General rundown of exactly _what_ is being affected:
Discussion forums of patches and such:
Now, my question to you guys, is... has anyone patched their copy of ruby? Anyone have any pointers on patching/upgrading ruby on a production site? My partner, the one who set everything up, is off on his honeymoon and can't be reached. The wannabe security professional side of me understands what the vulnerabilities mean and would very much like to patch and upgrade ruby. But from what I've read on the discussion forum, the releases are said to break stuff, which would be Very Bad™ for a live site.
Looks like we're running:
"Ubuntu 7.10" codename gutsy
ruby 1.8.6 (2007-06-07 patchlevel 36) [x86_64-linux]
crossposted to the ruby_lang community, although that looked relatively dead . . .
(This news is now about 5 days old...)