Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 79557 - dev-ruby/ruby-fcgi bump with a fix for a potential DoS
Summary: dev-ruby/ruby-fcgi bump with a fix for a potential DoS
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~3 [noglsa] jaervosz
Keywords:
Depends on:
Blocks: 79565
  Show dependency tree
 
Reported: 2005-01-26 02:46 UTC by Xavier Neys (RETIRED)
Modified: 2007-01-06 16:53 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
ruby-fcgi-0.8.5.ebuild (ruby-fcgi-0.8.5.ebuild,638 bytes, text/plain)
2005-01-26 02:47 UTC, Xavier Neys (RETIRED) 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Xavier Neys (RETIRED) gentoo-dev 2005-01-26 02:46:15 UTC 
ruby-fcgi b0rks with SIGABRT whenever the client breaks the connection with the server.
This can lead to a DoS because mod_fastcgi will refuse to spawn new fcgi processes after a while.
FYI, mod_fcgid (see bug #79313) is more resilient and recovers faster but will issue some errors 503 anyway.
Comment 1 Xavier Neys (RETIRED) gentoo-dev 2005-01-26 02:47:26 UTC 
Created attachment 49549 [details]
ruby-fcgi-0.8.5.ebuild

Please get into portage asap
KEYWORDS reset to ~x86 because I can't test on anything else atm.
Comment 2 Xavier Neys (RETIRED) gentoo-dev 2005-01-26 10:36:15 UTC 
Could anyone from the ruby herd take care of this one?
Thanks a lot.
Comment 3 Gentoo Ruby Team gentoo-dev 2005-02-01 00:05:35 UTC 
Added ruby-fcgi-0.8.5.ebuild to CVS.
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-02-01 01:02:04 UTC 
Thx everyone. 

Is this properly reported upstream, from the description it appears that the issue is not completely fixed and filed as restricted?

Xavier please asssing such issues directly to security next time.
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-02-04 12:15:44 UTC 
~ -> closing without GLSA