Fedora 21 Security Update: ruby-2.1.4-24.fc21

Resolved Bugs
1114071 – ruby-libs conflicts with rubygem-pysch
1144367 – ruby-2.1.3 is available
1120856 – CVE-2014-4975 ruby: off-by-one stack-based buffer overflow in the encodes() function [fedora-all]
1157709 – CVE-2014-8080 ruby: REXML billion laughs attack via parameter entity expansion
1157936 – CVE-2014-8080 ruby: Denial Of Service XML Expansion [fedora-all]
1118158 – CVE-2014-4975 ruby: off-by-one stack-based buffer overflow in the encodes() function<br
Update to Ruby 2.1.4.
Include only vendor directories, not their content (rhbz#1114071).
Fix “invalid regex” warning for non-rubygem packages (rhbz#1154067).
Use load macro introduced in RPM 4.12.

007 Software

Fedora 21 Security Update: ruby-2.1.4-24.fc21

Leave a Reply Cancel reply

Software and Security Information