10844 – CVE-2013-1821: ruby - entity expansion DoS vulnerability in REXML

Bug 10844 - CVE-2013-1821: ruby - entity expansion DoS vulnerability in REXML

Summary: CVE-2013-1821: ruby - entity expansion DoS vulnerability in REXML

Status:	RESOLVED DUPLICATE of bug 9300

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	2
Hardware:	i586 Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:	Sec team

URL:	http://cve.mitre.org/cgi-bin/cvename....
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-07-26 10:49 CEST by Oden Eriksson
Modified:	2013-07-26 17:43 CEST (History)
CC List:	1 user (show)

See Also:
Source RPM:	ruby
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Oden Eriksson 2013-07-26 10:49:37 CEST

Name: CVE-2013-1821
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1821
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130306 CVE for Ruby Entity expansion DoS
vulnerability in REXML (XML bomb)
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/06/5
Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525
Reference: MISC:https://bugzilla.redhat.com/show_bug.cgi?id=914716
Reference:
CONFIRM:http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384
Reference:
CONFIRM:http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/
Reference: REDHAT:RHSA-2013:0611
Reference: URL:http://rhn.redhat.com/errata/RHSA-2013-0611.html
Reference: SLACKWARE:SSA:2013-075-01
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2013-03/0104.html
Reference: SUSE:openSUSE-SU-2013:0603
Reference: URL:http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html
Reference: SUSE:openSUSE-SU-2013:0614
Reference: URL:http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html
Reference: UBUNTU:USN-1780-1
Reference: URL:http://www.ubuntu.com/usn/USN-1780-1
Reference: SECUNIA:52783
Reference: URL:http://secunia.com/advisories/52783
Reference: SECUNIA:52902
Reference: URL:http://secunia.com/advisories/52902

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows
remote attackers to cause a denial of service (memory consumption and
crash) via crafted text nodes in an XML document, aka an XML Entity
Expansion (XEE) attack.

Reproducible: 

Steps to Reproduce:

Comment 1 Oden Eriksson 2013-07-26 10:52:03 CEST

NOTE: this is fixed in updates_testing/ruby-1.8.7.p358-1.3.mga2.src.rpm with:

ruby-2.0.0-add-missing-rexml-require.patch
ruby-2.0.0-entity-expansion-DoS-vulnerability-in-REXML.patch

Comment 2 Oden Eriksson 2013-07-26 10:58:35 CEST

How I hate the mga rpm changelogs...

Status: NEW => RESOLVED
Resolution: (none) => INVALID

Comment 3 David Walser 2013-07-26 17:38:27 CEST

Fixed in Bug 9300.

Oden, forget about the package changelogs.

Bugzilla has this nice search feature.

Go to the Search page, make sure you have Advanced Search selected (tab at top).

Under Status:, hold the Ctrl key and click on RESOLVED.

Then search for the package name you're interested in.

Almost all of the security bugs have the CVE(s) at the end of the bug name.

*** This bug has been marked as a duplicate of bug 9300 ***

CC: (none) => luigiwalser
Resolution: INVALID => DUPLICATE

Comment 4 David Walser 2013-07-26 17:43:33 CEST

Note that you can also look at svnweb, which usually has the CVEs in the commit messages (not always in Cauldron, but almost always in stable).  For instance:
http://svnweb.mageia.org/packages/updates/2/ruby/current/SPECS/ruby.spec?view=log

Note You need to log in before you can comment on or make changes to this bug.