Bugzilla – Bug 902851
VUL-0: CVE-2014-8080: ruby: ruby19: Denial Of Service XML Expansion
Last modified: 2015-02-13 14:42:15 UTC
rh#1157709 References: https://bugzilla.redhat.com/show_bug.cgi?id=1157709 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8080 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8080
bugbot adjusting priority
The fix backported already to 2.1: https://github.com/ruby/ruby/commit/31d25ce5037909f85af54d8ad197933cf0a6b635
the fix backported to 1.9.3 https://github.com/ruby/ruby/commit/8dab31ed2281946e58aac67a2764d2bb4f1310d5. version 1.9.3 < patchlevel 550, is affected.
An update workflow for this issue was started. This issue was rated as low. Please submit fixed packages until 2014-12-15. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/59699
This is an autogenerated message for OBS integration: This bug (902851) was mentioned in https://build.opensuse.org/request/show/263042 12.3 / ruby19 https://build.opensuse.org/request/show/263043 13.1 / ruby19
Created attachment 615133 [details] patch for 1.8.7
blocked on https://fate.suse.com/317961
openSUSE-SU-2014:1589-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 902851,905326 CVE References: CVE-2014-8080,CVE-2014-8090 Sources used: openSUSE 13.1 (src): ruby19-1.9.3.p448-2.8.1 openSUSE 12.3 (src): ruby19-1.9.3.p392-1.21.1
assigning to security team. I've submitted the packages. Automatic comments should appear next.
This is an autogenerated message for OBS integration: This bug (902851) was mentioned in https://build.opensuse.org/request/show/265829 13.1 / ruby20 https://build.opensuse.org/request/show/265830 13.2 / ruby2.1
openSUSE-SU-2015:0002-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 902851,905326 CVE References: CVE-2014-8080,CVE-2014-8090 Sources used: openSUSE 13.1 (src): ruby20-2.0.0.p247-3.19.1
openSUSE-SU-2015:0007-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 902851,905326 CVE References: CVE-2014-8080,CVE-2014-8090 Sources used: openSUSE 13.2 (src): ruby2.1-2.1.3-4.1
SUSE-SU-2015:0093-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 902851,905326 CVE References: CVE-2014-8080,CVE-2014-8090 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): ruby2.1-2.1.2-9.1 SUSE Linux Enterprise Server 12 (src): ruby2.1-2.1.2-9.1 SUSE Linux Enterprise Desktop 12 (src): ruby2.1-2.1.2-9.1
SUSE-SU-2015:0157-1: An update that fixes two vulnerabilities is now available. Category: security (low) Bug References: 902851,905326 CVE References: CVE-2014-8080,CVE-2014-8090 Sources used: SUSE Studio Onsite 1.3 (src): ruby19-1.9.3.p392-0.19.1 SUSE Linux Enterprise Software Development Kit 11 SP3 (src): ruby-1.8.7.p357-0.9.17.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): ruby-1.8.7.p357-0.9.17.1 SUSE Linux Enterprise Server 11 SP3 (src): ruby-1.8.7.p357-0.9.17.1 SUSE Linux Enterprise Desktop 11 SP3 (src): ruby-1.8.7.p357-0.9.17.1
released