The CGI module in Ruby can be sent into an infinite loop, resulting in a Denial of Service condition.
|Package||dev-lang/ruby on all architectures|
|Affected versions||< 1.8.2_pre3|
|Unaffected versions||revision >= 1.6.8-r12, >= 1.8.2_pre3|
Ruby is an interpreted scripting language for quick and easy object-oriented programming. Ruby's CGI module can be used to build web applications.
Ruby's developers found and fixed an issue in the CGI module that can be triggered remotely and cause an infinite loop.
A remote attacker could trigger the vulnerability through an exposed Ruby web application and cause the server to use unnecessary CPU resources, potentially resulting in a Denial of Service.
There is no known workaround at this time.
All Ruby 1.6.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.6.8-r12"
All Ruby 1.8.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.2_pre3"
November 16, 2004
November 16, 2004: 01