MGASA-2014-0443
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 14 Nov 2014, 00:57
Last modified:16 Apr 2026, 06:25
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
14 Nov 2014, 00:57
Published
Vulnerability first disclosed
16 Apr 2026, 06:25
Last Modified
Vulnerability information updated
Description
Updated ruby packages fix CVE-2014-8080 Updated ruby packages fix security vulnerability: Due to unrestricted entity expansion, when reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service (CVE-2014-8080). The Mageia 3 ruby package has been updated to 1.9.3-p550 and the Mageia 4 ruby package has been updated to 2.0.0-p594 to fix this issue and several other bugs.
Affected Systems
- mageia•ruby
< 1.9.3.p550-1.mga3
- mageia•ruby
< 2.0.0.p594-1.mga4
References (5)
- https://advisories.mageia.org/MGASA-2014-0443.html
- https://bugs.mageia.org/show_bug.cgi?id=14391
- https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/
- https://www.ruby-lang.org/en/news/2014/10/27/ruby-1-9-3-p550-is-released/
- https://www.ruby-lang.org/en/news/2014/10/27/ruby-2-0-0-p594-is-released/