Scientific Linux Security Update : ruby on SL6.x i386/x86_64
Medium Nessus Plugin ID 79657
Synopsis
The remote Scientific Linux host is missing one or more security updates.
Description
Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. (CVE-2014-8080, CVE-2014-8090)
All running instances of Ruby need to be restarted for this update to take effect.
Solution
Update the affected packages.