Fixed vulnerabilities:
- CVE-2014-8080 (VulnLIB link), CVE-2014-8090 (VulnLIB link) The REXML parser could be coerced into allocating large string objects that could consume all available memory on the system. This could allow remote attackers to cause a denial of service (crash).
Affected distribution:
- Debian 7 / wheezy
- Debian 8 / jessie
Affected Packages:
- ruby1.8
Solution:
- Check VulnLIB for fixes for CVEs listed above and publisher advisory listed under source.
Source:
Wednesday, 11.02.2015
Debian Security Advisory DSA-3159-1
Geposted von Ali Elci
Ali Elci is an IT security specialist with more than 16 years of experience consulting for government and industry, an advocate for transparency and standardization in security reporting, and the founder of Ciproc GmbH.
VulnLIB Enterprise Auditor ist ein leistungsfähiges, innovatives Tool, welches eine umfassende, tagesaktuelle Kontrolle über fehlende Sicherheitsupdates einer kompletten IT-Infrastruktur bereitstellen kann; gleichzeitig liefert es spezifische Empfehlungen für Patches und Upgrades der Softwarehersteller.
mehr