RubyFlow : The Ruby Community Blog

Home   Submit   Sign Up   Log In   leaders   Twitter   RSS Feed  
 

RubySec Summary of CVE-2013-6393 aka "you're probably vulnerable"

Recently, it was disclosed that libyaml <= 0.1.4 is vulnerable to a heap overflow. libyaml is used by Ruby's Psych YAML parser, which ships with Ruby >= 1.9.2 and was made the default YAML parser in Ruby 1.9.3. Find out if you are vulnerable and how to upgrade libyaml.

Comments

Post a Comment

Comment abilities for non registered users are currently deactivated, pending time to add a proper CAPTCHA to solve the escalating spam problem. Sorry!