Red Hat Bugzilla – Bug 189540
CVE-2006-1931 Ruby http/xmlrpc server DoS
Last modified: 2007-11-30 17:11:31 EST
Ruby http/xmlrpc server DoS
A bug was found in the way ruby creates its http (and thus xmlrpc)
server. The server uses blocking sockets, so if it is possible to
send a very large amount of data via the socket, the server will block
other connections resulting in a denial of service.
The original report (and patch) are here:
A reproducer is described here:
This issue also affects FC4
As I said in the mail, those issues has been fixed in 1.8.3.
So it won't affects ruby packages on FC since we've already pushed 1.8.4 for them.