New binaries for CVE-2014-2525 #2753

Closed
elucid opened this Issue Apr 3, 2014 · 9 comments

Comments

Projects
None yet
7 participants
@elucid

elucid commented Apr 3, 2014

As discussed on IRC, new binaries are needed to ensure external libyaml is used. /cc @ghedamat @mpapis

@diclophis

This comment has been minimized.

Show comment Hide comment
@diclophis

diclophis Apr 3, 2014

Also please update it such that this command:

rvm reinstall 1.9.3-p484 --autolibs=rvm_pkg --disable-binary

Installs the updated libyaml from source as well

Also please update it such that this command:

rvm reinstall 1.9.3-p484 --autolibs=rvm_pkg --disable-binary

Installs the updated libyaml from source as well

@workmaster2n

This comment has been minimized.

Show comment Hide comment
@workmaster2n

workmaster2n Apr 3, 2014

Contributor

Do the instructions here: https://groups.google.com/forum/#!topic/rubysec-announce/3sx25iR7yHQ need to be updated?

Contributor

workmaster2n commented Apr 3, 2014

Do the instructions here: https://groups.google.com/forum/#!topic/rubysec-announce/3sx25iR7yHQ need to be updated?

@mpapis

This comment has been minimized.

Show comment Hide comment
@mpapis

mpapis Apr 3, 2014

Member

I will be working on fixing it tomorrow, there is no need to update any instructions after I am done with it

Member

mpapis commented Apr 3, 2014

I will be working on fixing it tomorrow, there is no need to update any instructions after I am done with it

@mpapis

This comment has been minimized.

Show comment Hide comment
@mpapis

mpapis Apr 4, 2014

Member

slight delay, will continue work on it in 24h

Member

mpapis commented Apr 4, 2014

slight delay, will continue work on it in 24h

@elucid

This comment has been minimized.

Show comment Hide comment
@elucid

elucid Apr 4, 2014

Thanks for the update @mpapis

elucid commented Apr 4, 2014

Thanks for the update @mpapis

@morizyun

This comment has been minimized.

Show comment Hide comment
@morizyun

morizyun Apr 7, 2014

Thank you very much for your work @mpapis

morizyun commented Apr 7, 2014

Thank you very much for your work @mpapis

mpapis added a commit that referenced this issue Apr 7, 2014

@mpapis mpapis added this to the rvm 1.25 milestone Apr 7, 2014

mpapis added a commit to sm/sm-libraries that referenced this issue Apr 9, 2014

@mpapis mpapis closed this in 682187a Apr 9, 2014

@workmaster2n

This comment has been minimized.

Show comment Hide comment
@workmaster2n

workmaster2n Jun 26, 2014

Contributor

I was playing with an old server and ran rvm get stable then retested the libyaml version and it is NOT 0.1.6. Do we need to reinstall the ruby? Are the instructions posted here: https://groups.google.com/forum/#!topic/rubysec-announce/3sx25iR7yHQ not sufficient?

libyaml version tested with: ruby -r yaml -e 'puts Psych::LIBYAML_VERSION' and returns 0.1.4.

Ruby version: ruby-2.0.0-p353

Contributor

workmaster2n commented Jun 26, 2014

I was playing with an old server and ran rvm get stable then retested the libyaml version and it is NOT 0.1.6. Do we need to reinstall the ruby? Are the instructions posted here: https://groups.google.com/forum/#!topic/rubysec-announce/3sx25iR7yHQ not sufficient?

libyaml version tested with: ruby -r yaml -e 'puts Psych::LIBYAML_VERSION' and returns 0.1.4.

Ruby version: ruby-2.0.0-p353

@mpapis

This comment has been minimized.

Show comment Hide comment
@mpapis

mpapis Jun 28, 2014

Member

@workmaster2n what system is it? maybe it's similar to #2606?

Member

mpapis commented Jun 28, 2014

@workmaster2n what system is it? maybe it's similar to #2606?

@workmaster2n

This comment has been minimized.

Show comment Hide comment
@workmaster2n

workmaster2n Jun 30, 2014

Contributor

@mpapis It was Ubuntu 12.04 LTS 64-bit server.

It is similar to #2606, but I had not tried reinstalling the rubies. I was just following the instructions from here: https://groups.google.com/forum/#!topic/rubysec-announce/3sx25iR7yHQ.

I decided to reinstall the ruby to see if the LibYAML version would update and it did so successfully. should reinstallation of the ruby be necessary? Sorry, I'm not sure how the external libraries are linked in RVM?

Contributor

workmaster2n commented Jun 30, 2014

@mpapis It was Ubuntu 12.04 LTS 64-bit server.

It is similar to #2606, but I had not tried reinstalling the rubies. I was just following the instructions from here: https://groups.google.com/forum/#!topic/rubysec-announce/3sx25iR7yHQ.

I decided to reinstall the ruby to see if the LibYAML version would update and it did so successfully. should reinstallation of the ruby be necessary? Sorry, I'm not sure how the external libraries are linked in RVM?

@mpapis mpapis reopened this Jul 10, 2014

@mpapis mpapis modified the milestones: rvm 1.25, rvm-1.26 Oct 29, 2014

@rys rys closed this Feb 23, 2015

@pkuczynski pkuczynski modified the milestone: rvm-1.27.0 Nov 8, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment