[ALAS-2013-195] Amazon Linux AMI 2012.09 - ALAS-2013-195: medium priority package update for ruby19
Severity
Medium
Affected Packages
22
CVEs
1
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2013-1821:
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
It was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially-crafted XML content, which will result in REXML consuming large amounts of system memory.
914716:
CVE-2013-1821 ruby: entity expansion DoS vulnerability in REXML
- ID
- ALAS-2013-195
- Severity
- medium
- URL
- https://alas.aws.amazon.com/ALAS-2013-195.html
- Published
-
2013-05-24T13:57:00
(11 years ago) - Modified
-
2014-09-15T23:07:00
(10 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
DSA-2738-1
ELSA-2013-0611
GLSA-201412-27
MAVEN:GHSA-HGG7-CGHQ-XHF4
RHSA-2013:0612
SSA:2013-075-01
USN-1780-1| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2013-1821 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/amazonlinux/rubygems19?arch=noarch&distro=amazonlinux-1 | amazonlinux |
 rubygems19
|
< 1.8.23-29.38.amzn1 | amazonlinux-1 | noarch | |
| Affected | pkg:rpm/amazonlinux/rubygems19-devel?arch=noarch&distro=amazonlinux-1 | amazonlinux |
rubygems19-devel
|
< 1.8.23-29.38.amzn1 | amazonlinux-1 | noarch | |
| Affected | pkg:rpm/amazonlinux/rubygem19-rdoc?arch=noarch&distro=amazonlinux-1 | amazonlinux |
rubygem19-rdoc
|
< 3.9.5-29.38.amzn1 | amazonlinux-1 | noarch | |
| Affected | pkg:rpm/amazonlinux/rubygem19-rake?arch=noarch&distro=amazonlinux-1 | amazonlinux |
rubygem19-rake
|
< 0.9.2.2-29.38.amzn1 | amazonlinux-1 | noarch | |
| Affected | pkg:rpm/amazonlinux/rubygem19-minitest?arch=noarch&distro=amazonlinux-1 | amazonlinux |
rubygem19-minitest
|
< 2.5.1-29.38.amzn1 | amazonlinux-1 | noarch | |
| Affected | pkg:rpm/amazonlinux/rubygem19-json?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
rubygem19-json
|
< 1.5.5-29.38.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/rubygem19-json?arch=i686&distro=amazonlinux-1 | amazonlinux |
rubygem19-json
|
< 1.5.5-29.38.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/rubygem19-io-console?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
rubygem19-io-console
|
< 0.3-29.38.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/rubygem19-io-console?arch=i686&distro=amazonlinux-1 | amazonlinux |
rubygem19-io-console
|
< 0.3-29.38.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/rubygem19-bigdecimal?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
rubygem19-bigdecimal
|
< 1.1.0-29.38.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/rubygem19-bigdecimal?arch=i686&distro=amazonlinux-1 | amazonlinux |
rubygem19-bigdecimal
|
< 1.1.0-29.38.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/ruby19?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
ruby19
|
< 1.9.3.392-29.38.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/ruby19?arch=i686&distro=amazonlinux-1 | amazonlinux |
ruby19
|
< 1.9.3.392-29.38.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/ruby19-libs?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
ruby19-libs
|
< 1.9.3.392-29.38.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/ruby19-libs?arch=i686&distro=amazonlinux-1 | amazonlinux |
ruby19-libs
|
< 1.9.3.392-29.38.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/ruby19-irb?arch=noarch&distro=amazonlinux-1 | amazonlinux |
ruby19-irb
|
< 1.9.3.392-29.38.amzn1 | amazonlinux-1 | noarch | |
| Affected | pkg:rpm/amazonlinux/ruby19-doc?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
ruby19-doc
|
< 1.9.3.392-29.38.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/ruby19-doc?arch=i686&distro=amazonlinux-1 | amazonlinux |
ruby19-doc
|
< 1.9.3.392-29.38.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/ruby19-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
ruby19-devel
|
< 1.9.3.392-29.38.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/ruby19-devel?arch=i686&distro=amazonlinux-1 | amazonlinux |
ruby19-devel
|
< 1.9.3.392-29.38.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/ruby19-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
ruby19-debuginfo
|
< 1.9.3.392-29.38.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/ruby19-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
ruby19-debuginfo
|
< 1.9.3.392-29.38.amzn1 | amazonlinux-1 | i686 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |