OVAL Reference oval:org.mitre.oval:def:23823

Oval Definition:

oval:org.mitre.oval:def:23823

Revision Date:	2014-05-26	Version:	22
Title:	ELSA-2013:0612: ruby security update (Moderate)
Description:	lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
Family:	unix	Class:	patch
Status:	ACCEPTED	Reference(s):	CVE-2012-4481 CVE-2013-1821 ELSA-2013:0612-01
Platform(s):	Oracle Linux 6	Product(s):	ruby
Definition Synopsis
Oracle Linux 6.x AND rpm test ruby is earlier than 0:1.8.7.352-10.el6_4 OR ruby-rdoc is earlier than 0:1.8.7.352-10.el6_4 OR ruby-devel is earlier than 0:1.8.7.352-10.el6_4 OR ruby-tcltk is earlier than 0:1.8.7.352-10.el6_4 OR ruby-docs is earlier than 0:1.8.7.352-10.el6_4 OR ruby-static is earlier than 0:1.8.7.352-10.el6_4 OR ruby-irb is earlier than 0:1.8.7.352-10.el6_4 OR ruby-libs is earlier than 0:1.8.7.352-10.el6_4 OR ruby-ri is earlier than 0:1.8.7.352-10.el6_4