Jun
It was announced the other day that some arbitrary code execution vulnerabilities were discovered in almost all production versions of Ruby out in the wild. I’m not sure how vulnerable your typical Ruby on Rails application servers would be, but I’m taking no chances. I run this blog, and all my other production sites on Ubuntu. Updating to the latest patched version of ruby was easy:
$ sudo apt-get install build-essential libssl-dev libreadline5-dev zlib1g-dev
$ wget ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p22.tar.gz
$ tar zxvf ruby-1.8.7-p22.tar.gz
$ cd ruby-1.8.7-p22
$ ./configure --prefix=/usr/local --with-openssl-dir=/usr --with-readline-dir=/usr --with-zlib-dir=/usr
$ make
$ sudo make installAnd you’re done. The only sorta tricky part there is the ./configure command, which requires those options to tell the compiler to enable Readline and OpenSSL support which are most often needed in a Ruby on Rails environment. To check and make sure it’s working, type these commands and verify that the output looks like this:
$ which ruby
/usr/local/bin/ruby
$ ruby --version
ruby 1.8.7 (2008-06-20 patchlevel 22) [i686-linux]
$ ruby -ropenssl -rzlib -rreadline -e "puts :success"
successNow, run your tests, restart mongrels, and you’re safe. Phew.
