First published: Thu Dec 04 2008(Updated: )
Ruby is an extensible, interpreted, object-oriented, scripting language. It<br>has features to process text files and to do system management tasks.<br>Vincent Danen reported, that Red Hat Security Advisory RHSA-2008:0897<br>did not properly address a denial of service flaw in the WEBrick (Ruby<br>HTTP server toolkit), known as CVE-2008-3656. This flaw allowed a<br>remote attacker to send a specially-crafted HTTP request to a WEBrick<br>server that would cause the server to use excessive CPU time. This<br>update properly addresses this flaw. (CVE-2008-4310)<br>All Ruby users should upgrade to these updated packages, which contain a<br>correct patch that resolves this issue.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/ruby | <1.8.5-5.el5_2.6 | 1.8.5-5.el5_2.6 |
redhat/ruby | <1.8.5-5.el5_2.6 | 1.8.5-5.el5_2.6 |
redhat/ruby-devel | <1.8.5-5.el5_2.6 | 1.8.5-5.el5_2.6 |
redhat/ruby-devel | <1.8.5-5.el5_2.6 | 1.8.5-5.el5_2.6 |
redhat/ruby-docs | <1.8.5-5.el5_2.6 | 1.8.5-5.el5_2.6 |
redhat/ruby-irb | <1.8.5-5.el5_2.6 | 1.8.5-5.el5_2.6 |
redhat/ruby-libs | <1.8.5-5.el5_2.6 | 1.8.5-5.el5_2.6 |
redhat/ruby-libs | <1.8.5-5.el5_2.6 | 1.8.5-5.el5_2.6 |
redhat/ruby-mode | <1.8.5-5.el5_2.6 | 1.8.5-5.el5_2.6 |
redhat/ruby-rdoc | <1.8.5-5.el5_2.6 | 1.8.5-5.el5_2.6 |
redhat/ruby-ri | <1.8.5-5.el5_2.6 | 1.8.5-5.el5_2.6 |
redhat/ruby-tcltk | <1.8.5-5.el5_2.6 | 1.8.5-5.el5_2.6 |
redhat/ruby-docs | <1.8.5-5.el5_2.6 | 1.8.5-5.el5_2.6 |
redhat/ruby-irb | <1.8.5-5.el5_2.6 | 1.8.5-5.el5_2.6 |
redhat/ruby-mode | <1.8.5-5.el5_2.6 | 1.8.5-5.el5_2.6 |
redhat/ruby-rdoc | <1.8.5-5.el5_2.6 | 1.8.5-5.el5_2.6 |
redhat/ruby-ri | <1.8.5-5.el5_2.6 | 1.8.5-5.el5_2.6 |
redhat/ruby-tcltk | <1.8.5-5.el5_2.6 | 1.8.5-5.el5_2.6 |
redhat/ruby | <1.8.1-7.el4_7.2 | 1.8.1-7.el4_7.2 |
redhat/irb | <1.8.1-7.el4_7.2 | 1.8.1-7.el4_7.2 |
redhat/ruby | <1.8.1-7.el4_7.2 | 1.8.1-7.el4_7.2 |
redhat/ruby-devel | <1.8.1-7.el4_7.2 | 1.8.1-7.el4_7.2 |
redhat/ruby-docs | <1.8.1-7.el4_7.2 | 1.8.1-7.el4_7.2 |
redhat/ruby-libs | <1.8.1-7.el4_7.2 | 1.8.1-7.el4_7.2 |
redhat/ruby-libs | <1.8.1-7.el4_7.2 | 1.8.1-7.el4_7.2 |
redhat/ruby-mode | <1.8.1-7.el4_7.2 | 1.8.1-7.el4_7.2 |
redhat/ruby-tcltk | <1.8.1-7.el4_7.2 | 1.8.1-7.el4_7.2 |
redhat/irb | <1.8.1-7.el4_7.2 | 1.8.1-7.el4_7.2 |
redhat/ruby-devel | <1.8.1-7.el4_7.2 | 1.8.1-7.el4_7.2 |
redhat/ruby-docs | <1.8.1-7.el4_7.2 | 1.8.1-7.el4_7.2 |
redhat/ruby-mode | <1.8.1-7.el4_7.2 | 1.8.1-7.el4_7.2 |
redhat/ruby-tcltk | <1.8.1-7.el4_7.2 | 1.8.1-7.el4_7.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of RHSA-2008:0981 is classified as moderate.
To fix RHSA-2008:0981, update the affected packages to the versions specified in the advisory.
RHSA-2008:0981 affects various packages including ruby, ruby-devel, and ruby-libs among others.
RHSA-2008:0981 addresses a denial of service vulnerability in Ruby.
Yes, RHSA-2008:0981 is applicable to both x86_64 and i386 architectures.