New Search

ELSA-2014-1912 -- ruby security update (moderate)

oval:org.mitre.oval:def:28303

[2.0.0.353-22] - Fix REXML billion laughs attack via parameter entity expansion (CVE-2014-8080). Resolves: rhbz#1163998 - REXML incomplete fix for CVE-2014-8080 (CVE-2014-8090). Resolves: rhbz#1163998 [2.0.0.353-21] - Fix off-by-one stack-based buffer overflow in the encodes() function (CVE-2014-4975) Resolves: rhbz#1163998 [2.0.0.353-21] - Fix FTBFS with new tzdata Related: rhbz#1163998

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Oracle Linux 7
Class:
patch
Reference(s):
  • ELSA-2014-1912
  • CVE-2014-8080
  • CVE-2014-8090
  • CVE-2014-4975
Product(s):
  • ruby