[El-errata] ELSA-2014-1912 Moderate: Oracle Linux 7 ruby security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Wed Nov 26 19:39:23 PST 2014
Oracle Linux Security Advisory ELSA-2014-1912
https://rhn.redhat.com/errata/RHSA-2014-1912.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
ruby-2.0.0.353-22.el7_0.x86_64.rpm
ruby-devel-2.0.0.353-22.el7_0.x86_64.rpm
ruby-doc-2.0.0.353-22.el7_0.noarch.rpm
ruby-irb-2.0.0.353-22.el7_0.noarch.rpm
ruby-libs-2.0.0.353-22.el7_0.i686.rpm
ruby-libs-2.0.0.353-22.el7_0.x86_64.rpm
ruby-tcltk-2.0.0.353-22.el7_0.x86_64.rpm
rubygem-bigdecimal-1.2.0-22.el7_0.x86_64.rpm
rubygem-io-console-0.4.2-22.el7_0.x86_64.rpm
rubygem-json-1.7.7-22.el7_0.x86_64.rpm
rubygem-minitest-4.3.2-22.el7_0.noarch.rpm
rubygem-psych-2.0.0-22.el7_0.x86_64.rpm
rubygem-rake-0.9.6-22.el7_0.noarch.rpm
rubygem-rdoc-4.0.0-22.el7_0.noarch.rpm
rubygems-2.0.14-22.el7_0.noarch.rpm
rubygems-devel-2.0.14-22.el7_0.noarch.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/ruby-2.0.0.353-22.el7_0.src.rpm
Description of changes:
[2.0.0.353-22]
- Fix REXML billion laughs attack via parameter entity expansion
(CVE-2014-8080).
Resolves: rhbz#1163998
- REXML incomplete fix for CVE-2014-8080 (CVE-2014-8090).
Resolves: rhbz#1163998
[2.0.0.353-21]
- Fix off-by-one stack-based buffer overflow in the encodes() function
(CVE-2014-4975)
Resolves: rhbz#1163998
[2.0.0.353-21]
- Fix FTBFS with new tzdata
Related: rhbz#1163998
More information about the El-errata
mailing list