelatedVendorContent

Introducing SQLFire: a memory-optimized, high performance SQL database

Tutorial: Integrating SQLFire with tc Server and Spring Data

Troubleshoot Java/.NET performance while getting full visibility in production

RDBMS to NoSQL: Managing the Transition

Banking Case Study: Scaling with Low Latency using NewSQL

Related Sponsor

VMware vFabric SQLFire - Test drive the data management system with memory speed, horizontal scalability and a familiar SQL interface

1. Back to top

   a good news for Ruby 1.9.1

   by bb Ghost

   a good news for Ruby1.9.1!i will change it now!

   Reply