XML denial of service vulnerability
Bug #1190491 reported by
Christian Kuersteiner
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libopenid-ruby (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Medium
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Unassigned | ||
Quantal |
Invalid
|
Undecided
|
Unassigned | ||
Raring |
Invalid
|
Undecided
|
Unassigned | ||
Saucy |
Invalid
|
Undecided
|
Unassigned | ||
ruby-openid (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Invalid
|
Undecided
|
Unassigned | ||
Quantal |
Fix Released
|
Medium
|
Unassigned | ||
Raring |
Fix Released
|
Undecided
|
Unassigned | ||
Saucy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
libopenid-ruby is affected by a XML denial of service (Entity Expansion Attack / out of memory) attack.
See: https:/
Patch:
https:/
CVE References
information type: | Private Security → Public Security |
Changed in ruby-openid (Ubuntu Lucid): | |
status: | New → Invalid |
Changed in ruby-openid (Ubuntu Precise): | |
status: | New → Invalid |
Changed in ruby-openid (Ubuntu Raring): | |
status: | New → Fix Released |
Changed in ruby-openid (Ubuntu Saucy): | |
status: | New → Fix Released |
Changed in ruby-openid (Ubuntu Quantal): | |
importance: | Undecided → Medium |
status: | New → Confirmed |
Changed in libopenid-ruby (Ubuntu Lucid): | |
importance: | Undecided → Medium |
status: | New → Confirmed |
Changed in libopenid-ruby (Ubuntu Precise): | |
importance: | Undecided → Medium |
status: | New → Confirmed |
Changed in libopenid-ruby (Ubuntu Quantal): | |
status: | New → Invalid |
Changed in libopenid-ruby (Ubuntu Raring): | |
status: | New → Invalid |
Changed in libopenid-ruby (Ubuntu Saucy): | |
status: | New → Invalid |
Changed in libopenid-ruby (Ubuntu): | |
status: | Invalid → Incomplete |
Changed in ruby-openid (Ubuntu): | |
status: | Fix Released → Incomplete |
Changed in libopenid-ruby (Ubuntu Lucid): | |
status: | Confirmed → Incomplete |
Changed in ruby-openid (Ubuntu Lucid): | |
status: | Invalid → Incomplete |
Changed in libopenid-ruby (Ubuntu Precise): | |
status: | Confirmed → Incomplete |
Changed in ruby-openid (Ubuntu Precise): | |
status: | Invalid → Incomplete |
Changed in libopenid-ruby (Ubuntu Quantal): | |
status: | Invalid → Incomplete |
Changed in ruby-openid (Ubuntu Quantal): | |
status: | Confirmed → Incomplete |
Changed in libopenid-ruby (Ubuntu Raring): | |
status: | Invalid → Incomplete |
Changed in ruby-openid (Ubuntu Raring): | |
status: | Fix Released → Incomplete |
Changed in libopenid-ruby (Ubuntu Lucid): | |
status: | Incomplete → Confirmed |
Changed in libopenid-ruby (Ubuntu Precise): | |
status: | Incomplete → Confirmed |
Changed in libopenid-ruby (Ubuntu Quantal): | |
status: | Incomplete → Invalid |
Changed in libopenid-ruby (Ubuntu Raring): | |
status: | Incomplete → Invalid |
Changed in libopenid-ruby (Ubuntu Saucy): | |
status: | Incomplete → Invalid |
Changed in ruby-openid (Ubuntu Quantal): | |
status: | Confirmed → Fix Released |
To post a comment you must log in.
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https:/ /wiki.ubuntu. com/SecurityTea m/UpdateProcedu res