Oracle alert ELSA-2014-1912 (ruby)
| From: | Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> | |
| To: | el-errata@oss.oracle.com | |
| Subject: | [El-errata] ELSA-2014-1912 Moderate: Oracle Linux 7 ruby security update | |
| Date: | Wed, 26 Nov 2014 19:39:23 -0800 | |
| Message-ID: | <54769CEB.1000908@oracle.com> |
Oracle Linux Security Advisory ELSA-2014-1912 https://rhn.redhat.com/errata/RHSA-2014-1912.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: ruby-2.0.0.353-22.el7_0.x86_64.rpm ruby-devel-2.0.0.353-22.el7_0.x86_64.rpm ruby-doc-2.0.0.353-22.el7_0.noarch.rpm ruby-irb-2.0.0.353-22.el7_0.noarch.rpm ruby-libs-2.0.0.353-22.el7_0.i686.rpm ruby-libs-2.0.0.353-22.el7_0.x86_64.rpm ruby-tcltk-2.0.0.353-22.el7_0.x86_64.rpm rubygem-bigdecimal-1.2.0-22.el7_0.x86_64.rpm rubygem-io-console-0.4.2-22.el7_0.x86_64.rpm rubygem-json-1.7.7-22.el7_0.x86_64.rpm rubygem-minitest-4.3.2-22.el7_0.noarch.rpm rubygem-psych-2.0.0-22.el7_0.x86_64.rpm rubygem-rake-0.9.6-22.el7_0.noarch.rpm rubygem-rdoc-4.0.0-22.el7_0.noarch.rpm rubygems-2.0.14-22.el7_0.noarch.rpm rubygems-devel-2.0.14-22.el7_0.noarch.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/ruby-2.0.0.353-22... Description of changes: [2.0.0.353-22] - Fix REXML billion laughs attack via parameter entity expansion (CVE-2014-8080). Resolves: rhbz#1163998 - REXML incomplete fix for CVE-2014-8080 (CVE-2014-8090). Resolves: rhbz#1163998 [2.0.0.353-21] - Fix off-by-one stack-based buffer overflow in the encodes() function (CVE-2014-4975) Resolves: rhbz#1163998 [2.0.0.353-21] - Fix FTBFS with new tzdata Related: rhbz#1163998 _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata