| Errata ID | 4 |
|---|---|
| Date | 2013-12-09 |
| Source package | ruby1.8 |
| Fixed in version | 1.8.7.302-2.27.201312030756 |
| Description | Multiple security issues have been fixed in Ruby: * The expansion of XML entities isn't limited, allowing DoS (CVE-2013-1821) * Incorrect validation of SSL certificates with NULL bytes in the hostname (CVE-2013-4073) * Buffer overflow in the floating point parsing code for strtod() (CVE-2013-4164) |
| Additional notes | This update fixes these vulnerabilities. |
| CVE ID | CVE-2013-1821 CVE-2013-4073 CVE-2013-4164 |
