Ruby Vulnerabilities

An Apple Product Security technician has identified multiple vulnerabilities with Ruby, which if exploited could be used in denial of service attacks. It does not have to be just Mac OS X that this afects. It looks like it’s all versions based on the official post from the Ruby development team.?? To find out what version of Ruby you are using open up Terminal or your command-line prompt client and type

ruby –version

You should get something like this

ruby 1.8.6 (2008-06-20 patchlevel 230) [i686-darwin9.3.0]

Now you can see that’s I’ve already went ahead and updated my version, so yours might have patch 110 if there was a patch level. To update your Ruby version all you need to do is visit the link above and choose which patch you need to install.?? For us Ruby on Rails developers you’ll need to upgrade to Ruby 1.8.6 patch 230. You can download it here and type the following in your command-line prompt.

curl -O
tar xzvf ruby-1.8.6-p230.tar.gz
cd ruby-1.8.6-p230
./configure –enable-shared –enable-pthread CFLAGS=-D_XOPEN_SOURCE=1
sudo make install
cd ..

You can then check your version by typing.

ruby –version

If you have any problems, feel free to comment below.

UPDATE: After posting this I was having a hard time keeping an instance of mongrel running.?? I did some searching and found out that the option they have offered us does have a bug still in it.?? So what that means is that we either update and have issues or stay at what we’re currently at and deal with the possibility of denial of service attacks.?? Keep your eyes posted to the Ruby on Rails blog for an update. I’ll post another update here as well once things are figured out.

Comments are closed.