Pardus Linux Security Advisory - A vulnerability has been reported in Ruby, which can be exploited by malicious people to cause a DoS (Denial of Service).
c6e9d536c199df4973a3e06474000294ccc5a550605dc6539e629df16a27784f------------------------------------------------------------------------
Pardus Linux Security Advisory 2008-35 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2008-09-01
Severity: 3
Type: Remote
------------------------------------------------------------------------
Summary
=======
A vulnerability has been reported in Ruby, which can be exploited by
malicious people to cause a DoS (Denial of Service).
Description
===========
The vulnerability is caused due to an error in the REXML library when
processing recursively nested XML entities. This can be exploited to
cause a DoS via a specially crafted XML document.
Note: This vulnerability found by Luka Treiber and Mitja Kolsek of ACROS
Security.
Affected packages:
Pardus 2008:
ruby, all before 1.8.7_p72-17-5
ruby-mode, all before 1.8.7_p72-17-5
Pardus 2007:
ruby, all before 1.8.7_p72-17-14
ruby-mode, all before 1.8.7_p72-17-5
Resolution
==========
There are update(s) for ruby, ruby-mode. You can update them via Package
Manager or with a single command from console:
Pardus 2008:
pisi up ruby ruby-mode
Pardus 2007:
pisi up ruby ruby-mode
References
==========
* http://security.pardus.org.tr/en/2008-35
* http://bugs.pardus.org.tr/show_bug.cgi?id=8044
* http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/
* http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3790
* http://secunia.com/advisories/31602
------------------------------------------------------------------------
--
Pınar Yanardağ
Pardus Security Team
http://security.pardus.org.tr
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed