Ruby http/xmlrpc server DoS A bug was found in the way ruby creates its http (and thus xmlrpc) server. The server uses blocking sockets, so if it is possible to send a very large amount of data via the socket, the server will block other connections resulting in a denial of service. The original report (and patch) are here: http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-dev/27787 A reproducer is described here: http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-dev/26405 This issue also affects FC4
As I said in the mail, those issues has been fixed in 1.8.3. So it won't affects ruby packages on FC since we've already pushed 1.8.4 for them.