Oval Definition:oval:com.redhat.rhsa:def:20040635
Revision Date:2005-01-17Version:505
Title:RHSA-2004:635: ruby security update (Moderate)
Description:Ruby is an interpreted scripting language for object-oriented programming.

A flaw was dicovered in the CGI module of Ruby. If empty data is sent by the POST method to the CGI script which requires MIME type multipart/form-data, it can get stuck in a loop. A remote attacker could trigger this flaw and cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0983 to this issue.

Users are advised to upgrade to this erratum package, which contains a backported patch to cgi.rb.
Family:unixClass:patch
Status:Reference(s):CVE-2004-0983
RHSA-2004:635-04
Platform(s):Red Hat Enterprise Linux 3
Product(s):
Definition Synopsis
  • Red Hat Enterprise Linux 3 is installed
  • AND Package Information
  • ruby-docs is earlier than 0:1.6.8-9.EL3.3
  • AND ruby-docs is signed with Red Hat master key
  • OR
  • irb is earlier than 0:1.6.8-9.EL3.3
  • AND irb is signed with Red Hat master key
  • OR
  • ruby-mode is earlier than 0:1.6.8-9.EL3.3
  • AND ruby-mode is signed with Red Hat master key
  • OR
  • ruby-tcltk is earlier than 0:1.6.8-9.EL3.3
  • AND ruby-tcltk is signed with Red Hat master key
  • OR
  • ruby-libs is earlier than 0:1.6.8-9.EL3.3
  • AND ruby-libs is signed with Red Hat master key
  • OR
  • ruby is earlier than 0:1.6.8-9.EL3.3
  • AND ruby is signed with Red Hat master key
  • OR
  • ruby-devel is earlier than 0:1.6.8-9.EL3.3
  • AND ruby-devel is signed with Red Hat master key
    • BACK