Synopsis:          Moderate: ruby security update
Advisory ID:       SLSA-2014:1911-1
Issue Date:        2014-11-26
CVE Numbers:       CVE-2014-8080
                   CVE-2014-8090
--

Multiple denial of service flaws were found in the way the Ruby REXML XML
parser performed expansion of parameter entities. A specially crafted XML
document could cause REXML to use an excessive amount of CPU and memory.
(CVE-2014-8080, CVE-2014-8090)

All running instances of Ruby need to be restarted for this update to take
effect.
--

SL6
  x86_64
    ruby-1.8.7.374-3.el6_6.x86_64.rpm
    ruby-debuginfo-1.8.7.374-3.el6_6.i686.rpm
    ruby-debuginfo-1.8.7.374-3.el6_6.x86_64.rpm
    ruby-devel-1.8.7.374-3.el6_6.i686.rpm
    ruby-devel-1.8.7.374-3.el6_6.x86_64.rpm
    ruby-irb-1.8.7.374-3.el6_6.x86_64.rpm
    ruby-libs-1.8.7.374-3.el6_6.i686.rpm
    ruby-libs-1.8.7.374-3.el6_6.x86_64.rpm
    ruby-rdoc-1.8.7.374-3.el6_6.x86_64.rpm
    ruby-docs-1.8.7.374-3.el6_6.x86_64.rpm
    ruby-ri-1.8.7.374-3.el6_6.x86_64.rpm
    ruby-static-1.8.7.374-3.el6_6.x86_64.rpm
    ruby-tcltk-1.8.7.374-3.el6_6.x86_64.rpm
  i386
    ruby-1.8.7.374-3.el6_6.i686.rpm
    ruby-debuginfo-1.8.7.374-3.el6_6.i686.rpm
    ruby-devel-1.8.7.374-3.el6_6.i686.rpm
    ruby-irb-1.8.7.374-3.el6_6.i686.rpm
    ruby-libs-1.8.7.374-3.el6_6.i686.rpm
    ruby-rdoc-1.8.7.374-3.el6_6.i686.rpm
    ruby-docs-1.8.7.374-3.el6_6.i686.rpm
    ruby-ri-1.8.7.374-3.el6_6.i686.rpm
    ruby-static-1.8.7.374-3.el6_6.i686.rpm
    ruby-tcltk-1.8.7.374-3.el6_6.i686.rpm

- Scientific Linux Development Team