13 Feb '13, 6pm

Ruby on Rails Patches DoS, Remote Execution Flaws

Web app framework Ruby on Rails patched two security flaws this week in the open source framework that could have led to denial of service attacks and remote execution vulnerabilities. With builds 3.2.12, 3.1.11 and 2.3.17, the framework fixed a serialized attributes YAML vulnerability (CVE-2013-0277 ) that could have let developers give users access to the +serialize+ helper in ActiveRecord. From there an attacker could have used a specially crafted request to trick the function into deserializing arbitrary YAML data, potentially leading to remote code execution. The update also fixes another problem (CVE-2013-0276 ) in the framework’s ActiveRecord function, this one with its attr_protected method. Attackers could have bypassed the protection and alter values that were meant to be protected, according to an alert issued by Ruby on Rails contributer Aaron Patterson on Mond...

Full article: http://threatpost.com/en_us/blogs/ruby-rails-patches-dos-...

Tweets

More Rails security fixes released: Two bugs in...

h-online.com 12 Feb '13, 4pm

The Ruby on Rails Developers have released updates to Rails 3.2, 3.1 and 2.3 and made users aware of an update to the JSON...

More Rails security fixes released: Two bugs in...

h-online.com 12 Feb '13, 4pm

The Ruby on Rails Developers have released updates to Rails 3.2, 3.1 and 2.3 and made users aware of an update to the JSON...

Ruby on Rails #CVE-2013-0276 Remote Security By...

securityfocus.com 21 Feb '13, 6pm

Ruby on Rails Ruby on Rails 2.3.11 Ruby on Rails Ruby on Rails 2.3.14 Ruby on Rails Ruby on Rails 2.3.13 Ruby on Rails Rub...

Ruby on Rails 3.2.12, 3.1.11 and 2.3.17 Released to Address #Security Holes #ccureit

Ruby on Rails 3.2.12, 3.1.11 and 2.3.17 Release...

news.softpedia.com 13 Feb '13, 11am

The developers of Ruby on Rails have released versions 3.2.12, 3.1.11 and 2.3.17. Ruby on Rails 3.2.12 and 3.1.11 fix one ...

Neues Sicherheits-Update für Ruby on Rails: Mit...

heise.de 12 Feb '13, 5pm

Das Ruby-on-Rails -Team schließt weitere kritische Sicherheitslücken in dem populären Web-Application-Framework. Mit den U...

Finish Ruby on rails web app! by Liink: Hello I...

freelancer.com 14 Feb '13, 6pm

I need someone to help finish my web app. Its a Ruby on rails app and i need the right person to finish it off as the orig...

Taliban Execution

military.com 13 Feb '13, 5am

Much of this content is graphic in nature, showing unfiltered media from the global war on terror and other conflicts. To ...

Don't miss out! Today only get your first month...

metacasts.tv 14 Feb '13, 6am

#15 - Ruby 2.0.0-rc2 Ruby 2.0 introduces some new features and changes that could impact Ruby developers daily. In this ep...

Ruby 2.0

ruby-lang.org 24 Feb '13, 9am

The default encoding for ruby scripts is now UTF-8 [#6679]. Some people report that it affects existing programs, such as ...

Disable s3 storage from Ruby on Rails app! by L...

freelancer.com 14 Feb '13, 2pm

Project Description: Hello I urgently need someone to disable s3 storage from my Ruby on rails app souce code. I need all ...

★2013/02/15『【危険】Ruby on Rails の ActiveRecord にお...

jvndb.jvn.jp 15 Feb '13, 7am

Google Group : Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0 [CVE-2013-0277] Rails weblog : [SEC][ANN] R...

Ruby on Rails Developers (Anywhere). #jobs #africa

africaejob.com 14 Feb '13, 2am

Ruby on Rails Developers (Anywhere) Written by africajobs on February 2, 2012 · 0 Comments Exvo is a young informal startu...

Want to try Ruby 2.0? The last release candidat...

ruby-lang.org 14 Feb '13, 6pm

Ruby 2.0.0-rc2 is released. This will be the last release candidate of Ruby 2.0.0. Please give it a try, and report any is...