Package: ruby Severity: important Version: 1.8.2-1 Version: 4.2 redhat has just released an updated version of ruby, which fixes a potential denial of service. the CVE is currently reserved [1], but redhat describes the problem as:
Vincent Danen reported, that Red Hat Security Advisory RHSA-2008:0897 did not properly address a denial of service flaw in the WEBrick (Ruby HTTP server toolkit), known as CVE-2008-3656. This flaw allowed a remote attacker to send a specially-crafted HTTP request to a WEBrick server that would cause the server to use excessive CPU time. This update properly addresses this flaw. (CVE-2008-4310) further details can be found in the redhat security announcement [2]. thanks for working to keep debian secure. [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4310 [2] https://rhn.redhat.com/errata/RHSA-2008-0981.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
