BT

InfoQ Homepage News Ruby 1.9.1 Update With Fix for Heap Overflow

Ruby 1.9.1 Update With Fix for Heap Overflow

Bookmarks

A new Ruby 1.9.1 release, Ruby 1.9.1-p376 is out.

Everyone using Ruby 1.9.1 should consider upgrading to p376 because it contains a fix for a heap overflow vulnerability:

There is a heap overflow vulnerability in String#ljust, String#center and String#rjust. This has allowed an attacker to run arbitrary code in some rare cases.

The bug is in rb_str_justify, more details about the bug are available. The vulnerability only exists on 1.9.1.

1.9.1-p376 also brings many bug fixes for other problems, details from the 1.9.1-p376 release notes:

* Irb extension commands had been broken. It was fixed.
* Ripper had not been able to parse some Ruby codes. It was fixed.
* Fixed build failures on AIX.
* Some bug fixes of Matrix.
* Can load gems which is installed in an user's home directory.
* Some method became returning a string with a correct encoding.

 Meanwhile, work on Ruby 1.9.2 is progressing (Changelog for the Ruby 1.9 trunk (Caution: large file)). Ruby 1.9.2 was delayed earlier this year to make sure it actually complies with RubySpec tests.

Rate this Article

Adoption
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Community comments

  • a good news for Ruby 1.9.1

    by bb Ghost /

    Your message is awaiting moderation. Thank you for participating in the discussion.

    a good news for Ruby1.9.1!i will change it now!

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

BT

Is your profile up-to-date? Please take a moment to review and update.

Note: If updating/changing your email, a validation request will be sent

Company name:
Company role:
Company size:
Country/Zone:
State/Province/Region:
You will be sent an email to validate the new email address. This pop-up will close itself in a few moments.