[Security] Ruby 1.8.7 patchlevel 301 released (CVE-2010-0541)

Hello all. This is a new release for 1.8.7 series.

As Yugui posted earlier, there is a XSS vulnerability in WEBrick HTTP
server.
Beware that, though we realized this issue only recently, the
CVE-2010-0541
has been disclosed for months without notifying us, so public WEBrick
servers
are already under a real threat of attacks. Many thanks to Hideaki
Yamane for
letting us know it.

Anyway we have a fix for the issue now, and here are those applied for
the
1.8.7 branch. All WEBrick users are encouraged to upgrade.

URLs:

ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p301.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p301.tar.bz2
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p301.zip

Checksum:

MD5(ruby-1.8.7-p301.tar.gz)= 2c1a0c3d3d44e77c958e84ead26b1fc9
SHA256(ruby-1.8.7-p301.tar.gz)=
c9e3729fee37299348658c50222bc0317ea0a3cdd5abe6af60a5cb7e06f25edb
SIZE(ruby-1.8.7-p301.tar.gz)= 4867903

MD5(ruby-1.8.7-p301.tar.bz2)= f461d7672ee99de881f3e9fa5c76fae7
SHA256(ruby-1.8.7-p301.tar.bz2)=
6ddd929722d177240c52e9fafa637dae4d7f8a30825faabb33b1c5391b004029
SIZE(ruby-1.8.7-p301.tar.bz2)= 4183897

MD5(ruby-1.8.7-p301.zip)= 209f447e36207b5989f682008b31e7af
SHA256(ruby-1.8.7-p301.zip)=
591c9c6a4210698582fd14f18a715ce19d3a3e4578a7afad2c1e4e126e5cfb0c
SIZE(ruby-1.8.7-p301.zip)= 5965403

Thanks,

(2010/08/16 13:09), Urabe S. wrote:

Hello all. This is a new release for 1.8.7 series.

As Yugui posted earlier, there is a XSS vulnerability in WEBrick HTTP server.
Beware that, though we realized this issue only recently, the CVE-2010-0541
has been disclosed for months without notifying us, so public WEBrick servers
are already under a real threat of attacks. Many thanks to Hideaki Yamane for
letting us know it.

Anyway we have a fix for the issue now, and here are those applied for the
1.8.7 branch. All WEBrick users are encouraged to upgrade.

Oops, there was a packaging mistake. Please use this one instead:

ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p302.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p302.tar.bz2
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p302.zip

Checksum:

MD5(ruby-1.8.7-p302.tar.gz)= f446550dfde0d8162a6ed8d5a38b3ac2
SHA256(ruby-1.8.7-p302.tar.gz)=
5883df5204de70762602ce885b18c8bf6c856d33298c35df9151031b2ce044a1
SIZE(ruby-1.8.7-p302.tar.gz)= 4866763

MD5(ruby-1.8.7-p302.tar.bz2)= a6a9e37079ed8cf8726b455dad3de939
SHA256(ruby-1.8.7-p302.tar.bz2)=
3537cc81cc2378a2bc319cd16c4237ddee14a2839cfd1515b27dce108d061a68
SIZE(ruby-1.8.7-p302.tar.bz2)= 4184764

MD5(ruby-1.8.7-p302.zip)= 56cb754af4bbd5ec3bfbdb8af3ee72a7
SHA256(ruby-1.8.7-p302.zip)=
f50d6ae1a7247674b6a07e54cbd6704a6951ba20277cd7dc23d1453ffe00fedb
SIZE(ruby-1.8.7-p302.zip)= 5965421

Sorry for your inconvenience.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs