ID de Prueba:	1.3.6.1.4.1.25623.1.0.881671
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for ruby CESA-2013:0611 centos5
Resumen:	The remote host is missing an update for the 'ruby'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'ruby' package(s) announced via the referenced advisory. Vulnerability Insight: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially-crafted XML content, which will result in REXML consuming large amounts of system memory. (CVE-2013-1821) All users of Ruby are advised to upgrade to these updated packages, which contain backported patches to resolve this issue. Affected Software/OS: ruby on CentOS 5 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1821 BugTraq ID: 58141 http://www.securityfocus.com/bid/58141 Debian Security Information: DSA-2738 (Google Search) http://www.debian.org/security/2013/dsa-2738 Debian Security Information: DSA-2809 (Google Search) http://www.debian.org/security/2013/dsa-2809 http://www.mandriva.com/security/advisories?name=MDVSA-2013:124 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525 https://bugzilla.redhat.com/show_bug.cgi?id=914716 http://www.openwall.com/lists/oss-security/2013/03/06/5 RedHat Security Advisories: RHSA-2013:0611 http://rhn.redhat.com/errata/RHSA-2013-0611.html RedHat Security Advisories: RHSA-2013:0612 http://rhn.redhat.com/errata/RHSA-2013-0612.html RedHat Security Advisories: RHSA-2013:1028 http://rhn.redhat.com/errata/RHSA-2013-1028.html RedHat Security Advisories: RHSA-2013:1147 http://rhn.redhat.com/errata/RHSA-2013-1147.html http://secunia.com/advisories/52783 http://secunia.com/advisories/52902 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862 SuSE Security Announcement: SUSE-SU-2013:0609 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html SuSE Security Announcement: SUSE-SU-2013:0647 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html SuSE Security Announcement: openSUSE-SU-2013:0603 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html SuSE Security Announcement: openSUSE-SU-2013:0614 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html http://www.ubuntu.com/usn/USN-1780-1
Copyright	Copyright (c) 2013 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.