Test ID:	1.3.6.1.4.1.25623.1.1.10.2014.0472
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2014-0472)
Summary:	The remote host is missing an update for the 'ruby' package(s) announced via the MGASA-2014-0472 advisory.
Description:	Summary: The remote host is missing an update for the 'ruby' package(s) announced via the MGASA-2014-0472 advisory. Vulnerability Insight: Will Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service (CVE-2014-4975). Due to an incomplete fix for CVE-2014-8080, 100% CPU utilization can occur as a result of recursive expansion with an empty String. When reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service (CVE-2014-8090). Affected Software/OS: 'ruby' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-4975 BugTraq ID: 68474 http://www.securityfocus.com/bid/68474 Debian Security Information: DSA-3157 (Google Search) http://www.debian.org/security/2015/dsa-3157 http://www.mandriva.com/security/advisories?name=MDVSA-2015:129 http://www.openwall.com/lists/oss-security/2014/07/09/13 RedHat Security Advisories: RHSA-2014:1912 http://rhn.redhat.com/errata/RHSA-2014-1912.html RedHat Security Advisories: RHSA-2014:1913 http://rhn.redhat.com/errata/RHSA-2014-1913.html RedHat Security Advisories: RHSA-2014:1914 http://rhn.redhat.com/errata/RHSA-2014-1914.html http://www.ubuntu.com/usn/USN-2397-1 XForce ISS Database: ruby-cve20144975-bo(94706) https://exchange.xforce.ibmcloud.com/vulnerabilities/94706 Common Vulnerability Exposure (CVE) ID: CVE-2014-8090 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html BugTraq ID: 71230 http://www.securityfocus.com/bid/71230 Debian Security Information: DSA-3159 (Google Search) http://www.debian.org/security/2015/dsa-3159 RedHat Security Advisories: RHSA-2014:1911 http://rhn.redhat.com/errata/RHSA-2014-1911.html http://secunia.com/advisories/59948 http://secunia.com/advisories/62050 http://secunia.com/advisories/62748 SuSE Security Announcement: openSUSE-SU-2014:1589 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html SuSE Security Announcement: openSUSE-SU-2015:0002 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html SuSE Security Announcement: openSUSE-SU-2015:0007 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html http://www.ubuntu.com/usn/USN-2412-1
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.