Ruby Weekly is a weekly newsletter covering the latest Ruby and Rails news.

Ruby 1.9.1-p376 Released: Fixes A Heap Overflow Vulnerability And More

By Peter Cooper / December 7, 2009

head-palm-slap.png Uh oh, it's upgrade time again. Today, the official Ruby 1.9 maintainer (Yuki Sonoda, a.k.a. Yugui) announced a heap overflow vulnerability in Ruby 1.9.1 and, subsequently, the release of Ruby 1.9.1-p376 (patch level 376). As the current production level release of Ruby, this is a crucial upgrade - unless you're still using Ruby 1.8.x, which isn't affected at all.

As well as fixing the vulnerability, Ruby 1.9.1-p376 also includes over 100 bug fixes on the previous release, none of which are particularly interesting. You can check this release's change log to see if anything affects you.

If you want to download Ruby 1.9.1-p376 now, the following URLs will work direct:

Further, Danny Tatom has put together a PKGBUILD file for Ruby 1.9.1-p376 for Arch Linux users. As an aside, Arch Linux is worth a look if you haven't heard of it yet. It's basically a lightweight, heavily customizable, developer focused Linux distribution that's less annoying than Gentoo, and a little more BSD-like than the average Linux distro.

caliper-logo.png[ad] Find duplication, code smells, complex code and more in your Ruby code with Caliper! The metrics are free and setup takes just one click. Get started!

Comments

  1. Wayne E. Seguin says:

    The latest git head of rvm now defaults 1.9.1 to p376, it will be default in release 0.0.89.

    ~Wayne

  2. Wayne E. Seguin says:

    One more thing. Arch Linux is hardcore awesome, w00t! :)

Other Posts to Enjoy

Twitter Mentions