Updated ruby-RubyGems package fixes security vulnerabilies
Publication date: 09 Oct 2013Modification date: 09 Oct 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4287 , CVE-2013-4363
Description
Updated ruby-RubyGems package fixes security vulnerability: RubyGems validates versions with a regular expression that is vulnerable to denial of service due to a backtracking regular expression. For specially crafted RubyGems versions attackers can cause denial of service through CPU consumption (CVE-2013-4287, CVE-2013-4363).
References
- https://bugs.mageia.org/show_bug.cgi?id=11276
- http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html
- http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html
- https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115886.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4287
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4287
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4363
SRPMS
3/core
- ruby-RubyGems-1.8.27-1.mga3