There is a heap overflow vulnerability in String#ljust, String#center and String#rjust. This has allowed an attacker to run arbitrary code in some rare cases. Commit/Patch: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=26038 Ruby 1.9 is currently in p.mask, stable or unstable versions of Ruby (1.8.x) are not affected.
Just tried to version bump to p376 with the patches from p243. All tests pass but one: #378 test_thread.rb:191:in `<top (required)>': begin 100.times do |i| begin Thread.start(Thread.current) {|u| u.raise } raise rescue ensure end end rescue 100 end #=> "" (expected "100") [ruby-dev:31371] FAIL 1/945 tests failed
CVE-2009-4124 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4124): Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information.
p376 is in the tree. Masked and never stable → noglsa.