(RHSA-2006:0729) Moderate: ruby security update

2006-11-08T05:00:00
ID RHSA-2006:0729
Type redhat
Reporter RedHat
Modified 2018-03-14T19:26:41

Description

Ruby is an interpreted scripting language for object-oriented programming.

A flaw was discovered in the way Ruby's CGI module handles certain multipart/form-data MIME data. If a remote attacker sends a specially crafted multipart-form-data request, it is possible to cause the ruby CGI script to enter an infinite loop, causing a denial of service. (CVE-2006-5467)

Users of Ruby should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues.