Ubuntu Security Notice USN-20-1
9th November, 2004
ruby1.8 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 4.10
Details
The Ruby developers discovered a potential Denial of Service
vulnerability in the CGI module (cgi.rb). Specially crafted CGI
requests could cause an infinite loop in the server process.
Repetitive attacks could use most of the available processor
resources, exhaust the number of allowed parallel connections in web
servers, or cause similar effects which render the service
unavailable.
There is no possibility of privilege escalation or data loss.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 4.10:
- libruby1.8
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None