09 Nov '12, 8pm

"Hash-flooding DoS vulnerability for ruby 1.9 (CVE-2012-5371)" Check your applications now! #hashdos

Hash-flooding DoS attack reported for the Hash function ruby 1.9 series were using. This vulnerability is different from CVS-2011-4815 for ruby 1.8.7. All ruby 1.9 users are recommended to upgrade to ruby-1.9.3 patchlevel 327 to get this security fix. Impact Carefully crafted sequence of strings can cause a denial of service attack on the service that parses the sequence to create a Hash object by using the strings as keys. For instance, this vulnerability affects web application that parses the JSON data sent from untrusted entity. Details This vulnerability is similar to CVS-2011-4815 for ruby 1.8.7. ruby 1.9 versions were using modified MurmurHash function but it's reported that there is a way to create sequence of strings that collide their hash values each other . This fix changes the Hash function of String object from the MurmurHash to SipHash 2-4 . Solution Please ...

Full article: http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdo...

Tweets

ruby 1.9 におけるハッシュ飽和攻撃による DoS 脆弱性 (CVE-2012-5371)

ruby-lang.org 09 Nov '12, 9pm

Content available in English , French , Japanese , Korean , Polish , Spanish , Portuguese , Simplified Chinese , Tradition...

ruby 1.9に対する攻撃方法が見つかった>『ruby 1.9 系列で使用しているハッシュ関...

ruby-lang.org 09 Nov '12, 11pm

Content available in English , French , Japanese , Korean , Polish , Spanish , Portuguese , Simplified Chinese , Tradition...

Ruby 1.9.3-p327 is released

ruby-lang.org 09 Nov '12, 8pm

Ruby 1.9.3-p327 is released. This release includes some security fixes, and many other bug fixes. Hash-flooding DoS vulner...

Ruby 1.9.3-p327 リリース

ruby-lang.org 09 Nov '12, 10pm

Ruby 1.9.3-p327 がリリースされました。 このリリースには、脆弱性対応を含む以下の修正が取り込まれています。 ruby 1.9 におけるハッシュ飽和攻撃による DoS 脆弱性への対応 (CVE-2012-5371) その他多数のバ...

Требуется Ruby on Rails разработчик #hantim

hantim.ru 09 Nov '12, 3pm

очевидное одной строкой: git, Ruby 1.9, Rails 3, PostgtreSQL, Redis, Resque, RSpec, HAML, jQuery, Capistrano;

Bundler: The best way to manage Ruby applications:

gembundler.com 12 Nov '12, 11am

Bundler adds the ability to use gems directly from git repositories. Setting them up is as easy as adding a gem to your Ge...

Venice swamped by near-record flooding

Venice swamped by near-record flooding

grist.org 12 Nov '12, 3pm

Venice’s high water, or “acqua alta”, said to be the sixth highest since 1872, flooded 70% of the city and was high enough...