Cross-References: CVE-2013-0269 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________
An update that solves one vulnerability and has 5 fixes is now available.
Description:
The Ruby script interpreter 1.9 has been updated to 1.9.3 p392 fixing various bugs and security issues:
This release includes security fixes about bundled JSON and REXML.
* Denial of Service and Unsafe Object Creation Vulnerability in JSON (CVE-2013-0269) * Entity expansion DoS vulnerability in REXML (XML bomb) * XSS exploit of RDoc documentation generated by rdoc (CVE-2013-0256)
And some small bugfixes are also included see /usr/share/doc/packages/ruby19/Changelog for more details
Also the following bugfix was added:
* added bind_stack.patch: (bnc#796757) Fixes stack boundary issues when embedding Ruby into threaded C code (Ruby bug #229)