The Ruby developers discovered a potential Denial of Service vulnerability in the CGI module (cgi.rb). Specially crafted CGI requests could cause an infinite loop in the server process. Repetitive attacks could use most of the available processor resources, exhaust the number of allowed parallel connections in web servers, or cause similar effects which render the service unavailable.
There is no possibility of privilege escalation or data loss.
9 November 2004
A security issue affects these releases of Ubuntu and its derivatives:
The Ruby developers discovered a potential Denial of Service vulnerability in the CGI module (cgi.rb). Specially crafted CGI requests could cause an infinite loop in the server process. Repetitive attacks could use most of the available processor resources, exhaust the number of allowed parallel connections in web servers, or cause similar effects which render the service unavailable.
There is no possibility of privilege escalation or data loss.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
Vulmon