drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in ruby
Name: |
Denial of Service in ruby |
|
ID: |
TLSA-2007-1 |
|
Distribution: |
TurboLinux |
|
Plattformen: |
Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux 8 Server, Turbolinux Home, Turbolinux Multimedia |
|
Datum: |
Do, 25. Januar 2007, 03:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6303 |
|
Applikationen: |
Ruby |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2007-1 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp --------------------------------------------------------------------------
Original released date: 24 Jan 2007 Last revised: 24 Jan 2007
Package: ruby
Summary: Two vulnerabilities discovered in Ruby
More information: Ruby is an interpreted scripting language designed to allow quick and easy object-oriented programming. It has many features to process text files and to perform system management tasks (as in Perl). It is simple, straight-forward, and extensible.
Two issues have been discovered in Ruby: - CGI::allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body - Service use disturbance (DoS) the vulnerability which becomes state exists in cgi.rb which is the standard library of Ruby language.
Impact: A specific HTTP request for any web application using cgi.rb causes CPU consumption on the machine on which the web application is running. Many such requests result in a denial of service.
Affected Products: - Turbolinux Appliance Server 2.0 - Turbolinux FUJI - Turbolinux 10 Server x64 Edition - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux 8 Server
<Turbolinux Appliance Server 2.0>
Source Packages Size: MD5
ruby-1.8.1-8.src.rpm 2681065 a7e933b2b1527bccff8d89aa08f532fd
Binary Packages Size: MD5
ruby-1.8.1-8.i586.rpm 1714078 3c4bd4f7ef337aa8dae6b7e6348aca93
<Turbolinux FUJI>
Source Packages Size: MD5
ruby-1.8.3-2.src.rpm 4233069 0b9803dadac3a42426ca35beefaea853
Binary Packages Size: MD5
ruby-1.8.3-2.i686.rpm 2524110 89d1378b37665d4bda59a13a2608b0ac
<Turbolinux 10 Server x64 Edition>
Source Packages Size: MD5
ruby-1.8.1-8.src.rpm 2681065 34e6f64eb451e96d0b377afe73a04dc0
Binary Packages Size: MD5
ruby-1.8.1-8.x86_64.rpm 1816768 eb67c604ea242db98c1f3ad06709b19e
<Turbolinux 10 Server>
Source Packages Size: MD5
ruby-1.8.1-8.src.rpm 2681065 a7e933b2b1527bccff8d89aa08f532fd
Binary Packages Size: MD5
ruby-1.8.1-8.i586.rpm 1714078 3c4bd4f7ef337aa8dae6b7e6348aca93
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal>
Source Packages Size: MD5
ruby-1.6.8-5.src.rpm 1031104 1ff9718461af0dac0d2d59de9e6fb660
Binary Packages Size: MD5
ruby-1.6.8-5.i586.rpm 993096 5446f552b47c67cb053197c5f71877ab
<Turbolinux 8 Server>
Source Packages Size: MD5
ruby-1.6.4-6.src.rpm 907910 3e0b0869d19207c8c316c65325c089cf
Binary Packages Size: MD5
ruby-1.6.4-6.i586.rpm 984747 fd2d37402ec4ae339ee3994d0716df2a
References:
CVE [CVE-2006-5467] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5467 [CVE-2006-6303] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6303
-------------------------------------------------------------------------- Revision History 24 Jan 2007 Initial release --------------------------------------------------------------------------
Copyright(C) 2007 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFFtzBaK0LzjOqIJMwRArgYAJsEpa2wxxQFyL2Wgv3NqQQIvXFgwwCfUXJI 56iUnFJctDSSi8dp4UaoLPs= =o4WU -----END PGP SIGNATURE-----
|
|
|
|