OVAL Reference oval:com.ubuntu.precise:def:20130156000

Oval Definition:

oval:com.ubuntu.precise:def:20130156000

Revision Date:	2013-01-13	Version:	1
Title:	CVE-2013-0156 on Ubuntu 12.04 LTS (precise) - high.
Description:	active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2013-0156
Platform(s):	Ubuntu 12.04 LTS	Product(s):
Definition Synopsis
Ubuntu 12.04 LTS (precise) is installed. AND Package Information The 'libextlib-ruby' package in precise was vulnerable but has been fixed (note: '0.9.13-2+deb6u1build0.12.04.1'). OR NOT While related to the CVE in some way, the 'rails' package in precise is not affected (note: 'contains no code'). OR The 'ruby-activesupport-2.3' package in precise was vulnerable but has been fixed (note: '2.3.14-2ubuntu0.12.04.1').