Описание
ELSA-2013-0611: ruby security update (MODERATE)
[1.8.5-29]
- Fix regression introduced by fix for entity expansion DOS vulnerability
in REXML (https://bugs.ruby-lang.org/issues/7961)
- ruby-2.0.0-add-missing-rexml-require.patch
- Related: rhbz#915377
[1.8.5-28]
- Addresses entity expansion DoS vulnerability in REXML.
- ruby-2.0.0-entity-expansion-DoS-vulnerability-in-REXML.patch
- Resolves: rhbz#915377
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
ruby
1.8.5-29.el5_9
ruby-devel
1.8.5-29.el5_9
ruby-docs
1.8.5-29.el5_9
ruby-irb
1.8.5-29.el5_9
ruby-libs
1.8.5-29.el5_9
ruby-mode
1.8.5-29.el5_9
ruby-rdoc
1.8.5-29.el5_9
ruby-ri
1.8.5-29.el5_9
ruby-tcltk
1.8.5-29.el5_9
Oracle Linux x86_64
ruby
1.8.5-29.el5_9
ruby-devel
1.8.5-29.el5_9
ruby-docs
1.8.5-29.el5_9
ruby-irb
1.8.5-29.el5_9
ruby-libs
1.8.5-29.el5_9
ruby-mode
1.8.5-29.el5_9
ruby-rdoc
1.8.5-29.el5_9
ruby-ri
1.8.5-29.el5_9
ruby-tcltk
1.8.5-29.el5_9
Oracle Linux i386
ruby
1.8.5-29.el5_9
ruby-devel
1.8.5-29.el5_9
ruby-docs
1.8.5-29.el5_9
ruby-irb
1.8.5-29.el5_9
ruby-libs
1.8.5-29.el5_9
ruby-mode
1.8.5-29.el5_9
ruby-rdoc
1.8.5-29.el5_9
ruby-ri
1.8.5-29.el5_9
ruby-tcltk
1.8.5-29.el5_9
Связанные CVE
Связанные уязвимости
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows ...
