Canonical Fixes Ruby 1.9.1 Exploits in Ubuntu 12.04 LTS

On October 10th, in a security notice Canonical published details about Ruby 1.9.1 vulnerabilities for its Ubuntu 12.04 LTS operating system.

According to Canonical, Ruby 1.9.1 could have allowed excessive access in untrusted programs. Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels.

An attacker could have used this flaw to bypass intended access restrictions.

These are the two Ruby 1.9.1 vulnerabilities found in packages for Ubuntu 12.04 LTS: CVE-2012-4464 and CVE-2012-4466.

As usual, you can click on each one to see how it affects your system, or go here for in-depth descriptions, as it affects other Linux operating systems as well.

The security flaws can be fixed if you upgrade your system(s) to the latest Ruby 1.9.1 package, specific to each operating system. To apply the update, run the Update Manager application.

In general, a standard system update will make all the necessary changes. A system restart won't be necessary to implement the changes.