![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Official news post here:
http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/
General rundown of exactly _what_ is being affected:
http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/
http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html
Discussion forums of patches and such:
http://www.ruby-forum.com/topic/157034
Now, my question to you guys, is... has anyone patched their copy of ruby? Anyone have any pointers on patching/upgrading ruby on a production site? My partner, the one who set everything up, is off on his honeymoon and can't be reached. The wannabe security professional side of me understands what the vulnerabilities mean and would very much like to patch and upgrade ruby. But from what I've read on the discussion forum, the releases are said to break stuff, which would be Very Badâ„¢ for a live site.
Looks like we're running:
"Ubuntu 7.10" codename gutsy
ruby 1.8.6 (2007-06-07 patchlevel 36) [x86_64-linux]
crossposted to the ruby_lang, rails_dev community...
(This news is now about 5 days old...)
http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/
General rundown of exactly _what_ is being affected:
http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/
http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html
Discussion forums of patches and such:
http://www.ruby-forum.com/topic/157034
Now, my question to you guys, is... has anyone patched their copy of ruby? Anyone have any pointers on patching/upgrading ruby on a production site? My partner, the one who set everything up, is off on his honeymoon and can't be reached. The wannabe security professional side of me understands what the vulnerabilities mean and would very much like to patch and upgrade ruby. But from what I've read on the discussion forum, the releases are said to break stuff, which would be Very Badâ„¢ for a live site.
Looks like we're running:
"Ubuntu 7.10" codename gutsy
ruby 1.8.6 (2007-06-07 patchlevel 36) [x86_64-linux]
crossposted to the ruby_lang, rails_dev community...
(This news is now about 5 days old...)
