irb, ruby security update

CentOS Errata and Security Advisory CESA-2006:0729-01 Updated ruby packages that fix a denial of service issue for the CGI instance are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for...

irb, ruby security update

CentOS Errata and Security Advisory CESA-2006:0729 Updated ruby packages that fix a denial of service issue for the CGI instance are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for...

Moderate: Red Hat Security Advisory: ruby security update

Updated ruby packages that fix a denial of service issue for the CGI instance are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A flaw was discovered in...

FreeBSD : ruby -- cgi.rb library Denial of Service (ab8dbe98-6be4-11db-ae91-0012f06707f0)

Official ruby site reports : A vulnerability has been discovered in the CGI library cgi.rb that ships with Ruby which could be used by a malicious user to create a denial of service attack DoS. The problem is triggered by sending the library an HTTP request that uses multipart MIME encoding and a...

[OpenPKG-SA-2006.030] OpenPKG Security Advisory (ruby)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenPKG Security Advisory OpenPKG GmbH http://openpkg.org/security/ http://openpkg.com OpenPKG-SA-2006.030 2006-11-04 Package: ruby Vulnerability: denial of service OpenPKG Specific: no Affected Series: Affected Packages: Corrected Packages: E1.0-SOLI...

Yukihiro Matsumoto Ruby CGI模块畸形MIME数据拒绝服务漏洞

Ruby是动态、开放源码的编程语言。 Ruby CGI模块在处理畸形用户请求时存在漏洞，远程攻击者可能利用此漏洞对服务器执行拒绝服务攻击。 如果攻击者所提交HTTP请求的多部分MIME中包含有无效的边界指示符，就可能在Ruby的CGI库中触发死循环，导致耗尽CUP资源。 MandrakeSoft Corporate Server 4.0 x8664 MandrakeSoft Corporate Server 4.0 MandrakeSoft Corporate Server 3.0 x8664 MandrakeSoft Corporate Server 3.0 MandrakeSoft...

CVE-2006-5467

The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and...

Denial of service vulnerabilities in the Ruby CGI

The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and...

ruby -- cgi.rb library Denial of Service

Official ruby site reports: A vulnerability has been discovered in the CGI library cgi.rb that ships with Ruby which could be used by a malicious user to create a denial of service attack DoS. The problem is triggered by sending the library an HTTP request that uses multipart MIME encoding and as...

Debian DSA-1119-1 : hiki - design flaw

Akira Tanaka discovered a vulnerability in Hiki Wiki, a Wiki engine written in Ruby that allows remote attackers to cause a denial of service via high CPU consumption using by performing a diff between large and specially crafted Wiki pages. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Th...

FreeBSD : rubygem-rails -- evaluation of ruby code (90064567-28b1-11db-844d-000c6ec775d9)

The Ruby on Rails blog reports : With Rails 1.1.0 through 1.1.5 minus the short-lived 1.1.3, you can trigger the evaluation of Ruby code through the URL because of a bug in the routing code of Rails. This means that you can essentially take down a Rails process by starting something like...

Ruby Safe Level security bypass

"alias" can be exploited to replace safe function, directory access protection bypass. Few potentially dangerous methods are not limited...

[SECURITY] [DSA 1139-1] New ruby1.6 packages fix privilege escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1139-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff August 3rd, 2006 http://www.debian.org/security/faq -...

FreeBSD : ruby -- multiple vulnerabilities (76562594-1f19-11db-b7d4-0008743bf21a)

Secunia reports : Two vulnerabilities have been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions. - An error in the handling of the 'alias' functionality can be exploited to bypass the safe level protection and replace methods called in the...

CentOS 3 / 4 : ruby (CESA-2006:0604)

Updated ruby packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A number of flaws were found in the safe-level...

irb, ruby security update

CentOS Errata and Security Advisory CESA-2006:0604-01 Updated ruby packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A...

irb, ruby security update

CentOS Errata and Security Advisory CESA-2006:0604 Updated ruby packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A...

RHEL 4 : ruby (RHSA-2006:0604)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2006:0604 advisory. - security flaw CVE-2006-3694 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Moderate: Red Hat Security Advisory: ruby security update

Updated ruby packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A number of flaws were found in the safe-level...

[SECURITY] [DSA 1119-1] New hiki packages fix denial of service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1119-1 [email protected] http://www.debian.org/security/ Martin Schulze July 22nd, 2006 http://www.debian.org/security/faq -...