MGASA-2014-0443

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0443.html

Import Source

https://advisories.mageia.org/MGASA-2014-0443.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2014-0443

Upstream

CVE-2014-8080

Published

2014-11-14T00:57:44Z

Modified

2026-04-16T06:25:50.635951201Z

Summary

Updated ruby packages fix CVE-2014-8080

Details

Updated ruby packages fix security vulnerability:

Due to unrestricted entity expansion, when reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service (CVE-2014-8080).

The Mageia 3 ruby package has been updated to 1.9.3-p550 and the Mageia 4 ruby package has been updated to 2.0.0-p594 to fix this issue and several other bugs.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:3 / ruby

Package

Name: ruby
Purl: pkg:rpm/mageia/ruby?arch=source&distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9.3.p550-1.mga3

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2014-0443.json"

Mageia:4 / ruby

Package

Name: ruby
Purl: pkg:rpm/mageia/ruby?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.0.p594-1.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2014-0443.json"