Re: Arbitrary code execution vulnerabilities

< ^ > P N |<>|^_>< --- | ~ ...Help

Jeremy Kemper wrote:
> On Fri, Jun 20, 2008 at 11:31 PM, Peńá, Botp <botp / delmonte-phil.com> wrote:
>> From: Mike Berrow [mailto:mberrow1 / pacbell.net]
>> # Some people seem to be seeing problems with the 1.8.6-p230 upgrade,
>> # though.
>> # See comments at:
>> # http://weblog.rubyonrails.com/2008/6/21/multiple-ruby-security
>> # -vulnerabilities
>>
>> ruby is not rails. upgrading ruby does not mean you've upgraded rails too. wait for the rails upgrade. ask the rails list or dhh.
> 
> You misunderstood. The latest patchlevels of 1.8.5 and 1.8.6 are segfaulting.
> 
> jeremy
> 
> 

1. Is this on simple reproducible cases or do you need Rails to get a 
segfault?

2. gdb is your friend. :)