(RHSA-2014:1911) Moderate: ruby security update

2014-11-2600:00:00

access.redhat.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.154 Low

EPSS

Percentile

95.0%

JSON

Ruby is an extensible, interpreted, object-oriented, scripting language.
It has features to process text files and to perform system management
tasks.

Multiple denial of service flaws were found in the way the Ruby REXML XML
parser performed expansion of parameter entities. A specially crafted XML
document could cause REXML to use an excessive amount of CPU and memory.
(CVE-2014-8080, CVE-2014-8090)

The CVE-2014-8090 issue was discovered by Red Hat Product Security.

All ruby users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All running instances
of Ruby need to be restarted for this update to take effect.

OSVersionArchitecturePackageVersionFilename
RedHat6ppc64ruby-debuginfo< 1.8.7.374-3.el6_6ruby-debuginfo-1.8.7.374-3.el6_6.ppc64.rpm
RedHat6x86_64ruby-static< 1.8.7.374-3.el6_6ruby-static-1.8.7.374-3.el6_6.x86_64.rpm
RedHat6i686ruby-irb< 1.8.7.374-3.el6_6ruby-irb-1.8.7.374-3.el6_6.i686.rpm
RedHat6s390xruby-ri< 1.8.7.374-3.el6_6ruby-ri-1.8.7.374-3.el6_6.s390x.rpm
RedHat6i686ruby-ri< 1.8.7.374-3.el6_6ruby-ri-1.8.7.374-3.el6_6.i686.rpm
RedHat6ppc64ruby-rdoc< 1.8.7.374-3.el6_6ruby-rdoc-1.8.7.374-3.el6_6.ppc64.rpm
RedHat6x86_64ruby-libs< 1.8.7.374-3.el6_6ruby-libs-1.8.7.374-3.el6_6.x86_64.rpm
RedHat6ppcruby-devel< 1.8.7.374-3.el6_6ruby-devel-1.8.7.374-3.el6_6.ppc.rpm
RedHat6s390xruby-tcltk< 1.8.7.374-3.el6_6ruby-tcltk-1.8.7.374-3.el6_6.s390x.rpm
RedHat6i686ruby-static< 1.8.7.374-3.el6_6ruby-static-1.8.7.374-3.el6_6.i686.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	6	ppc64	ruby-debuginfo	< 1.8.7.374-3.el6_6	ruby-debuginfo-1.8.7.374-3.el6_6.ppc64.rpm
RedHat	6	x86_64	ruby-static	< 1.8.7.374-3.el6_6	ruby-static-1.8.7.374-3.el6_6.x86_64.rpm
RedHat	6	i686	ruby-irb	< 1.8.7.374-3.el6_6	ruby-irb-1.8.7.374-3.el6_6.i686.rpm
RedHat	6	s390x	ruby-ri	< 1.8.7.374-3.el6_6	ruby-ri-1.8.7.374-3.el6_6.s390x.rpm
RedHat	6	i686	ruby-ri	< 1.8.7.374-3.el6_6	ruby-ri-1.8.7.374-3.el6_6.i686.rpm
RedHat	6	ppc64	ruby-rdoc	< 1.8.7.374-3.el6_6	ruby-rdoc-1.8.7.374-3.el6_6.ppc64.rpm
RedHat	6	x86_64	ruby-libs	< 1.8.7.374-3.el6_6	ruby-libs-1.8.7.374-3.el6_6.x86_64.rpm
RedHat	6	ppc	ruby-devel	< 1.8.7.374-3.el6_6	ruby-devel-1.8.7.374-3.el6_6.ppc.rpm
RedHat	6	s390x	ruby-tcltk	< 1.8.7.374-3.el6_6	ruby-tcltk-1.8.7.374-3.el6_6.s390x.rpm
RedHat	6	i686	ruby-static	< 1.8.7.374-3.el6_6	ruby-static-1.8.7.374-3.el6_6.i686.rpm