7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.103 Low
EPSS
Percentile
94.9%
CentOS Errata and Security Advisory CESA-2008:0981
Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to do system management tasks.
Vincent Danen reported, that Red Hat Security Advisory RHSA-2008:0897
did not properly address a denial of service flaw in the WEBrick (Ruby
HTTP server toolkit), known as CVE-2008-3656. This flaw allowed a
remote attacker to send a specially-crafted HTTP request to a WEBrick
server that would cause the server to use excessive CPU time. This
update properly addresses this flaw. (CVE-2008-4310)
All Ruby users should upgrade to these updated packages, which contain a
correct patch that resolves this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-December/077627.html
https://lists.centos.org/pipermail/centos-announce/2008-December/077628.html
https://lists.centos.org/pipermail/centos-announce/2008-December/077635.html
https://lists.centos.org/pipermail/centos-announce/2008-December/077636.html
https://lists.centos.org/pipermail/centos-announce/2008-December/077676.html
https://lists.centos.org/pipermail/centos-announce/2008-December/077677.html
Affected packages:
irb
ruby
ruby-devel
ruby-docs
ruby-irb
ruby-libs
ruby-mode
ruby-rdoc
ruby-ri
ruby-tcltk
Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0981
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | ia64 | irb | < 1.8.1-7.el4_7.2 | irb-1.8.1-7.el4_7.2.ia64.rpm |
CentOS | 4 | ia64 | ruby | < 1.8.1-7.el4_7.2 | ruby-1.8.1-7.el4_7.2.ia64.rpm |
CentOS | 4 | ia64 | ruby-devel | < 1.8.1-7.el4_7.2 | ruby-devel-1.8.1-7.el4_7.2.ia64.rpm |
CentOS | 4 | ia64 | ruby-docs | < 1.8.1-7.el4_7.2 | ruby-docs-1.8.1-7.el4_7.2.ia64.rpm |
CentOS | 4 | ia64 | ruby-libs | < 1.8.1-7.el4_7.2 | ruby-libs-1.8.1-7.el4_7.2.ia64.rpm |
CentOS | 4 | ia64 | ruby-mode | < 1.8.1-7.el4_7.2 | ruby-mode-1.8.1-7.el4_7.2.ia64.rpm |
CentOS | 4 | ia64 | ruby-tcltk | < 1.8.1-7.el4_7.2 | ruby-tcltk-1.8.1-7.el4_7.2.ia64.rpm |
CentOS | 4 | ia64 | irb | < 1.8.1-7.el4_7.2 | irb-1.8.1-7.el4_7.2.ia64.rpm |
CentOS | 4 | ia64 | ruby | < 1.8.1-7.el4_7.2 | ruby-1.8.1-7.el4_7.2.ia64.rpm |
CentOS | 4 | ia64 | ruby-devel | < 1.8.1-7.el4_7.2 | ruby-devel-1.8.1-7.el4_7.2.ia64.rpm |