1. Home
  2. Security Advisories
  3. Fedora
  4. FEDORA-2014-14096

[FEDORA-2014-14096] Fedora 21: ruby

Severity Medium
Affected Packages 1
CVEs 2
Info Packages References Vulnerabilities

Update to Ruby 2.1.4.
Include only vendor directories, not their content (rhbz#1114071).
Fix "invalid regex" warning for non-rubygem packages (rhbz#1154067).
Use load macro introduced in RPM 4.12.

Package Affected Version
pkg:rpm/fedora/ruby?distro=fedora-21 < 2.1.4.24.fc21
ID
FEDORA-2014-14096
Severity
medium
Severity from
CVE-2014-8080
URL
https://bodhi.fedoraproject.org/updates/FEDORA-2014-14096
Published
2014-11-10T06:32:27
(10 years ago)
Modified
2014-11-10T06:32:27
(10 years ago)
Rights
Copyright 2014 Red Hat, Inc.
Other Advisories
Source # ID Name URL
Bugzilla 1157709 Bug #1157709 - CVE-2014-8080 ruby: REXML billion laughs attack via parameter entity expansion https://bugzilla.redhat.com/show_bug.cgi?id=1157709
Bugzilla 1118158 Bug #1118158 - CVE-2014-4975 ruby: off-by-one stack-based buffer overflow in the encodes() function https://bugzilla.redhat.com/show_bug.cgi?id=1118158
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/fedora/ruby?distro=fedora-21 fedora ruby < 2.1.4.24.fc21 fedora-21
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date