USN-20-1: Ruby CGI module vulnerability
9 November 2004
Ruby CGI module vulnerability
Releases
Details
The Ruby developers discovered a potential Denial of Service
vulnerability in the CGI module (cgi.rb). Specially crafted CGI
requests could cause an infinite loop in the server process.
Repetitive attacks could use most of the available processor
resources, exhaust the number of allowed parallel connections in web
servers, or cause similar effects which render the service
unavailable.
There is no possibility of privilege escalation or data loss.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 4.10
-
libruby1.8
-
In general, a standard system update will make all the necessary changes.