Hi there,
sorry for the n00b question:
What's the correct linux command for upgrading ruby to a specific
version? (Ruby 1.8.6-p369 is needed.)
Btw, it's this security issue that leads me to it:
http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/
Thanks a lot!
Tom
--
Posted via http://www.ruby-forum.com/.
Anybody...?
(I couldn't find the answer using search engines...)
--
Posted via http://www.ruby-forum.com/.
That depends on which linux distribution you use. Without knowing that, we
can't give you an answer. For example, on Gentoo it is:
sudo emerge "=ruby-1.8.6_p369"
but on Debian, or Mandriva or Ubuntu, or... the command would be completely
different.
If you want an answer, please, tell us which distribution are you using.
Stefano
On Monday 06 July 2009, Tom Ha wrote:
>Hi there,
>
>sorry for the n00b question:
>
>What's the correct linux command for upgrading ruby to a specific
>version? (Ruby 1.8.6-p369 is needed.)
>
>Btw, it's this security issue that leads me to it:
>http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecima
>l/
>
>Thanks a lot!
>Tom
Sorry, I didn't know that...
I actually use Ubuntu (9.04).
--
Posted via http://www.ruby-forum.com/.
And while Ubuntu has confirmed the bug, and it has been fixed in Debian
unstable, it still remains an open issue:
Best bet is to download the source and compile it yourself at this point.
Link:
ftp://ruby-lang.org/pub/ruby/ruby-1.8.6-p369.tar.gz
On Tuesday 07 July 2009 04:55:01 Tom Ha wrote:
Sorry, I didn't know that...
I actually use Ubuntu (9.04).
Thanks for your answer.
The thing is, I'm a n00b in Linux as well (and therefore not used to
compile stuff, etc.).
Is it really not possible to update Ruby on my Ubuntu machine to a
specific patch level, simply using a terminal command?
I need to upgrade to "ruby 1.8.6-p369" (version 1.9 is not yet
sufficiently supported).
Thanks for any help with this!
--
Posted via http://www.ruby-forum.com/.
Thanks for your answer.
The thing is, I'm a n00b in Linux as well (and therefore not used to
compile stuff, etc.).Is it really not possible to update Ruby on my Ubuntu machine to a
specific patch level, simply using a terminal command?
Assuming you mean via apt-get or it's brethren, no. You're limited to
what the Ubuntu/Debian maintainer has decided to package.
And I'm pretty sure that for 9.04 you're only going to find 1.8.7
packages anyway.
I need to upgrade to "ruby 1.8.6-p369" (version 1.9 is not yet
sufficiently supported).
The only way to get control at this level is to install from source.
It's really not that hard, google will provide lots of help.
On the other hand, I'm not sure that the bigdecimal DOS bug is really
that much of an exposure. Unless I misunderstood him, Charlie Nutter
(of JRuby fame) posted somewhere that Java has had the same issue for
quite some time.
On Tue, Jul 7, 2009 at 12:13 PM, Tom Ha<tom999@gmx.net> wrote:
--
Rick DeNatale
Blog: http://talklikeaduck.denhaven2.com/
Twitter: http://twitter.com/RickDeNatale
WWR: http://www.workingwithrails.com/person/9021-rick-denatale
LinkedIn: http://www.linkedin.com/in/rickdenatale
Thanks!
--
Posted via http://www.ruby-forum.com/.
It does...and I patched around one vector for it, but the fact that
it's been possible to have this same sort of "infinite execution DOS"
on the JVM makes me think it's not that big a deal.
- Charlie
On Tue, Jul 7, 2009 at 11:46 AM, Rick DeNatale<rick.denatale@gmail.com> wrote:
On the other hand, I'm not sure that the bigdecimal DOS bug is really
that much of an exposure. Unless I misunderstood him, Charlie Nutter
(of JRuby fame) posted somewhere that Java has had the same issue for
quite some time.