Package: ruby
Version: 1.8.2-1 and all prior versions
A vulnerability has been discovered in the CGI library
(/usr/lib/ruby/1.8/cgi.rb) that ships with Ruby which could be used by a
malicious user to create a denial of service attack (DoS). The problem is
triggered by sending the library an HTTP request that uses multipart MIME
encoding and has an invalid boundary specifier that begins with “-” instead of
“--”. Once triggered it will exhaust all available memory resources effectively
creating a DoS condition.
Source: http://www.ruby-lang.org/en/news/2006/11/03/CVE-2006-5467/
Patch: http://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-cgi-dos-1.patch
