English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2007-1
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 24 Jan 2007
 Last revised: 24 Jan 2007

 Package: ruby

 Summary: Two vulnerabilities discovered in Ruby

 More information:
    Ruby is an interpreted scripting language designed to allow quick and
    easy object-oriented programming.  It has many features to process text
    files and to perform system management tasks (as in Perl).  It is simple,
    straight-forward, and extensible.

    Two issues have been discovered in Ruby:
    - CGI::allows remote attackers to cause a denial of service (infinite loop
      and CPU consumption) via an HTTP request with a multipart MIME body 
    - Service use disturbance (DoS) the vulnerability which becomes state 
      exists in cgi.rb which is the standard library of Ruby language.

 Impact:
    A specific HTTP request for any web application using cgi.rb causes CPU 
    consumption on the machine on which the web application is running. Many such
    requests result in a denial of service.

 Affected Products:
    - Turbolinux Appliance Server 2.0
    - Turbolinux FUJI
    - Turbolinux 10 Server x64 Edition
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server


 <Turbolinux Appliance Server 2.0>

   Source Packages
   Size: MD5

   ruby-1.8.1-8.src.rpm
      2681065 a7e933b2b1527bccff8d89aa08f532fd

   Binary Packages
   Size: MD5

   ruby-1.8.1-8.i586.rpm
      1714078 3c4bd4f7ef337aa8dae6b7e6348aca93

 <Turbolinux FUJI>

   Source Packages
   Size: MD5

   ruby-1.8.3-2.src.rpm
      4233069 0b9803dadac3a42426ca35beefaea853

   Binary Packages
   Size: MD5

   ruby-1.8.3-2.i686.rpm
      2524110 89d1378b37665d4bda59a13a2608b0ac

 <Turbolinux 10 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/ruby-1.8.1-8.src.rpm
      2681065 34e6f64eb451e96d0b377afe73a04dc0

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/ruby-1.8.1-8.x86_64.rpm
      1816768 eb67c604ea242db98c1f3ad06709b19e

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/ruby-1.8.1-8.src.rpm
      2681065 a7e933b2b1527bccff8d89aa08f532fd

   Binary Packages
   Size: MD5

   ruby-1.8.1-8.i586.rpm
      1714078 3c4bd4f7ef337aa8dae6b7e6348aca93

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/ruby-1.6.8-5.src.rpm
      1031104 1ff9718461af0dac0d2d59de9e6fb660

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/ruby-1.6.8-5.i586.rpm
       993096 5446f552b47c67cb053197c5f71877ab

 <Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/ruby-1.6.4-6.src.rpm
       907910 3e0b0869d19207c8c316c65325c089cf

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ruby-1.6.4-6.i586.rpm
       984747 fd2d37402ec4ae339ee3994d0716df2a


 References:

 CVE
   [CVE-2006-5467]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5467
   [CVE-2006-6303]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6303

 --------------------------------------------------------------------------
 Revision History
    24 Jan 2007 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2007 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFFtzBaK0LzjOqIJMwRArgYAJsEpa2wxxQFyL2Wgv3NqQQIvXFgwwCfUXJI
56iUnFJctDSSi8dp4UaoLPs=
=o4WU
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.