New-formula-starburst

How-To Update Ubuntu Servers to Close Ruby Vulnerabilities

26
Jun
4
posted 12:35 pm in ,
tags / ruby, ubuntu, security

It was announced the other day that some arbitrary code execution vulnerabilities were discovered in almost all production versions of Ruby out in the wild. I’m not sure how vulnerable your typical Ruby on Rails application servers would be, but I’m taking no chances. I run this blog, and all my other production sites on Ubuntu. Updating to the latest patched version of ruby was easy:

$ sudo apt-get install build-essential libssl-dev libreadline5-dev zlib1g-dev
$ wget ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p22.tar.gz
$ tar zxvf ruby-1.8.7-p22.tar.gz
$ cd ruby-1.8.7-p22
$ ./configure --prefix=/usr/local --with-openssl-dir=/usr --with-readline-dir=/usr --with-zlib-dir=/usr
$ make
$ sudo make install

And you’re done. The only sorta tricky part there is the ./configure command, which requires those options to tell the compiler to enable Readline and OpenSSL support which are most often needed in a Ruby on Rails environment. To check and make sure it’s working, type these commands and verify that the output looks like this:

$ which ruby
/usr/local/bin/ruby
$ ruby --version
ruby 1.8.7 (2008-06-20 patchlevel 22) [i686-linux]
$ ruby -ropenssl -rzlib -rreadline -e "puts :success"
success

Now, run your tests, restart mongrels, and you’re safe. Phew.

Install Pidgin from repositories for Ubuntu Feisty

16
Sep
0
posted 06:36 pm in
tags / ubuntu, pidgin

Pidgin is a great free multi-protocol instant messaging app with a cute purple pigeon logo. I use it to connect to my AIM, MSN, Google Talk (x2), and Yahoo! IM accounts, but it also is compatible with lots more. Pidgin is the new name of the Gaim project, which was an earlier version of the same tool.

On Ubuntu Feisty, you can install Pidgin yourself by downloading it from pidgin.im or other sites, but it won’t be included in the official Ubuntu repositories until the Gutsy release. I prefer to use Aptitude instead of download stuff to install, mainly so it automatically stays updated. Pidgin for Ubuntu Feisty is available by adding this repository to /etc/apt/sources.list

deb http://repository.debuntu.org/ feisty multiverse
deb-src http://repository.debuntu.org/ feisty multiverse

Add the repository key:

wget http://repository.debuntu.org/GPG-Key-chantra.txt -O- | sudo apt-key add -

Then update and install Pidgin:

sudo apt-get update
sudo apt-get install pidgin

You’ll see that Pidgin has replaced Gaim on the Applications > Internet launcher menu. You may get a notification for an updated Gaim transitional package after the install. If so, go ahead and install it.