Ruby 2.4.2 has just been released. Let’s see what it has brought about inside.

This release of Ruby is mostly focused on security issues. So it is highly important to update your framework to this version to protect your system and your data. Here are the most important updates from the new version.

1. Buffer underrun vulnerabilities

A few Buffer underrun vulnerabilities have been fixed in the new version. One of them is concerning the sprintf method of Kernel module. Previously if a malicious format string with a precious specifier (*) was passed together with a large minus value, the interpreter could have crushed. Now the issue is solved.

Another problem solved is associated with OpenSSL. It focuses on the cases, when a malicious string is passed to the decode method of OpenSSL::ASN1. Such cases are of no danger now.

2. WEBrick authetification vulnerability

This vulnerability is about the cases when clients pass an arbitrary string as the user name for the Basic authentication of WEBrick. Previously an attacker could inject malicious escape sequences to the log, which could lead to malicious control characters execution on a victim’s terminal emulator. Ruby 2.4.2 covers the issue efficiently.

3. RubyGems vulnerabilities

Besides, a few RubyGems vulnerabilities have been covered:

  1. a DNS request hijacking vulnerability
  2. an ANSI escape sequence vulnerability
  3. a DoS vulnerability in the query command
  4. a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files.


So as you see this Ruby update is extremely important to protect yourself and your customers. Be sure to update to it to avoid any malicious attacks.





How useful was this post?

Click on a star to rate it!

Average rating 4.9 / 5. Vote count: 11

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?


Daria Stolyar is a Marketing Manager at Rubyroid Labs. You can follow her at Linkedin.

Write A Comment