Updated ruby packages that fix several bugs are now available for Red Hat Enterprise Linux 5.
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks.
To identify the current working directory, the Ruby virtual machine used the path_check_0() function that recursed until it identified the respective absolute path. Previously, the function could cause the Ruby virtual machine to recurse infinitely and consume excessive memory. This happened if the environment path was broken as the getcwd() function failed to determine the full path of the current working directory. This update backports the non-recursive implementation of the path_check_0() function from Ruby 1.8.6, which relies on a series of macros, and the path_check_0() function returns the correct current working directory under these circumstances.
The ruby update released on 2009-07-02 as RHSA-2009:1140 included a fix for CVE-2009-1904
. This fix introduced a regression which caused leading zeros after the decimal point in BigDecimal objects to be dropped. This could, potentially, lead to incorrect mathematical calculations. This update fixes this problem by ensuring that leading zeros following a decimal point in BigDecimal objects are not dropped.
Due to the missing "require 'rdoc/usage'" statement in the RI (Ruby Index) library, which is part of the ruby package, the Ruby virtual machine could raise the following exception:
uninitialized constant RI::Paths (NameError)
This update adds the missing require statement to the ri_options.rb file of the RI library file and the problem no longer occurs.
The "Text::normalize" method included in the REXML (Regular Expressions XML) library, which is part of the Ruby standard library, did not work correctly for ampersand entities (&). With this update, the underlying "REXML::Text" class in the text.rb library has been modified and the ampersand characters are now normalized correctly.
All ruby users are advised to upgrade to these updated packages, which fix these bugs.