Ruby: Denial of Service issue

Ruby: Denial of Service issue The CGI module in Ruby can be sent into an infinite loop, resulting in a Denial of Service condition. Ruby 2004-11-16 2004-11-16 69985 remote 1.6.8-r12 1.8.2_pre3 1.8.2_pre3

Ruby is an interpreted scripting language for quick and easy object-oriented programming. Ruby's CGI module can be used to build web applications.

Ruby's developers found and fixed an issue in the CGI module that can be triggered remotely and cause an infinite loop.

A remote attacker could trigger the vulnerability through an exposed Ruby web application and cause the server to use unnecessary CPU resources, potentially resulting in a Denial of Service.

There is no known workaround at this time.

All Ruby 1.6.x users should upgrade to the latest version:


    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.6.8-r12"

All Ruby 1.8.x users should upgrade to the latest version:


    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.2_pre3"

CAN-2004-0983 koon koon koon