=========================================================== Ubuntu Security Notice USN-20-1 November 08, 2004 ruby1.8 vulnerability CAN-2004-0983 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: libruby1.8 The problem can be corrected by upgrading the affected package to version 1.8.1+1.8.2pre2-3ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: The Ruby developers discovered a potential Denial of Service vulnerability in the CGI module (cgi.rb). Specially crafted CGI requests could cause an infinite loop in the server process. Repetitive attacks could use most of the available processor resources, exhaust the number of allowed parallel connections in web servers, or cause similar effects which render the service unavailable. There is no possibility of privilege escalation or data loss.