codedecoder

breaking into the unknown…

Upgrading ruby version with RVM

Leave a comment

One of my application is running on Heroku. Recently I got a email from Heroku explaining possible threat in existing ruby versions. It says –

You are receiving this email because you run at least one Ruby (MRI) application on Heroku.
Early this morning, the Ruby project announced a security vulnerability in MRI 1.8.7, 1.9.2, 1.9.3, 2.0.0. The CVE identifier is CVE-2013-4164. Rubinius and JRuby are unaffected.
We believe this is limited to a denial of service vulnerability. Any Ruby application that parses JSON from an untrusted source can potentially be made to crash with little difficulty. There is also a slim theoretical possibility of a much more serious vulnerability, an Arbitrary Code Execution. We would like to stress that there are no known Proofs of Concept and this is purely theoretical, but can not be ruled out.
In response, we have released Ruby 1.8.7p375, 1.9.2p321, 1.9.3p484 and 2.0.0p353 which closes this attack vulnerability. Please upgrade as soon as possible .

Upgrade on Heroku will take place automatically when you deploy any changes to it. To see what version Heroku using for your application run below command

$ heroku run “ruby -v” -a APPNAME # it will show the current ruby

To upgrade ruby version on heroku, just make an empty commit , so that Heroku trigger new deploy and will update the version itself.

$ git commit –allow-empty -m “upgrade ruby version”
$ git push heroku master

Anyway, our main goal here is to ruby upgrade on  other server or local machine which is using RVM. You can do it with below simple steps.

STEP 1 : check the current ruby used by your machine

$ ruby -v
ruby 1.9.3p125 (2012-02-16 revision 34643) [x86_64-linux]

O.K show we are using 1.9.3p125 i,e patch 125 version of ruby, which is vulnerable to threat as per the above finding in the email. We need to upgrade it to patch 484 which have the security fix.

STEP 2: check current ruby versions supported by your RVM

$rvm list known
# MRI Rubies
[ruby-]1.8.7[-p358]
[ruby-]1.8.7-head
[ruby-]1.9.1[-p431]
[ruby-]1.9.2-p290
[ruby-]1.9.3[-p125]
[ruby-]1.9.3-head
ruby-head

O.K, so it do not show patch 484, so you need to upgrade your RVM first

STEP 3: Upgrading RVM to current stable version

$ rvm get stable

STEP 4: Again check current ruby versions supported by your RVM

$rvm list known
# MRI Rubies
[ruby-]1.8.7[-p358]
[ruby-]1.8.7-head
[ruby-]1.9.1[-p431]
[ruby-]1.9.2-p290
[ruby-]1.9.3[-p125]
[ruby-]1.9.3-head
[ruby-]1.9.3[-p484]
ruby-head

So now, our RVM have the currently released patches for all the versions

STEP 5 : Upgrading the ruby version

$ rvm upgrade 1.9.2-p125 1.9.3-p484 # it will upgrade the current  version 1.9.2-p125 to 1.9.3-p484, infact you can upgrade it to any version
Are you sure you wish to upgrade from ruby-1.9.3-p125 to ruby-1.9.3-p484? (Y/n):  # press Y
.
.
.
.
.

Are you sure you wish to MOVE gems from ruby-1.9.3-p125 to ruby-1.9.3-p484?
This will overwrite existing gems in ruby-1.9.3-p484 and remove them from ruby-1.9.3-p125 (Y/n): y #press Y
Moving gemsets…
Moving ruby-1.9.3-p125 to ruby-1.9.3-p484
Making gemset ruby-1.9.3-p484 pristine….

take 10 to 15 minute depending on your connection

NOTE :

=> keep pressing Y, when ever it ask you. press n only if you want to configure something yourself. But I suggest to go with the default as it work smoothly for me

=> If you have installed passenger on server with passenger gem, you need to reinstall it, as your gemset location has changed from ruby-1.9.3-p125 to ruby-1.9.3-p484

 

REFERENCE :

http://rvm.io/rubies/upgrading

Author: arunyadav4u

over 7 years experience in web development with Ruby on Rails.Involved in all stage of development lifecycle : requirement gathering, planing, coding, deployment & Knowledge transfer. I can adept to any situation, mixup very easily with people & can be a great friend.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s