Advisories ยป MGASA-2013-0297

Updated ruby-RubyGems package fixes security vulnerabilies

Publication date: 09 Oct 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4287 , CVE-2013-4363

Description

Updated ruby-RubyGems package fixes security vulnerability:

RubyGems validates versions with a regular expression that is vulnerable to
denial of service due to a backtracking regular expression.  For specially
crafted RubyGems versions attackers can cause denial of service through CPU
consumption (CVE-2013-4287, CVE-2013-4363).
                

References

SRPMS

3/core