[SECURITY] [DSA 2738-1] ruby1.9.1 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2738-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst August 18, 2013 http://www.debian.org/security/faq -...

DSA-2738-1 ruby1.9.1 - several

Bulletin has no description...

Debian Security Advisory DSA 2738-1 (ruby1.9.1 - several vulnerabilities)

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1821 Ben Murphy discovered that unrestricted entity...

ruby: entity expansion DoS vulnerability in REXML

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack...

Oracle Linux 5 : ruby (ELSA-2013-0611)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0611 advisory. 1.8.5-29 - Fix regression introduced by fix for entity expansion DOS vulnerability in REXML https://bugs.ruby-lang.org/issues/7961...

ruby: entity expansion DoS vulnerability in REXML

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack...

Important: Red Hat Security Advisory: Fuse ESB Enterprise 7.1.0 update

Fuse ESB Enterprise 7.1.0 roll up patch 1, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores,...

Mandriva Linux Security Advisory : ruby (MDVSA-2013:124)

Updated ruby packages fix security vulnerabilities : Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions CVE-2012-4466, CVE-2012-4481. It was...

Design/Logic Flaw

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack...

CVE-2013-1821

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack...

CVE-2013-1821

CVE-2013-1821 is an XML Entity Expansion (XEE) denial-of-service vulnerability in the REXML parser of Ruby. The provided sources confirm affected Ruby/REXML configurations across multiple lines: Ruby before 1.9.3-p392 (initial description) and extended references indicate the issue affects 1.9.x ...

SuSE 10 Security Update : ruby (ZYPP Patch Number 8524)

The ruby interpreter received a fix for two security issues : - Ruby's $SAFE mechanism enables untrusted user codes to run in $SAFE = 4 mode. This is a kind of sandboxing so some operations are restricted in that mode to protect other data outside the sandbox. CVE-2012-4466 The problem found was...

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : ruby1.8, ruby1.9.1 vulnerability (USN-1780-1)

Ben Murphy discovered that the Ruby REXML library incorrectly handled XML entity expansion. An attacker could use this flaw to cause Ruby to consume large amounts of memory, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly...

USN-1780-1: Ruby vulnerability

Ben Murphy discovered that the Ruby REXML library incorrectly handled XML entity expansion. An attacker could use this flaw to cause Ruby to consume large amounts of memory, resulting in a denial of service...

Medium: ruby

Issue Overview: It was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially-crafted XML content, which will result in REXML...

CentOS Update for ruby CESA-2013:0611 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS 6 : ruby (CESA-2013:0612)

Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availab...

ruby security update

CentOS Errata and Security Advisory CESA-2013:0612 Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores...

ruby security update

CentOS Errata and Security Advisory CESA-2013:0611 Updated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score...

RedHat Update for ruby RHSA-2013:0611-01

Check for the Version of ruby OpenVAS Vulnerability Test RedHat Update for ruby RHSA-2013:0611-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...