+++ This bug was initially created as a clone of Bug #218287 +++ Description of problem: JVN#84798830 described a problem in cgi.rb, which results in infinite loop after certain HTTP request. While the original advisory is in Japan, you might want to translate it with Babelfish. Anyways, it doesn't contain any useful information. The upstream corrected the problem immediately in CVS and even released a new package with patchlevel of 2. Version-Release number of selected component (if applicable): All supported versions (RHEL 2.1 to 5, and both FC 5 and FC 6) seem to contain the vulnerable code. How reproducible: No reproducer. Additional info: The translated JVN avdisory: http://babelfish.altavista.com/babelfish/trurl_pagecontent?lp=ja_en&trurl=http%3a%2f%2fwww.ipa.go.jp%2fsecurity%2fvuln%2fdocuments%2f2006%2fJVN_84798830_Ruby.html -- Additional comment from lkundrak on 2006-12-04 09:09 EST -- Created an attachment (id=142732) Upstream patch for ruby cgi.rb DoS
fixed in 1.8.5.2-1.fc6 and 1.8.5.2-1.fc5.
ruby-1.8.5.2-1.fc6 has been pushed for fc6, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.