irb, ruby security update

2006-11-09T01:08:40
ID CESA-2006:0729-01
Type centos
Reporter CentOS Project
Modified 2006-11-09T01:08:40

Description

CentOS Errata and Security Advisory CESA-2006:0729-01

Ruby is an interpreted scripting language for object-oriented programming.

A flaw was discovered in the way Ruby's CGI module handles certain multipart/form-data MIME data. If a remote attacker sends a specially crafted multipart-form-data request, it is possible to cause the ruby CGI script to enter an infinite loop, causing a denial of service. (CVE-2006-5467)

Users of Ruby should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2006-November/013366.html

Affected packages: irb ruby ruby-devel ruby-docs ruby-libs ruby-tcltk

Upstream details at: https://rhn.redhat.com/errata/rh21as-errata.html