GLSA-200906-02 : Ruby: Denial of Service
Medium Nessus Plugin ID 39565
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200906-02 (Ruby: Denial of Service)
Tadayoshi Funaba reported that BigDecimal in ext/bigdecimal/bigdecimal.c does not properly handle string arguments containing overly long numbers.
A remote attacker could exploit this issue to remotely cause a Denial of Service attack.
There is no known workaround at this time.
SolutionAll Ruby users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/ruby-1.8.6_p369'