Bug 1033460 (CVE-2013-4164)
Summary: | CVE-2013-4164 ruby: heap overflow in floating point parsing | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Murray McAllister <mmcallis> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | unspecified | CC: | aortega, apevec, athomas, ayoung, bdunne, bgollahe, bkabrda, bkearney, bleanhar, ccoleman, chrisw, cpelland, dmcphers, drieden, gkotton, jdetiber, jfrey, jialiu, jkurik, jrafanie, jrusnack, katello-bugs, kseifried, lhh, lmeyer, markmc, mmaslano, mmccune, mmcgrath, mmorsi, moshiro, mtasaka, nobody+bgollahe, obarenbo, ohadlevy, postmodern.mod3, rbryant, rhos-maint, sclewis, srevivo, tagoh, tdawson, vanmeeuwen+fedora, vondruch, xlecauch |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | ruby 1.9.3-p484, ruby 2.0.0-p353 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-05-19 03:28:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1033488, 1033492, 1033500, 1033502, 1033503, 1033546, 1033621, 1033623, 1033624, 1033859, 1033860, 1033862, 1033863, 1033865, 1033866, 1033867, 1033906, 1159431, 1159432 | ||
Bug Blocks: | 1033464, 1033487, 1239193 |
Description
Murray McAllister
2013-11-22 07:09:32 UTC
Additional follow up fix (trunk, 1.9.3 and 2.0.0): http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=43780 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=43783 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=43784 Ruby versions in Red Hat Enterprise Linux 5 and earlier use different strtod implementation. The current implementation was introduced via the following commits (trunk, 1.8): http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=13131 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=16342 Created ruby tracking bugs for this issue: Affects: fedora-all [bug 1033546] This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1764 https://rhn.redhat.com/errata/RHSA-2013-1764.html This issue has been addressed in following products: Red Hat Software Collections for RHEL-6 Via RHSA-2013:1763 https://rhn.redhat.com/errata/RHSA-2013-1763.html This issue has been addressed in following products: Red Hat Enterprise Linux 6.2 EUS - Server and Compute Node Only Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only Red Hat Enterprise Linux 6.4 EUS - Server and Compute Node Only Via RHSA-2013:1767 https://rhn.redhat.com/errata/RHSA-2013-1767.html When will we see an update for Fedora 19? The ruby package is still at 2.0.0-p247. There is a pending update for F19 - https://admin.fedoraproject.org/updates/FEDORA-2013-22423/ruby-2.0.0.353-16.fc19. Please test! (In reply to Tomas Hoger from comment #6) > Ruby versions in Red Hat Enterprise Linux 5 and earlier use different strtod > implementation. The current implementation was introduced via the following > commits (trunk, 1.8): > http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=13131 > http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=16342 Upstream advisory (see comment 0 for direct link) previously used to list all 1.8 versions as affected. It has been updated to take the above information into account. New strtod implementation was introduced upstream in version 1.8.6-p230 and is also included in 1.8.7. The ruby packages in Red Hat Enterprise Linux 5 are based on older upstream version 1.8.5. Statement: This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5. This issue has been addressed in following products: OpenStack 3 for RHEL 6 Via RHSA-2014:0011 https://rhn.redhat.com/errata/RHSA-2014-0011.html HackerOne report: https://hackerone.com/reports/499 This issue has been addressed in following products: CloudForms Management Engine 5.x Via RHSA-2014:0215 https://rhn.redhat.com/errata/RHSA-2014-0215.html SAM-1 does not appear to use to_f with any user supplied code, ditto for OpenShift Enterprise 1, this issue is being deferred for both, a later update may address this issue. |