USN-20-1: Ruby CGI module vulnerability

9 November 2004

ruby1.8 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 4.10

Software Description

Details

The Ruby developers discovered a potential Denial of Service vulnerability in the CGI module (cgi.rb). Specially crafted CGI requests could cause an infinite loop in the server process. Repetitive attacks could use most of the available processor resources, exhaust the number of allowed parallel connections in web servers, or cause similar effects which render the service unavailable.

There is no possibility of privilege escalation or data loss.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
libruby1.8

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References