irb, ruby security update

ID CESA-2006:0729-01
Type centos
Reporter CentOS Project
Modified 2006-11-09T01:08:40


CentOS Errata and Security Advisory CESA-2006:0729-01

Ruby is an interpreted scripting language for object-oriented programming.

A flaw was discovered in the way Ruby's CGI module handles certain multipart/form-data MIME data. If a remote attacker sends a specially crafted multipart-form-data request, it is possible to cause the ruby CGI script to enter an infinite loop, causing a denial of service. (CVE-2006-5467)

Users of Ruby should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues.

Merged security bulletin from advisories:

Affected packages: irb ruby ruby-devel ruby-docs ruby-libs ruby-tcltk

Upstream details at: