What Are You Looking For?

Sign Up
Date:         Fri, 5 Dec 2008 13:42:06 -0600
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA for ruby on SL4.x, SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Moderate: ruby security update
Issue date:	2008-12-04
CVE Names:	CVE-2008-4310

Vincent Danen reported, that Red Hat Security Advisory RHSA-2008:0897
did not properly address a denial of service flaw in the WEBrick (Ruby
HTTP server toolkit), known as CVE-2008-3656. This flaw allowed a
remote attacker to send a specially-crafted HTTP request to a WEBrick
server that would cause the server to use excessive CPU time. This
update properly addresses this flaw. (CVE-2008-4310)

SL 4.x

     SRPMS:
ruby-1.8.1-7.el4_7.2.src.rpm
     i386:
irb-1.8.1-7.el4_7.2.i386.rpm
ruby-1.8.1-7.el4_7.2.i386.rpm
ruby-devel-1.8.1-7.el4_7.2.i386.rpm
ruby-docs-1.8.1-7.el4_7.2.i386.rpm
ruby-libs-1.8.1-7.el4_7.2.i386.rpm
ruby-mode-1.8.1-7.el4_7.2.i386.rpm
ruby-tcltk-1.8.1-7.el4_7.2.i386.rpm
     x86_64:
irb-1.8.1-7.el4_7.2.x86_64.rpm
ruby-1.8.1-7.el4_7.2.x86_64.rpm
ruby-devel-1.8.1-7.el4_7.2.x86_64.rpm
ruby-docs-1.8.1-7.el4_7.2.x86_64.rpm
ruby-libs-1.8.1-7.el4_7.2.i386.rpm
ruby-libs-1.8.1-7.el4_7.2.x86_64.rpm
ruby-mode-1.8.1-7.el4_7.2.x86_64.rpm
ruby-tcltk-1.8.1-7.el4_7.2.x86_64.rpm

SL 5.x

     SRPMS:
ruby-1.8.5-5.el5_2.6.src.rpm
     i386:
ruby-1.8.5-5.el5_2.6.i386.rpm
ruby-devel-1.8.5-5.el5_2.6.i386.rpm
ruby-docs-1.8.5-5.el5_2.6.i386.rpm
ruby-irb-1.8.5-5.el5_2.6.i386.rpm
ruby-libs-1.8.5-5.el5_2.6.i386.rpm
ruby-mode-1.8.5-5.el5_2.6.i386.rpm
ruby-rdoc-1.8.5-5.el5_2.6.i386.rpm
ruby-ri-1.8.5-5.el5_2.6.i386.rpm
ruby-tcltk-1.8.5-5.el5_2.6.i386.rpm
     x86_64:
ruby-1.8.5-5.el5_2.6.x86_64.rpm
ruby-devel-1.8.5-5.el5_2.6.i386.rpm
ruby-devel-1.8.5-5.el5_2.6.x86_64.rpm
ruby-docs-1.8.5-5.el5_2.6.x86_64.rpm
ruby-irb-1.8.5-5.el5_2.6.x86_64.rpm
ruby-libs-1.8.5-5.el5_2.6.i386.rpm
ruby-libs-1.8.5-5.el5_2.6.x86_64.rpm
ruby-mode-1.8.5-5.el5_2.6.x86_64.rpm
ruby-rdoc-1.8.5-5.el5_2.6.x86_64.rpm
ruby-ri-1.8.5-5.el5_2.6.x86_64.rpm
ruby-tcltk-1.8.5-5.el5_2.6.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2008-4310 ruby SL4.x, SL5.x i386/x86_64

Moderate: ruby security update

Summary

Date:         Fri, 5 Dec 2008 13:42:06 -0600Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA for ruby on SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Moderate: ruby security updateIssue date:	2008-12-04CVE Names:	CVE-2008-4310Vincent Danen reported, that Red Hat Security Advisory RHSA-2008:0897did not properly address a denial of service flaw in the WEBrick (RubyHTTP server toolkit), known as CVE-2008-3656. This flaw allowed aremote attacker to send a specially-crafted HTTP request to a WEBrickserver that would cause the server to use excessive CPU time. Thisupdate properly addresses this flaw. (CVE-2008-4310)SL 4.x     SRPMS:ruby-1.8.1-7.el4_7.2.src.rpm     i386:irb-1.8.1-7.el4_7.2.i386.rpmruby-1.8.1-7.el4_7.2.i386.rpmruby-devel-1.8.1-7.el4_7.2.i386.rpmruby-docs-1.8.1-7.el4_7.2.i386.rpmruby-libs-1.8.1-7.el4_7.2.i386.rpmruby-mode-1.8.1-7.el4_7.2.i386.rpmruby-tcltk-1.8.1-7.el4_7.2.i386.rpm     x86_64:irb-1.8.1-7.el4_7.2.x86_64.rpmruby-1.8.1-7.el4_7.2.x86_64.rpmruby-devel-1.8.1-7.el4_7.2.x86_64.rpmruby-docs-1.8.1-7.el4_7.2.x86_64.rpmruby-libs-1.8.1-7.el4_7.2.i386.rpmruby-libs-1.8.1-7.el4_7.2.x86_64.rpmruby-mode-1.8.1-7.el4_7.2.x86_64.rpmruby-tcltk-1.8.1-7.el4_7.2.x86_64.rpmSL 5.x     SRPMS:ruby-1.8.5-5.el5_2.6.src.rpm     i386:ruby-1.8.5-5.el5_2.6.i386.rpmruby-devel-1.8.5-5.el5_2.6.i386.rpmruby-docs-1.8.5-5.el5_2.6.i386.rpmruby-irb-1.8.5-5.el5_2.6.i386.rpmruby-libs-1.8.5-5.el5_2.6.i386.rpmruby-mode-1.8.5-5.el5_2.6.i386.rpmruby-rdoc-1.8.5-5.el5_2.6.i386.rpmruby-ri-1.8.5-5.el5_2.6.i386.rpmruby-tcltk-1.8.5-5.el5_2.6.i386.rpm     x86_64:ruby-1.8.5-5.el5_2.6.x86_64.rpmruby-devel-1.8.5-5.el5_2.6.i386.rpmruby-devel-1.8.5-5.el5_2.6.x86_64.rpmruby-docs-1.8.5-5.el5_2.6.x86_64.rpmruby-irb-1.8.5-5.el5_2.6.x86_64.rpmruby-libs-1.8.5-5.el5_2.6.i386.rpmruby-libs-1.8.5-5.el5_2.6.x86_64.rpmruby-mode-1.8.5-5.el5_2.6.x86_64.rpmruby-rdoc-1.8.5-5.el5_2.6.x86_64.rpmruby-ri-1.8.5-5.el5_2.6.x86_64.rpmruby-tcltk-1.8.5-5.el5_2.6.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News

Krasue RAT Malware Hides on Linux Servers Using Embedded Rootkits

Dec 7, 2023

Kali vs. ParrotOS: 2 Versatile Linux Distros for Security Pros

Dec 9, 2023

Kali Linux 2023.4 Released With New Hacking Tools

Dec 6, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo