rubygem-cgi_multipart_eof_fix-2.5.0.txz


Advertisement

Description

rubygem-cgi_multipart_eof_fix - Fix an exploitable bug in CGI multipart parsing

Property Value
Distribution FreeBSD 11
Repository FreeBSD Ports Latest amd64
Package filename rubygem-cgi_multipart_eof_fix-2.5.0.txz
Package name rubygem-cgi_multipart_eof_fix
Package version 2.5.0
Package release -
Package architecture amd64
Package type txz
Category rubygems www
Homepage http://blog.evanweaver.com/pages/code#cgi_multipart_eof_fix
License RUBY, GPLv2
Maintainer ruby@FreeBSD.org
Download size 13.20 KB
Installed size 36.79 KB
Fixes an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5.
When multipart boundary attributes contain non-halting regular
expression strings, the boundary searcher in the CGI module does not properly
escape the parameter and will execute arbitrary regular expressions.
This fix adds escaping for the user data.
* Affected application servers: standalone CGI, Mongrel, WEBrick
* Unaffected: FastCGI, Ruby 1.8.6 (all servers)
* Unknown: mod_ruby
This fix will not modify versions of Ruby greater than 1.8.5, and is
cumulative with previous CGI multipart vulnerability fixes.
WWW: http://blog.evanweaver.com/pages/code#cgi_multipart_eof_fix

Alternatives

Package Version Architecture Repository
rubygem-cgi_multipart_eof_fix-2.5.0.txz 2.5.0 i386 FreeBSD Ports Quarterly
rubygem-cgi_multipart_eof_fix-2.5.0.txz 2.5.0 amd64 FreeBSD Ports Quarterly
rubygem-cgi_multipart_eof_fix-2.5.0.txz 2.5.0 i386 FreeBSD Ports Latest
rubygem-cgi_multipart_eof_fix - - -

Requires

Name Value
ruby = 2.4.6,1
ruby24-gems = 3.0.3

Download

Type URL
Mirror pkg.freebsd.org
Binary Package rubygem-cgi_multipart_eof_fix-2.5.0.txz
Source Package www/rubygem-cgi_multipart_eof_fix

Install Howto

Install rubygem-cgi_multipart_eof_fix txz package:

# pkg install rubygem-cgi_multipart_eof_fix

See Also

Package Description
rubygem-character_set-1.4.0.txz Build, read, write and compare sets of Unicode codepoints
rubygem-charlock_holmes-0.7.6_2.txz Gems for character encoding detection
rubygem-chef-13.8.3_1.txz Systems integration framework. Client part
rubygem-chef-api-0.9.0.txz Leightweight Chef API client
rubygem-chef-config-13.8.3.txz Default configuration and config loading library for Chef
rubygem-chef-config12-12.22.5.txz Default configuration and config loading library for Chef
rubygem-chef-dk-2.6.2.txz Systems integration framework. Development Kit
rubygem-chef-provisioning-2.7.6.txz Library for creating machines and infrastructures idempotently in Chef
rubygem-chef-zero-13.1.0.txz Self-contained, easy-setup, fast-start in-memory Chef server
rubygem-chef-zero5-5.3.2.txz Self-contained, easy-setup, fast-start in-memory Chef server
rubygem-chef12-12.22.5.txz Systems integration framework. Client part
rubygem-cheffish-13.1.0.txz Library to manipulate Chef in Chef
rubygem-chewy-5.1.0.txz ODM and wrapper for Elasticsearch client
rubygem-childprocess-3.0.0.txz External background process controller
rubygem-childprocess2-2.0.0.txz External background process controller
Advertisement
Advertisement