Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 502
Alerts This Week
Warning Icon 1 502

Scientific Linux: CVE-2013-1821 Moderate: Ruby Denial of Service Risk

Scientific Large Esm H446
Moderate: ruby security update
Date: Thu, 7 Mar 2013 16:17:21 -0600
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: ruby on SL5.x i386/x86_64
MIME-Version: 1.0

Synopsis: Moderate: ruby security update
Issue Date: 2013-03-07
CVE Numbers: CVE-2013-1821
--

It was discovered that Ruby's REXML library did not properly restrict XML
entity expansion. An attacker could use this flaw to cause a denial of
service by tricking a Ruby application using REXML to read text nodes from
specially-crafted XML content, which will result in REXML consuming large
amounts of system memory. (CVE-2013-1821)
--

SL5
 x86_64
 ruby-1.8.5-29.el5_9.x86_64.rpm
 ruby-debuginfo-1.8.5-29.el5_9.i386.rpm
 ruby-debuginfo-1.8.5-29.el5_9.x86_64.rpm
 ruby-docs-1.8.5-29.el5_9.x86_64.rpm
 ruby-irb-1.8.5-29.el5_9.x86_64.rpm
 ruby-libs-1.8.5-29.el5_9.i386.rpm
 ruby-libs-1.8.5-29.el5_9.x86_64.rpm
 ruby-rdoc-1.8.5-29.el5_9.x86_64.rpm
 ruby-ri-1.8.5-29.el5_9.x86_64.rpm
 ruby-tcltk-1.8.5-29.el5_9.x86_64.rpm
 ruby-devel-1.8.5-29.el5_9.i386.rpm
 ruby-devel-1.8.5-29.el5_9.x86_64.rpm
 ruby-mode-1.8.5-29.el5_9.x86_64.rpm
 i386
 ruby-1.8.5-29.el5_9.i386.rpm
 ruby-debuginfo-1.8.5-29.el5_9.i386.rpm
 ruby-docs-1.8.5-29.el5_9.i386.rpm
 ruby-irb-1.8.5-29.el5_9.i386.rpm
 ruby-libs-1.8.5-29.el5_9.i386.rpm
 ruby-rdoc-1.8.5-29.el5_9.i386.rpm
 ruby-ri-1.8.5-29.el5_9.i386.rpm
 ruby-tcltk-1.8.5-29.el5_9.i386.rpm
 ruby-devel-1.8.5-29.el5_9.i386.rpm
 ruby-mode-1.8.5-29.el5_9.i386.rpm

- Scientific Linux Development Team