The remote host is missing an update for the 'ruby' package(s) announced in the RedHat Update RHSA-2013:0611-01. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was discovered that Ruby's REXML library did not properly restrict XML entity expansion, which could lead to a denial of service attack. Please install the updated packages
Reporter | Title | Published | Views | Family All 79 |
---|---|---|---|---|
![]() | Amazon Linux AMI : ruby19 (ALAS-2013-195) | 4 Sep 201300:00 | – | nessus |
![]() | Oracle Linux 5 : ruby (ELSA-2013-0611) | 12 Jul 201300:00 | – | nessus |
![]() | RHEL 5 : ruby (RHSA-2013:0611) | 8 Mar 201300:00 | – | nessus |
![]() | Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : ruby1.8, ruby1.9.1 vulnerability (USN-1780-1) | 26 Mar 201300:00 | – | nessus |
![]() | CentOS 5 : ruby (CESA-2013:0611) | 8 Mar 201300:00 | – | nessus |
![]() | Scientific Linux Security Update : ruby on SL5.x i386/x86_64 (20130307) | 8 Mar 201300:00 | – | nessus |
![]() | SuSE 11.3 Security Update : Ruby (SAT Patch Number 9136) | 21 May 201400:00 | – | nessus |
![]() | openSUSE Security Update : ruby (openSUSE-SU-2013:0603-1) | 13 Jun 201400:00 | – | nessus |
![]() | Slackware 13.1 / 13.37 / 14.0 / current : ruby (SSA:2013-075-01) | 17 Mar 201300:00 | – | nessus |
![]() | Debian DSA-2738-1 : ruby1.9.1 - several vulnerabilities | 20 Aug 201300:00 | – | nessus |
Source | Link |
---|---|
redhat | www.redhat.com/archives/rhsa-announce/2013-March/msg00023.html |
# SPDX-FileCopyrightText: 2013 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_xref(name:"URL", value:"https://www.redhat.com/archives/rhsa-announce/2013-March/msg00023.html");
script_oid("1.3.6.1.4.1.25623.1.0.870954");
script_version("2024-03-21T05:06:54+0000");
script_tag(name:"last_modification", value:"2024-03-21 05:06:54 +0000 (Thu, 21 Mar 2024)");
script_tag(name:"creation_date", value:"2013-03-08 10:18:38 +0530 (Fri, 08 Mar 2013)");
script_cve_id("CVE-2013-1821");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_xref(name:"RHSA", value:"2013:0611-01");
script_name("RedHat Update for ruby RHSA-2013:0611-01");
script_tag(name:"summary", value:"The remote host is missing an update for the 'ruby'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2013 Greenbone AG");
script_family("Red Hat Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms", re:"ssh/login/release=RHENT_5");
script_tag(name:"affected", value:"ruby on Red Hat Enterprise Linux (v. 5 server)");
script_tag(name:"solution", value:"Please Install the Updated Packages.");
script_tag(name:"insight", value:"Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to do system management tasks.
It was discovered that Ruby's REXML library did not properly restrict XML
entity expansion. An attacker could use this flaw to cause a denial of
service by tricking a Ruby application using REXML to read text nodes from
specially-crafted XML content, which will result in REXML consuming large
amounts of system memory. (CVE-2013-1821)
All users of Ruby are advised to upgrade to these updated packages, which
contain backported patches to resolve this issue.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release) exit(0);
res = "";
if(release == "RHENT_5")
{
if ((res = isrpmvuln(pkg:"ruby", rpm:"ruby~1.8.5~29.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"ruby-debuginfo", rpm:"ruby-debuginfo~1.8.5~29.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"ruby-devel", rpm:"ruby-devel~1.8.5~29.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"ruby-docs", rpm:"ruby-docs~1.8.5~29.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"ruby-irb", rpm:"ruby-irb~1.8.5~29.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"ruby-libs", rpm:"ruby-libs~1.8.5~29.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"ruby-mode", rpm:"ruby-mode~1.8.5~29.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"ruby-rdoc", rpm:"ruby-rdoc~1.8.5~29.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"ruby-ri", rpm:"ruby-ri~1.8.5~29.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"ruby-tcltk", rpm:"ruby-tcltk~1.8.5~29.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo