Re: Ruby vulnerability?



Shaun Amott wrote:
On Sat, Jul 29, 2006 at 07:54:16PM +0200, Remko Lodder wrote:
Sergey Matveychuk wrote:
Shaun Amott wrote:
On Fri, Jul 28, 2006 at 03:03:43PM +1000, Joel Hatton wrote:
FYI, Red Hat released an advisory today about a vulnerability in Ruby. So
far it doesn't appear in the VuXML, but am I correct in presuming it will
soon?

I've added it; thanks for the report.

Can we get patches somewhere? I can't find any.

It is said that the patches are available through the CVSweb
but all the information I could fine was in japanese, which is
a bit difficult to read for me (read: i do not speak nor read
japanese at all).

The CVE report seemed to imply that there was a fix in 1.8.5, which I
assumed had therefore been released. But it seems this isn't the case.

The Ruby folks say they don't publish advisories until there is a fix
ready; and there is no mention of this vulnerability on the website.


CVE report is very unpleasant: "Multiple unspecified vulnerabilities".
Secunia has more professional report.

RedHat is only vendor who released updates, but they are binary. So,
there is no known fix now.

I hope ruby team will release 1.8.5 ASAP.

--
Dixi.
Sem.
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: Computer Reseting
    ... What you describe is a vulnerability from August of 2003 that was exploited ... To fix this problem, perform the following steps: ... Go to WindowsUpdate.com and download ALL of the latest patches. ... Microsoft MVP - Windows Security ...
    (microsoft.public.scripting.virus.discussion)
  • Re: RPC
    ... What you describe is a vulnerability from August of 2003 that was exploited ... To fix this problem, perform the following steps: ... Go to WindowsUpdate.com and download ALL of the latest patches. ... Microsoft MVP - Windows Security ...
    (microsoft.public.windowsxp.security_admin)
  • [Full-disclosure] Remedy for Getting Off is Patch
    ... I'd like to warn you about Patches. ... fix their is horrendous programs. ... an asset to correct the weakness described by a vulnerability. ... Security patches are the primary method of fixing security ...
    (Full-Disclosure)
  • Re: RPC DCOM BUFFER OVERFLOW
    ... What you describe is a vulnerability from August of 2003 that was exploited ... Go to WindowsUpdate.com and download ALL of the latest patches. ... Microsoft MVP - Windows Security ... How do I fix this? ...
    (microsoft.public.security.virus)
  • [ANNOUNCE] Stacked GIT 0.13
    ... operations are performed using GIT commands and the patches are stored ... Safety checks for the 'rebase' command ... already modified by the current patch ... Fix bash completion to not garble the screen with an error message. ...
    (Linux-Kernel)