Rails: Psych, Updating libyaml from 0.1.4

StackOverflow https://stackoverflow.com/questions/22919990

  •  29-06-2023
  •  | 
  •  

Question

I needed capybara-webkit installed which needed the qt libraries, so I went and installed them using homebrew with the following commands

brew update
brew install qt
brew linkapps

I then bundled and all was well with the capybara-webkit. However, my guard is throwing the below warning.

 You appear to have an outdated version of libyaml (0.1.4) installed on your system.

  Prior to 0.1.6, libyaml is vulnerable to a heap overflow exploit from malicious YAML payloads.


  The easiest thing to do right now is probably to update Psych to the latest version and enable
  the 'bundled-libyaml' option, which will install a vendored libyaml with the vulnerability patched:

  gem install psych -- --enable-bundled-libyaml

Seemed simple enough. However, even after a successful psych installation with the 'bundled-libyaml' option I am still seeing this warning about outdated libyaml. Further, when I check the version of libyaml associated with psyche (ruby -rpsych -e 'p Psych.libyaml_version') it's still 1.4.

Any ideas?

Was it helpful?

Solution

Try to:

brew upgrade libyaml

works for me.

OTHER TIPS

brew update libyaml

didn't work for me, but

rvm get stable

did.

On Ubuntu this worked for me. It reinstalls all rubies so may take a while.

rvm pkg install libyaml
rvm reinstall all --force

Sample run

rvm pkg install libyaml

Beware, 'rvm pkg ...' is deprecated, read about the new autolibs feature: 'rvm help   autolibs'.

Checking requirements for ubuntu.
Requirements installation successful.
Fetching yaml-0.1.6.tar.gz to /home/assay/.rvm/archives
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                             Dload  Upload   Total   Spent    Left  Speed
100  491k  100  491k    0     0   142k      0  0:00:03  0:00:03 --:--:--  481k
No checksum for downloaded archive, recording checksum in user configuration.
Extracting yaml to /home/assay/.rvm/src/yaml-0.1.6...
Prepare yaml in /home/assay/.rvm/src/yaml-0.1.6..
Configuring yaml in /home/assay/.rvm/src/yaml-0.1.6..........
Compiling yaml in /home/assay/.rvm/src/yaml-0.1.6...................
Installing yaml to /home/assay/.rvm/usr.......

Please note that it's required to reinstall all rubies:

    rvm reinstall all --force
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top