Joined: 12 May 2004
|Posted: Wed May 10, 2006 7:26 am Post subject: [ GLSA 200605-11 ] Ruby: Denial of Service
|Gentoo Linux Security Advisory
Title: Ruby: Denial of Service (GLSA 200605-11)
Date: May 10, 2006
Ruby WEBrick and XMLRPC servers are vulnerable to Denial of Service.
Ruby is an interpreted scripting language for quick and easy
object-oriented programming. It comes bundled with HTTP ("WEBrick") and
XMLRPC server objects.
Vulnerable: < 1.8.4-r1
Unaffected: >= 1.8.4-r1
Architectures: All supported architectures
Ruby uses blocking sockets for WEBrick and XMLRPC servers.
An attacker could send large amounts of data to an affected server
to block the socket and thus deny other connections to the server.
There is no known workaround at this time.
All Ruby users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.4-r1"
Ruby release announcement
Last edited by GLSA on Tue Nov 05, 2013 4:22 am; edited 4 times in total