1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200411-23 / Ruby |
| Release Date | November 16, 2004 |
| Latest Revision | November 16, 2004: 01 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| dev-lang/ruby | < 1.8.2_pre3 | revision >= 1.6.8-r12, >= 1.8.2_pre3 | All supported architectures |
Related bugreports: #69985
The CGI module in Ruby can be sent into an infinite loop, resulting in a Denial of Service condition.
Ruby is an interpreted scripting language for quick and easy object-oriented programming. Ruby's CGI module can be used to build web applications.
Ruby's developers found and fixed an issue in the CGI module that can be triggered remotely and cause an infinite loop.
A remote attacker could trigger the vulnerability through an exposed Ruby web application and cause the server to use unnecessary CPU resources, potentially resulting in a Denial of Service.
There is no known workaround at this time.
All Ruby 1.6.x users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.6.8-r12" |
All Ruby 1.8.x users should upgrade to the latest version:
Code Listing 3.2: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.2_pre3" |