SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Ruby Vendors:   Matsumoto, Yukihiro
(Fedora Issues Fix for FC2) Ruby Infinite Loop Bug Lets Remote Users Deny Service
SecurityTracker Alert ID:  1012185
SecurityTracker URL:  http://securitytracker.com/id/1012185
CVE Reference:   CVE-2004-0983   (Links to External Site)
Date:  Nov 11 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A denial of service vulnerability was reported in Ruby. A remote user can cause the target process to enter an infinite loop.

Debian reported that a remote user can submit specially crafted requests to cause the target Ruby process to enter an infinitie loop and consume excessive CPU resources.

Impact:   A user can cause Ruby to enter an infinite loop.
Solution:   Fedora has released a fix, available at:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

293d5e469bd71ef98784871e41cc73f9 SRPMS/ruby-1.8.1-6.FC2.0.src.rpm
c784cd9ca42df1b9de594011bdb4e2ae x86_64/ruby-1.8.1-6.FC2.0.x86_64.rpm
9e1905c69a00f2694df9ad8978ac12c8 x86_64/irb-1.8.1-6.FC2.0.x86_64.rpm
a296e349a0d4d7acc6555c9805772328 x86_64/debug/ruby-debuginfo-1.8.1-6.FC2.0.x86_64.rpm
30aa43b22e40363bb7e11631345e99c5 x86_64/ruby-devel-1.8.1-6.FC2.0.x86_64.rpm
9824ce6c4556cd7ef51843ba93a15c89 x86_64/ruby-docs-1.8.1-6.FC2.0.x86_64.rpm
19a699cb5214a1711443a33fd2a95039 x86_64/ruby-libs-1.8.1-6.FC2.0.x86_64.rpm
c2e9a4d6dfeee96eb0f4a98f7b1a122a x86_64/ruby-mode-1.8.1-6.FC2.0.x86_64.rpm
02dc49125bd7f28ddf6445d16e67651e x86_64/ruby-tcltk-1.8.1-6.FC2.0.x86_64.rpm
299e59746ce36650d63a653b38dd2768 i386/ruby-devel-1.8.1-6.FC2.0.i386.rpm
01ba84845b2ab822d61172ea02afbfcc i386/irb-1.8.1-6.FC2.0.i386.rpm
369422099a979559084fee2435159422 i386/ruby-1.8.1-6.FC2.0.i386.rpm
867808625081629c48e32c617d5b154c i386/debug/ruby-debuginfo-1.8.1-6.FC2.0.i386.rpm
34f1d7d8a554f14b416e888a1b7d8941 i386/ruby-docs-1.8.1-6.FC2.0.i386.rpm
5e29bc2068cd9ac010cf6cd508336dff i386/ruby-libs-1.8.1-6.FC2.0.i386.rpm
6179faec35191a15ff7999e4c551fd62 i386/ruby-mode-1.8.1-6.FC2.0.i386.rpm
b711d470384fc33f52eeb67c35f77915 i386/ruby-tcltk-1.8.1-6.FC2.0.i386.rpm

Vendor URL:  www.ruby-lang.org/ (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Red Hat Fedora)
Underlying OS Comments:  FC2

Message History:   This archive entry is a follow-up to the message listed below.
Nov 8 2004 Ruby Infinite Loop Bug Lets Remote Users Deny Service



 Source Message Contents

Subject:  [SECURITY] Fedora Core 2 Update: ruby-1.8.1-6.FC2.0



---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-402
2004-11-11
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : ruby
Version     : 1.8.1
Release     : 6.FC2.0
Summary     : An interpreter of object-oriented scripting language
Description :
Ruby is the interpreted scripting language for quick and easy
object-oriented programming.  It has many features to process text
files and to do system management tasks (as in Perl).  It is simple,
straight-forward, and extensible.

---------------------------------------------------------------------

* Thu Nov 11 2004 Akira TAGOH <tagoh@redhat.com> - 1.8.1-6.FC2.0

- security fix [CAN-2004-0983]
- ruby-1.8.1-cgi-dos.patch: applied to fix a denial of service issue. (#138366)


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

293d5e469bd71ef98784871e41cc73f9  SRPMS/ruby-1.8.1-6.FC2.0.src.rpm
c784cd9ca42df1b9de594011bdb4e2ae  x86_64/ruby-1.8.1-6.FC2.0.x86_64.rpm
9e1905c69a00f2694df9ad8978ac12c8  x86_64/irb-1.8.1-6.FC2.0.x86_64.rpm
a296e349a0d4d7acc6555c9805772328  x86_64/debug/ruby-debuginfo-1.8.1-6.FC2.0.x86_64.rpm
30aa43b22e40363bb7e11631345e99c5  x86_64/ruby-devel-1.8.1-6.FC2.0.x86_64.rpm
9824ce6c4556cd7ef51843ba93a15c89  x86_64/ruby-docs-1.8.1-6.FC2.0.x86_64.rpm
19a699cb5214a1711443a33fd2a95039  x86_64/ruby-libs-1.8.1-6.FC2.0.x86_64.rpm
c2e9a4d6dfeee96eb0f4a98f7b1a122a  x86_64/ruby-mode-1.8.1-6.FC2.0.x86_64.rpm
02dc49125bd7f28ddf6445d16e67651e  x86_64/ruby-tcltk-1.8.1-6.FC2.0.x86_64.rpm
299e59746ce36650d63a653b38dd2768  i386/ruby-devel-1.8.1-6.FC2.0.i386.rpm
01ba84845b2ab822d61172ea02afbfcc  i386/irb-1.8.1-6.FC2.0.i386.rpm
369422099a979559084fee2435159422  i386/ruby-1.8.1-6.FC2.0.i386.rpm
867808625081629c48e32c617d5b154c  i386/debug/ruby-debuginfo-1.8.1-6.FC2.0.i386.rpm
34f1d7d8a554f14b416e888a1b7d8941  i386/ruby-docs-1.8.1-6.FC2.0.i386.rpm
5e29bc2068cd9ac010cf6cd508336dff  i386/ruby-libs-1.8.1-6.FC2.0.i386.rpm
6179faec35191a15ff7999e4c551fd62  i386/ruby-mode-1.8.1-6.FC2.0.i386.rpm
b711d470384fc33f52eeb67c35f77915  i386/ruby-tcltk-1.8.1-6.FC2.0.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC