CVE-2008-3790

Name of the Vulnerable Software and Affected Versions libruby1.9 versions 1.8.6 through 1.8.6-p287 libruby1.9 versions 1.8.7 through 1.8.7-p72 libruby1.9 versions 1.9

Description The issue is related to multiple vulnerabilities in the libruby1.9 package of the Debian GNU/Linux operating system, which can lead to a disruption of protected information availability. These vulnerabilities can be exploited remotely. Specifically, the REXML module in Ruby allows context-dependent attackers to cause a denial of service via an XML document with recursively nested entities, also known as an "XML entity explosion."

Recommendations For versions 1.8.6 through 1.8.6-p287, consider updating to a version outside of this range to mitigate the risk. For versions 1.8.7 through 1.8.7-p72, consider updating to a version outside of this range to mitigate the risk. For version 1.9, consider updating to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting the use of the REXML module until a patch is available.