GLSA-200605-11 : Ruby: Denial of Service
Medium Nessus Plugin ID 21353
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200605-11 (Ruby: Denial of Service)
Ruby uses blocking sockets for WEBrick and XMLRPC servers.
An attacker could send large amounts of data to an affected server to block the socket and thus deny other connections to the server.
There is no known workaround at this time.
SolutionAll Ruby users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/ruby-1.8.4-r1'