[ GLSA 201405-14 ] Ruby OpenID: Denial of Service

GLSA · Advocate Joined: 12 May 2004 Posts: 2663

Gentoo Linux Security Advisory

Title: Ruby OpenID: Denial of Service (GLSA 201405-14)
Severity: normal
Exploitable: remote
Date: May 17, 2014
Bug(s): #460156
ID: 201405-14

Synopsis

A vulnerability in Ruby OpenID may lead to Denial of Service.

Background

Ruby OpenID is a robust library for verifying and serving OpenID
identities.

Affected Packages

Package: dev-ruby/ruby-openid
Vulnerable: < 2.2.2
Unaffected: >= 2.2.2
Architectures: All supported architectures

Description

An XML entity parsing error has been discovered in Ruby OpenID.

Impact

A remote attacker could send a specially crafted XML file, possibly
resulting in a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Ruby OpenID users should upgrade to the latest version: