ELSA-2014-1911

Опубликовано: 26 нояб. 2014

Источник: oracle-oval

Платформа: Oracle Linux 6

Описание

ELSA-2014-1911: ruby security update (MODERATE)

[1.8.7.374-3]

Fix REXML billion laughs attack via parameter entity expansion (CVE-2014-8080). Resolves: rhbz#1163993
REXML incomplete fix for CVE-2014-8080 (CVE-2014-8090). Resolves: rhbz#1163993

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

ruby

1.8.7.374-3.el6_6

ruby-devel

1.8.7.374-3.el6_6

ruby-docs

1.8.7.374-3.el6_6

ruby-irb

1.8.7.374-3.el6_6

ruby-libs

1.8.7.374-3.el6_6

ruby-rdoc

1.8.7.374-3.el6_6

ruby-ri

1.8.7.374-3.el6_6

ruby-static

1.8.7.374-3.el6_6

ruby-tcltk

1.8.7.374-3.el6_6

Oracle Linux i686

ruby

1.8.7.374-3.el6_6

ruby-devel

1.8.7.374-3.el6_6

ruby-docs

1.8.7.374-3.el6_6

ruby-irb

1.8.7.374-3.el6_6

ruby-libs

1.8.7.374-3.el6_6

ruby-rdoc

1.8.7.374-3.el6_6

ruby-ri

1.8.7.374-3.el6_6

ruby-static

1.8.7.374-3.el6_6

ruby-tcltk

1.8.7.374-3.el6_6

Связанные CVE

CVE-2014-8090

CVE-2014-8080

Ссылки на источники

Связанные уязвимости

ELSA-2014-1913

oracle-oval

больше 9 лет назад

ELSA-2014-1913: ruby193-ruby security update (MODERATE)

ELSA-2014-1912

oracle-oval

почти 11 лет назад

ELSA-2014-1912: ruby security update (MODERATE)

CVE-2014-8090

ubuntu

почти 11 лет назад

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.

CVE-2014-8090

redhat

почти 11 лет назад

CVE-2014-8090

nvd

почти 11 лет назад