Patches have been issued for bugs in several of Ruby's array- and string-related functions.
June 23, 2008
URL:http://www.drdobbs.com/security/security-flaws-discovered-patched-in-rub/208800194
Late last week, Drew Yao of Apple Product Security apparently discovered several vulnerabilities in multiple versions of Ruby that could allow attackers to execute arbitrary code or create a denial of service condition.
The vulnerabilities stemmed from unchecked overflow conditions in several array-handling routines, and from an unsafe memory allocation in Ruby's string processing. The Ruby maintainers have since released patches for these vulnerabilities. Vulnerable versions include:
Patches are available here:
http://www.ruby-lang.org/en/news /2008/06/20/arbitrary-code-execution-vulnerabilities/
Terms of Service | Privacy Statement | Copyright © 2024 UBM Tech, All rights reserved.