1. Home
  2. Security Advisories
  3. Red Hat
  4. RHSA-2014:1912

[RHSA-2014:1912] ruby security update

Severity Moderate
Affected Packages 34
CVEs 3
Info Packages References Vulnerabilities

Ruby is an extensible, interpreted, object-oriented, scripting language.
It has features to process text files and to perform system management
tasks.

Multiple denial of service flaws were found in the way the Ruby REXML XML
parser performed expansion of parameter entities. A specially crafted XML
document could cause REXML to use an excessive amount of CPU and memory.
(CVE-2014-8080, CVE-2014-8090)

A stack-based buffer overflow was found in the implementation of the Ruby
Array pack() method. When performing base64 encoding, a single byte could
be written past the end of the buffer, possibly causing Ruby to crash.
(CVE-2014-4975)

The CVE-2014-8090 issue was discovered by Red Hat Product Security.

All ruby users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All running instances
of Ruby need to be restarted for this update to take effect.

Package Affected Version
pkg:rpm/redhat/rubygems?distro=redhat-7.0 < 2.0.14-22.el7_0
pkg:rpm/redhat/rubygems-devel?distro=redhat-7.0 < 2.0.14-22.el7_0
pkg:rpm/redhat/rubygem-rdoc?distro=redhat-7.0 < 4.0.0-22.el7_0
pkg:rpm/redhat/rubygem-rake?distro=redhat-7.0 < 0.9.6-22.el7_0
pkg:rpm/redhat/rubygem-psych?arch=x86_64&distro=redhat-7.0 < 2.0.0-22.el7_0
pkg:rpm/redhat/rubygem-psych?arch=s390x&distro=redhat-7.0 < 2.0.0-22.el7_0
pkg:rpm/redhat/rubygem-psych?arch=ppc64&distro=redhat-7.0 < 2.0.0-22.el7_0
pkg:rpm/redhat/rubygem-minitest?distro=redhat-7.0 < 4.3.2-22.el7_0
pkg:rpm/redhat/rubygem-json?arch=x86_64&distro=redhat-7.0 < 1.7.7-22.el7_0
pkg:rpm/redhat/rubygem-json?arch=s390x&distro=redhat-7.0 < 1.7.7-22.el7_0
pkg:rpm/redhat/rubygem-json?arch=ppc64&distro=redhat-7.0 < 1.7.7-22.el7_0
pkg:rpm/redhat/rubygem-io-console?arch=x86_64&distro=redhat-7.0 < 0.4.2-22.el7_0
pkg:rpm/redhat/rubygem-io-console?arch=s390x&distro=redhat-7.0 < 0.4.2-22.el7_0
pkg:rpm/redhat/rubygem-io-console?arch=ppc64&distro=redhat-7.0 < 0.4.2-22.el7_0
pkg:rpm/redhat/rubygem-bigdecimal?arch=x86_64&distro=redhat-7.0 < 1.2.0-22.el7_0
pkg:rpm/redhat/rubygem-bigdecimal?arch=s390x&distro=redhat-7.0 < 1.2.0-22.el7_0
pkg:rpm/redhat/rubygem-bigdecimal?arch=ppc64&distro=redhat-7.0 < 1.2.0-22.el7_0
pkg:rpm/redhat/ruby?arch=x86_64&distro=redhat-7.0 < 2.0.0.353-22.el7_0
pkg:rpm/redhat/ruby?arch=s390x&distro=redhat-7.0 < 2.0.0.353-22.el7_0
pkg:rpm/redhat/ruby?arch=ppc64&distro=redhat-7.0 < 2.0.0.353-22.el7_0
pkg:rpm/redhat/ruby-tcltk?arch=x86_64&distro=redhat-7.0 < 2.0.0.353-22.el7_0
pkg:rpm/redhat/ruby-tcltk?arch=s390x&distro=redhat-7.0 < 2.0.0.353-22.el7_0
pkg:rpm/redhat/ruby-tcltk?arch=ppc64&distro=redhat-7.0 < 2.0.0.353-22.el7_0
pkg:rpm/redhat/ruby-libs?arch=x86_64&distro=redhat-7.0 < 2.0.0.353-22.el7_0
pkg:rpm/redhat/ruby-libs?arch=s390x&distro=redhat-7.0 < 2.0.0.353-22.el7_0
pkg:rpm/redhat/ruby-libs?arch=s390&distro=redhat-7.0 < 2.0.0.353-22.el7_0
pkg:rpm/redhat/ruby-libs?arch=ppc64&distro=redhat-7.0 < 2.0.0.353-22.el7_0
pkg:rpm/redhat/ruby-libs?arch=ppc&distro=redhat-7.0 < 2.0.0.353-22.el7_0
pkg:rpm/redhat/ruby-libs?arch=i686&distro=redhat-7.0 < 2.0.0.353-22.el7_0
pkg:rpm/redhat/ruby-irb?distro=redhat-7.0 < 2.0.0.353-22.el7_0
pkg:rpm/redhat/ruby-doc?distro=redhat-7.0 < 2.0.0.353-22.el7_0
pkg:rpm/redhat/ruby-devel?arch=x86_64&distro=redhat-7.0 < 2.0.0.353-22.el7_0
pkg:rpm/redhat/ruby-devel?arch=s390x&distro=redhat-7.0 < 2.0.0.353-22.el7_0
pkg:rpm/redhat/ruby-devel?arch=ppc64&distro=redhat-7.0 < 2.0.0.353-22.el7_0
ID
RHSA-2014:1912
Severity
moderate
URL
https://access.redhat.com/errata/RHSA-2014:1912
Published
2014-11-26T00:00:00
(9 years ago)
Modified
2014-11-26T00:00:00
(9 years ago)
Rights
Copyright 2014 Red Hat, Inc.
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/redhat/rubygems?distro=redhat-7.0 redhat rubygems < 2.0.14-22.el7_0 redhat-7.0
Affected pkg:rpm/redhat/rubygems-devel?distro=redhat-7.0 redhat rubygems-devel < 2.0.14-22.el7_0 redhat-7.0
Affected pkg:rpm/redhat/rubygem-rdoc?distro=redhat-7.0 redhat rubygem-rdoc < 4.0.0-22.el7_0 redhat-7.0
Affected pkg:rpm/redhat/rubygem-rake?distro=redhat-7.0 redhat rubygem-rake < 0.9.6-22.el7_0 redhat-7.0
Affected pkg:rpm/redhat/rubygem-psych?arch=x86_64&distro=redhat-7.0 redhat rubygem-psych < 2.0.0-22.el7_0 redhat-7.0 x86_64
Affected pkg:rpm/redhat/rubygem-psych?arch=s390x&distro=redhat-7.0 redhat rubygem-psych < 2.0.0-22.el7_0 redhat-7.0 s390x
Affected pkg:rpm/redhat/rubygem-psych?arch=ppc64&distro=redhat-7.0 redhat rubygem-psych < 2.0.0-22.el7_0 redhat-7.0 ppc64
Affected pkg:rpm/redhat/rubygem-minitest?distro=redhat-7.0 redhat rubygem-minitest < 4.3.2-22.el7_0 redhat-7.0
Affected pkg:rpm/redhat/rubygem-json?arch=x86_64&distro=redhat-7.0 redhat rubygem-json < 1.7.7-22.el7_0 redhat-7.0 x86_64
Affected pkg:rpm/redhat/rubygem-json?arch=s390x&distro=redhat-7.0 redhat rubygem-json < 1.7.7-22.el7_0 redhat-7.0 s390x
Affected pkg:rpm/redhat/rubygem-json?arch=ppc64&distro=redhat-7.0 redhat rubygem-json < 1.7.7-22.el7_0 redhat-7.0 ppc64
Affected pkg:rpm/redhat/rubygem-io-console?arch=x86_64&distro=redhat-7.0 redhat rubygem-io-console < 0.4.2-22.el7_0 redhat-7.0 x86_64
Affected pkg:rpm/redhat/rubygem-io-console?arch=s390x&distro=redhat-7.0 redhat rubygem-io-console < 0.4.2-22.el7_0 redhat-7.0 s390x
Affected pkg:rpm/redhat/rubygem-io-console?arch=ppc64&distro=redhat-7.0 redhat rubygem-io-console < 0.4.2-22.el7_0 redhat-7.0 ppc64
Affected pkg:rpm/redhat/rubygem-bigdecimal?arch=x86_64&distro=redhat-7.0 redhat rubygem-bigdecimal < 1.2.0-22.el7_0 redhat-7.0 x86_64
Affected pkg:rpm/redhat/rubygem-bigdecimal?arch=s390x&distro=redhat-7.0 redhat rubygem-bigdecimal < 1.2.0-22.el7_0 redhat-7.0 s390x
Affected pkg:rpm/redhat/rubygem-bigdecimal?arch=ppc64&distro=redhat-7.0 redhat rubygem-bigdecimal < 1.2.0-22.el7_0 redhat-7.0 ppc64
Affected pkg:rpm/redhat/ruby?arch=x86_64&distro=redhat-7.0 redhat ruby < 2.0.0.353-22.el7_0 redhat-7.0 x86_64
Affected pkg:rpm/redhat/ruby?arch=s390x&distro=redhat-7.0 redhat ruby < 2.0.0.353-22.el7_0 redhat-7.0 s390x
Affected pkg:rpm/redhat/ruby?arch=ppc64&distro=redhat-7.0 redhat ruby < 2.0.0.353-22.el7_0 redhat-7.0 ppc64
Affected pkg:rpm/redhat/ruby-tcltk?arch=x86_64&distro=redhat-7.0 redhat ruby-tcltk < 2.0.0.353-22.el7_0 redhat-7.0 x86_64
Affected pkg:rpm/redhat/ruby-tcltk?arch=s390x&distro=redhat-7.0 redhat ruby-tcltk < 2.0.0.353-22.el7_0 redhat-7.0 s390x
Affected pkg:rpm/redhat/ruby-tcltk?arch=ppc64&distro=redhat-7.0 redhat ruby-tcltk < 2.0.0.353-22.el7_0 redhat-7.0 ppc64
Affected pkg:rpm/redhat/ruby-libs?arch=x86_64&distro=redhat-7.0 redhat ruby-libs < 2.0.0.353-22.el7_0 redhat-7.0 x86_64
Affected pkg:rpm/redhat/ruby-libs?arch=s390x&distro=redhat-7.0 redhat ruby-libs < 2.0.0.353-22.el7_0 redhat-7.0 s390x
Affected pkg:rpm/redhat/ruby-libs?arch=s390&distro=redhat-7.0 redhat ruby-libs < 2.0.0.353-22.el7_0 redhat-7.0 s390
Affected pkg:rpm/redhat/ruby-libs?arch=ppc64&distro=redhat-7.0 redhat ruby-libs < 2.0.0.353-22.el7_0 redhat-7.0 ppc64
Affected pkg:rpm/redhat/ruby-libs?arch=ppc&distro=redhat-7.0 redhat ruby-libs < 2.0.0.353-22.el7_0 redhat-7.0 ppc
Affected pkg:rpm/redhat/ruby-libs?arch=i686&distro=redhat-7.0 redhat ruby-libs < 2.0.0.353-22.el7_0 redhat-7.0 i686
Affected pkg:rpm/redhat/ruby-irb?distro=redhat-7.0 redhat ruby-irb < 2.0.0.353-22.el7_0 redhat-7.0
Affected pkg:rpm/redhat/ruby-doc?distro=redhat-7.0 redhat ruby-doc < 2.0.0.353-22.el7_0 redhat-7.0
Affected pkg:rpm/redhat/ruby-devel?arch=x86_64&distro=redhat-7.0 redhat ruby-devel < 2.0.0.353-22.el7_0 redhat-7.0 x86_64
Affected pkg:rpm/redhat/ruby-devel?arch=s390x&distro=redhat-7.0 redhat ruby-devel < 2.0.0.353-22.el7_0 redhat-7.0 s390x
Affected pkg:rpm/redhat/ruby-devel?arch=ppc64&distro=redhat-7.0 redhat ruby-devel < 2.0.0.353-22.el7_0 redhat-7.0 ppc64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date