http://www.techworld.com/security/news/index.cfm?newsID=101993
By Matthew Broersma
Techworld
24 June 2008
The Ruby programming language, which has become popular as the basis for
web 2.0 sites such as Twitter, contains serious security flaws that
could allow attackers to take over an organisation's web server,
according to the Ruby development team.
The "disturbing" flaws, which were disclosed on Friday, could affect
nearly any typical Ruby-based web application, according to Thomas
Ptacek, founder of security firm Matasano.
The five bugs affect Ruby version 1.8 up to 1.8.7-p21 and version 1.9 up
to 1.9.0-1, according to the Ruby development team.
Users can remedy the problem by upgrading to a patched version of Ruby,
developers said, with patches available on the Ruby language site [1].
[1] http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/
[...]
Received on Wed Jun 25 01:35:25 2008