Ruby 1.9.1 Update With Fix for Heap Overflow
There is a heap overflow vulnerability in String#ljust, String#center and String#rjust. This has allowed an attacker to run arbitrary code in some rare cases.
The bug is in
rb_str_justify, more details about the bug are available. The vulnerability only exists on 1.9.1.
1.9.1-p376 also brings many bug fixes for other problems, details from the 1.9.1-p376 release notes:
* Irb extension commands had been broken. It was fixed.
* Ripper had not been able to parse some Ruby codes. It was fixed.
* Fixed build failures on AIX.
* Some bug fixes of Matrix.
* Can load gems which is installed in an user's home directory.
* Some method became returning a string with a correct encoding.
Meanwhile, work on Ruby 1.9.2 is progressing (Changelog for the Ruby 1.9 trunk (Caution: large file)). Ruby 1.9.2 was delayed earlier this year to make sure it actually complies with RubySpec tests.
a good news for Ruby 1.9.1
Tiago Romero Garcia Mar 01, 2015
How Can We Use Our Creative Power and Technological Opportunity to Address the Challenges of the 21st Century?
Gyorgyi Galik Feb 26, 2015