Novell Home

CVE-2013-1821

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-1821 at MITRE

Description

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Novell/SUSE information

Novell Bugzilla entries: 808137, 876588

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T
SUSE Linux Enterprise Desktop 10 SP4 for x86
  • ruby >= 1.8.6.p369-0.14.1
Builds
ZYPP Patch Nr: 8524
SLE SDK 10 SP4 for IBM iSeries and IBM pSeries
SLE SDK 10 SP4 for IBM zSeries
SLE SDK 10 SP4 for IPF
SLE SDK 10 SP4 for X86-64
SLE SDK 10 SP4 for x86
  • ruby >= 1.8.6.p369-0.14.1
  • ruby-devel >= 1.8.6.p369-0.14.1
  • ruby-doc-html >= 1.8.6.p369-0.14.1
  • ruby-doc-ri >= 1.8.6.p369-0.14.1
  • ruby-examples >= 1.8.6.p369-0.14.1
  • ruby-test-suite >= 1.8.6.p369-0.14.1
  • ruby-tk >= 1.8.6.p369-0.14.1
Builds
ZYPP Patch Nr: 8524
SUSE Linux Enterprise Software Development Kit 11 SP3
  • ruby-devel >= 1.8.7.p357-0.9.15.1
  • ruby-doc-html >= 1.8.7.p357-0.9.15.1
  • ruby-doc-ri >= 1.8.7.p357-0.9.15.1
  • ruby-examples >= 1.8.7.p357-0.9.15.1
  • ruby-test-suite >= 1.8.7.p357-0.9.15.1
  • ruby-tk >= 1.8.7.p357-0.9.15.1
Builds
SAT Patch Nr: 9136
SUSE Linux Enterprise Desktop 11 SP3
  • ruby >= 1.8.7.p357-0.9.15.1
Builds
SAT Patch Nr: 9136
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • ruby >= 1.8.7.p357-0.9.15.1
  • ruby-doc-html >= 1.8.7.p357-0.9.15.1
  • ruby-tk >= 1.8.7.p357-0.9.15.1
Builds
SAT Patch Nr: 9136
SUSE Linux Enterprise Server 11 SP1
  • ruby-debuginfo >= 1.8.7.p357-0.9.15.1
Builds
SAT Patch Nr: 9135
SUSE Linux Enterprise Server 11 SP1 LTSS
  • ruby >= 1.8.7.p357-0.9.15.6
  • ruby-doc-html >= 1.8.7.p357-0.9.15.6
  • ruby-tk >= 1.8.7.p357-0.9.15.6
Builds
SAT Patch Nr: 9312
SUSE Linux Enterprise Server 11 SP2 LTSS
  • ruby >= 1.8.7.p357-0.9.15.6
  • ruby-doc-html >= 1.8.7.p357-0.9.15.6
  • ruby-tk >= 1.8.7.p357-0.9.15.6
Builds
SAT Patch Nr: 9313

© 2014 Novell