[FEDORA-2014-14096] Fedora 21: ruby
Severity
Medium
Affected Packages
1
CVEs
2
Update to Ruby 2.1.4.
Include only vendor directories, not their content (rhbz#1114071).
Fix "invalid regex" warning for non-rubygem packages (rhbz#1154067).
Use load macro introduced in RPM 4.12.
Package | Affected Version |
---|---|
pkg:rpm/fedora/ruby?distro=fedora-21 | < 2.1.4.24.fc21 |
- ID
- FEDORA-2014-14096
- Severity
- medium
- Severity from
- CVE-2014-8080
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2014-14096
- Published
-
2014-11-10T06:32:27
(10 years ago) - Modified
-
2014-11-10T06:32:27
(10 years ago) - Rights
- Copyright 2014 Red Hat, Inc.
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1157709 | Bug #1157709 - CVE-2014-8080 ruby: REXML billion laughs attack via parameter entity expansion | https://bugzilla.redhat.com/show_bug.cgi?id=1157709 |
Bugzilla | 1118158 | Bug #1118158 - CVE-2014-4975 ruby: off-by-one stack-based buffer overflow in the encodes() function | https://bugzilla.redhat.com/show_bug.cgi?id=1118158 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/fedora/ruby?distro=fedora-21 | fedora | ruby | < 2.1.4.24.fc21 | fedora-21 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |