Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Thu, 7 Mar 2013 16:17:21 -0600 Reply-To: Pat RieheckySender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Moderate: ruby on SL5.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: ruby security update Issue Date: 2013-03-07 CVE Numbers: CVE-2013-1821 -- It was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially-crafted XML content, which will result in REXML consuming large amounts of system memory. (CVE-2013-1821) -- SL5 x86_64 ruby-1.8.5-29.el5_9.x86_64.rpm ruby-debuginfo-1.8.5-29.el5_9.i386.rpm ruby-debuginfo-1.8.5-29.el5_9.x86_64.rpm ruby-docs-1.8.5-29.el5_9.x86_64.rpm ruby-irb-1.8.5-29.el5_9.x86_64.rpm ruby-libs-1.8.5-29.el5_9.i386.rpm ruby-libs-1.8.5-29.el5_9.x86_64.rpm ruby-rdoc-1.8.5-29.el5_9.x86_64.rpm ruby-ri-1.8.5-29.el5_9.x86_64.rpm ruby-tcltk-1.8.5-29.el5_9.x86_64.rpm ruby-devel-1.8.5-29.el5_9.i386.rpm ruby-devel-1.8.5-29.el5_9.x86_64.rpm ruby-mode-1.8.5-29.el5_9.x86_64.rpm i386 ruby-1.8.5-29.el5_9.i386.rpm ruby-debuginfo-1.8.5-29.el5_9.i386.rpm ruby-docs-1.8.5-29.el5_9.i386.rpm ruby-irb-1.8.5-29.el5_9.i386.rpm ruby-libs-1.8.5-29.el5_9.i386.rpm ruby-rdoc-1.8.5-29.el5_9.i386.rpm ruby-ri-1.8.5-29.el5_9.i386.rpm ruby-tcltk-1.8.5-29.el5_9.i386.rpm ruby-devel-1.8.5-29.el5_9.i386.rpm ruby-mode-1.8.5-29.el5_9.i386.rpm - Scientific Linux Development Team