Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

SUSE: 2013:0609-1 Important: rubygem-json_pure Denial of Service

suse
Calendar Grey April 3, 2013
Dist Suse Esm H88
This SUSE update fixes a critical vulnerability in rubygem-json_pure that could lead to a denial of service. Check out the patch details here.
An update that fixes one vulnerability is now available

Summary

The json_pure Ruby Gem has been updated to fix a Denial of Service and Unsafe Object Creation vulnerability in JSON (CVE-2013-0269) Additional fixes: * Entity expansion DoS vulnerability in REXML (XML bomb) Security Issue reference: * CVE-2013-0269 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST 1.2: zypper in -t patch slewyst12-rubygem-json_pure-7486 - SUSE Studio Standard Edition 1.2: zypper in -t patch sleslms12-rubygem-json_pure-7486 - SUSE Studio Extension for System z 1.2: zypper in -t patch slestso12-rubygem-json_pure-7486 To bring your system up-to-date, use "zypper patch". Package List:

Topics%20covered

Topics Covered

security advisory software update DoS important SUSE rubygem json_pure

References

#803342

Cross- CVE-2013-0269

Affected Products:

WebYaST 1.2

SUSE Studio Standard Edition 1.2

SUSE Studio Extension for System z 1.2

https://www.suse.com/security/cve/CVE-2013-0269.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2013:0609-1
Rating: important

Topics%20covered

Topics Covered

security advisory software update DoS important SUSE rubygem json_pure

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here