Security update for Ruby 1.9
SUSE Security Update: Security update for Ruby 1.9
The Ruby script interpreter 1.9 has been updated to 1.9.3
p392 fixing various bugs and security issues:
This release includes security fixes about bundled JSON and
REXML.
* Denial of Service and Unsafe Object Creation
Vulnerability in JSON (CVE-2013-0269)
* Entity expansion DoS vulnerability in REXML (XML bomb)
* XSS exploit of RDoc documentation generated by rdoc
(CVE-2013-0256)
And some small bugfixes are also included see
/usr/share/doc/packages/ruby19/Changelog for more details
Also the following bugfix was added:
* added bind_stack.patch: (bnc#796757) Fixes stack
boundary issues when embedding Ruby into threaded C code
(Ruby bug #229)
Security Issue reference:
* CVE-2013-0269
>
| Announcement ID: | SUSE-SU-2013:0647-1 |
| Rating: | important |
| References: | #783511 #789983 #791199 #796757 #802406 #803342 |
| Affected Products: |
An update that solves one vulnerability and has 5 fixes is now available.
Description:
The Ruby script interpreter 1.9 has been updated to 1.9.3
p392 fixing various bugs and security issues:
This release includes security fixes about bundled JSON and
REXML.
* Denial of Service and Unsafe Object Creation
Vulnerability in JSON (CVE-2013-0269)
* Entity expansion DoS vulnerability in REXML (XML bomb)
* XSS exploit of RDoc documentation generated by rdoc
(CVE-2013-0256)
And some small bugfixes are also included see
/usr/share/doc/packages/ruby19/Changelog for more details
Also the following bugfix was added:
* added bind_stack.patch: (bnc#796757) Fixes stack
boundary issues when embedding Ruby into threaded C code
(Ruby bug #229)
Security Issue reference:
* CVE-2013-0269
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Studio Onsite 1.3:
zypper in -t patch slestso13-ruby19-7496
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Studio Onsite 1.3 (x86_64):
- ruby19-1.9.3.p392-0.7.1
- ruby19-devel-1.9.3.p392-0.7.1
- ruby19-devel-extra-1.9.3.p392-0.7.1
References:
- http://support.novell.com/security/cve/CVE-2013-0269.html
- https://bugzilla.novell.com/783511
- https://bugzilla.novell.com/789983
- https://bugzilla.novell.com/791199
- https://bugzilla.novell.com/796757
- https://bugzilla.novell.com/802406
- https://bugzilla.novell.com/803342
- http://download.suse.com/patch/finder/?keywords=e50f6dac0ba6a3ba64aeb6f6f0f9b922