Blocking Sockets Vulnerability on Ubuntu?


#1

Hi Folks,

Ubuntu sent out a security announcement re Ruby 1.8 this morning:
http://www.ubuntu.com/usn/usn-273-1 I am trying to find background
information on this to aid in analyzing its impact on our Web
operations. (We run several Webrick-powered applications behind Apache
reverse proxies.)

Where did Matz. announce this? Looking over list threads recently, I
don’t see discussion on this (or am I just missing it?). Do you have any
information on the significance of this issue and the Ruby community’s
suggested response to it?

Thank you,
Ben


#2

On Mon, 2006-04-24 at 23:27 +0900, Ben Gribaudo wrote:

information on the significance of this issue and the Ruby community’s
suggested response to it?

Not sure, but maybe these are relevant:

http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/lib/webrick/server.rb?sortby=log
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-dev/26405

It looks like the issue was fixed by 1.8.3-preview2.


#3

Ross B. wrote:

Not sure, but maybe these are relevant:

http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/lib/webrick/server.rb?sortby=log
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-dev/26405

It looks like the issue was fixed by 1.8.3-preview2.

Thank you! -bdg