Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2013-195)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120094

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2013-195)

Resumen: The remote host is missing an update for the 'ruby19' package(s) announced via the ALAS-2013-195 advisory.

Descripción: Summary:
The remote host is missing an update for the 'ruby19' package(s) announced via the ALAS-2013-195 advisory.

Vulnerability Insight:
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.

Affected Software/OS:
'ruby19' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-1821
BugTraq ID: 58141
http://www.securityfocus.com/bid/58141
Debian Security Information: DSA-2738 (Google Search)
http://www.debian.org/security/2013/dsa-2738
Debian Security Information: DSA-2809 (Google Search)
http://www.debian.org/security/2013/dsa-2809
http://www.mandriva.com/security/advisories?name=MDVSA-2013:124
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525
https://bugzilla.redhat.com/show_bug.cgi?id=914716
http://www.openwall.com/lists/oss-security/2013/03/06/5
RedHat Security Advisories: RHSA-2013:0611
http://rhn.redhat.com/errata/RHSA-2013-0611.html
RedHat Security Advisories: RHSA-2013:0612
http://rhn.redhat.com/errata/RHSA-2013-0612.html
RedHat Security Advisories: RHSA-2013:1028
http://rhn.redhat.com/errata/RHSA-2013-1028.html
RedHat Security Advisories: RHSA-2013:1147
http://rhn.redhat.com/errata/RHSA-2013-1147.html
http://secunia.com/advisories/52783
http://secunia.com/advisories/52902
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862
SuSE Security Announcement: SUSE-SU-2013:0609 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html
SuSE Security Announcement: SUSE-SU-2013:0647 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html
SuSE Security Announcement: openSUSE-SU-2013:0603 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html
SuSE Security Announcement: openSUSE-SU-2013:0614 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html
http://www.ubuntu.com/usn/USN-1780-1

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120094
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2013-195)
Resumen:	The remote host is missing an update for the 'ruby19' package(s) announced via the ALAS-2013-195 advisory.
Descripción:	Summary: The remote host is missing an update for the 'ruby19' package(s) announced via the ALAS-2013-195 advisory. Vulnerability Insight: lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack. Affected Software/OS: 'ruby19' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1821 BugTraq ID: 58141 http://www.securityfocus.com/bid/58141 Debian Security Information: DSA-2738 (Google Search) http://www.debian.org/security/2013/dsa-2738 Debian Security Information: DSA-2809 (Google Search) http://www.debian.org/security/2013/dsa-2809 http://www.mandriva.com/security/advisories?name=MDVSA-2013:124 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525 https://bugzilla.redhat.com/show_bug.cgi?id=914716 http://www.openwall.com/lists/oss-security/2013/03/06/5 RedHat Security Advisories: RHSA-2013:0611 http://rhn.redhat.com/errata/RHSA-2013-0611.html RedHat Security Advisories: RHSA-2013:0612 http://rhn.redhat.com/errata/RHSA-2013-0612.html RedHat Security Advisories: RHSA-2013:1028 http://rhn.redhat.com/errata/RHSA-2013-1028.html RedHat Security Advisories: RHSA-2013:1147 http://rhn.redhat.com/errata/RHSA-2013-1147.html http://secunia.com/advisories/52783 http://secunia.com/advisories/52902 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862 SuSE Security Announcement: SUSE-SU-2013:0609 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html SuSE Security Announcement: SUSE-SU-2013:0647 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html SuSE Security Announcement: openSUSE-SU-2013:0603 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html SuSE Security Announcement: openSUSE-SU-2013:0614 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html http://www.ubuntu.com/usn/USN-1780-1
Copyright	Copyright (C) 2015 Greenbone AG