[Frugalware-security] [ FSA-45 ] ruby

voroskoi noreply at frugalware.org
Tue Nov 14 23:47:06 CET 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-45

Date: 2006-11-14
Package: ruby
Vulnerable versions: <= 1.8.5-1
Unaffected versions: >= 1.8.5-2siwenna1
Related bugreport: http://bugs.frugalware.org/task/1418
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0983
			http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5467

Description
===========

A vulnerability has been reported in Ruby, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an input validation error in &quot;cgi.rb&quot;. This can be exploited to consume a large amount of CPU resources by sending a specially crafted HTTP POST request.

Updated Packages
================

Check if you have ruby installed:

	# pacman -Q ruby

If found, then you should upgrade to the latest version:

	# pacman -Sy ruby

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iD8DBQFFWkdqZ7NElSD1VhkRArcTAJ4vfgCzGtrxzFjYknfv1b3dpiRs7wCcCmMR
xCkoRu5QdY1Nf81GZRIQ9YE=
=NRVL
-----END PGP SIGNATURE-----


More information about the Frugalware-security mailing list