[Mongrel] patched ruby seems to break mongrel?

David Shettler dave at opensecurityfoundation.org
Mon Jun 23 09:59:45 EDT 2008


Hey all,  patched ruby on my development and production environments
to 1.8.6-p230 to address these new ruby vulnerabilities:

  http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/

mongrel began segfaulting after restarting.

Then tried ruby 1.8.7-p22 and upgrading to rails 2.1.0 (from rails
2.0.2), same issue.  Had to revert back to the vulnerable GA 1.8.6.

Running centos 4, mongrel 1.1.5 (tried 1.1.3, 1.1.4 as well, all same results).

Any further info I can provide, I'd be glad to.

Dave
OSVDB.org


More information about the Mongrel-users mailing list