Vulnerabilities found in Ruby 1.9
3 views
Skip to first unread message
Steve8x8
Aug 19, 2013, 3:25:22 AM8/19/13
to geo...@googlegroups.com
I have found several reports about a vulnerability of Ruby 1.9 to remote attacks, namely SSL.
(CVE IDs 2013-1821, 2013-4073)
There are no reports about 1.8, but that may be due to its end-of-life (back in June).
Please update your local Ruby installation asap - at least for Debian, fixed packages have been released on Aug 18 (yesterday).
Please also note that using the Windows Installer, you will end up with an outdated version of Ruby 1.9 - I'm currently unable to update my building machine, and therefore there will be no updated installer package for now. You may consider to install Ruby yourself, and use the tarball, if you're concerned.
I hope that for 3.18 (due around fall equinox) everything will be in place again.
Apologies,
S
(CVE IDs 2013-1821, 2013-4073)
There are no reports about 1.8, but that may be due to its end-of-life (back in June).
Please update your local Ruby installation asap - at least for Debian, fixed packages have been released on Aug 18 (yesterday).
Please also note that using the Windows Installer, you will end up with an outdated version of Ruby 1.9 - I'm currently unable to update my building machine, and therefore there will be no updated installer package for now. You may consider to install Ruby yourself, and use the tarball, if you're concerned.
I hope that for 3.18 (due around fall equinox) everything will be in place again.
Apologies,
S
Reply all
Reply to author
Forward
0 new messages