GLSA-200411-23 : Ruby: Denial of Service issue
Medium Nessus Plugin ID 15724
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200411-23 (Ruby: Denial of Service issue)
Ruby's developers found and fixed an issue in the CGI module that can be triggered remotely and cause an infinite loop.
A remote attacker could trigger the vulnerability through an exposed Ruby web application and cause the server to use unnecessary CPU resources, potentially resulting in a Denial of Service.
There is no known workaround at this time.
SolutionAll Ruby 1.6.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/ruby-1.6.8-r12' All Ruby 1.8.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/ruby-1.8.2_pre3'