Описание
ELSA-2013-0612: ruby security update (MODERATE)
[1.8.7.352-10]
- escaping vulnerability about Exception#to_s / NameError#to_s
- ruby-1.8.7-p371-CVE-2012-4481.patch
- Related: rhbz#915379
[1.8.7.352-9]
- Fix regression introduced by fix for entity expansion DOS vulnerability
in REXML (https://bugs.ruby-lang.org/issues/7961)
- ruby-2.0.0-add-missing-rexml-require.patch
- Related: rhbz#915379
[1.8.7.352-8]
- Addresses entity expansion DoS vulnerability in REXML.
- ruby-2.0.0-entity-expansion-DoS-vulnerability-in-REXML.patch
- Resolves: rhbz#915379
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
ruby
1.8.7.352-10.el6_4
ruby-devel
1.8.7.352-10.el6_4
ruby-docs
1.8.7.352-10.el6_4
ruby-irb
1.8.7.352-10.el6_4
ruby-libs
1.8.7.352-10.el6_4
ruby-rdoc
1.8.7.352-10.el6_4
ruby-ri
1.8.7.352-10.el6_4
ruby-static
1.8.7.352-10.el6_4
ruby-tcltk
1.8.7.352-10.el6_4
Oracle Linux i686
ruby
1.8.7.352-10.el6_4
ruby-devel
1.8.7.352-10.el6_4
ruby-docs
1.8.7.352-10.el6_4
ruby-irb
1.8.7.352-10.el6_4
ruby-libs
1.8.7.352-10.el6_4
ruby-rdoc
1.8.7.352-10.el6_4
ruby-ri
1.8.7.352-10.el6_4
ruby-static
1.8.7.352-10.el6_4
ruby-tcltk
1.8.7.352-10.el6_4
Связанные CVE
Связанные уязвимости
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows ...
The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.