CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
96.4%
CentOS Errata and Security Advisory CESA-2006:0729-01
Ruby is an interpreted scripting language for object-oriented programming.
A flaw was discovered in the way Ruby’s CGI module handles certain
multipart/form-data MIME data. If a remote attacker sends a specially
crafted multipart-form-data request, it is possible to cause the ruby
CGI script to enter an infinite loop, causing a denial of service.
(CVE-2006-5467)
Users of Ruby should upgrade to these updated packages which contain
backported patches and are not vulnerable to these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-November/075528.html
Affected packages:
irb
ruby
ruby-devel
ruby-docs
ruby-libs
ruby-tcltk
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | irb | < 1.6.4-2.AS21.4 | irb-1.6.4-2.AS21.4.i386.rpm |
CentOS | 2 | i386 | ruby | < 1.6.4-2.AS21.4 | ruby-1.6.4-2.AS21.4.i386.rpm |
CentOS | 2 | i386 | ruby-devel | < 1.6.4-2.AS21.4 | ruby-devel-1.6.4-2.AS21.4.i386.rpm |
CentOS | 2 | i386 | ruby-docs | < 1.6.4-2.AS21.4 | ruby-docs-1.6.4-2.AS21.4.i386.rpm |
CentOS | 2 | i386 | ruby-libs | < 1.6.4-2.AS21.4 | ruby-libs-1.6.4-2.AS21.4.i386.rpm |
CentOS | 2 | i386 | ruby-tcltk | < 1.6.4-2.AS21.4 | ruby-tcltk-1.6.4-2.AS21.4.i386.rpm |