CentOS Errata and Security Advisory CESA-2006:0729-01
Ruby is an interpreted scripting language for object-oriented programming.
A flaw was discovered in the way Ruby's CGI module handles certain multipart/form-data MIME data. If a remote attacker sends a specially crafted multipart-form-data request, it is possible to cause the ruby CGI script to enter an infinite loop, causing a denial of service. (CVE-2006-5467)
Users of Ruby should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2006-November/013366.html
Affected packages: irb ruby ruby-devel ruby-docs ruby-libs ruby-tcltk
Upstream details at: https://rhn.redhat.com/errata/rh21as-errata.html