Security update for rubygem-json_pure (important)

2013-04-09T19:04:58
ID SUSE-SU-2013:0609-2
Type suse
Reporter Suse
Modified 2013-04-09T19:04:58

Description

The json_pure Ruby Gem has been updated to fix a Denial of Service and Unsafe Object Creation Vulnerability in JSON (CVE-2013-0269)

  • Entity expansion DoS vulnerability in REXML (XML bomb)

Security Issues:

  • CVE-2013-0269 <<a rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0269">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0269</a> >