Bug 1232302 (CVE-2015-3227)
Summary: | CVE-2015-3227 rubygem-activesupport: Possible Denial of Service attack in Active Support in merge_element() | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> | ||||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||
Status: | CLOSED WONTFIX | QA Contact: | |||||||||
Severity: | medium | Docs Contact: | |||||||||
Priority: | medium | ||||||||||
Version: | unspecified | CC: | apatters, bkearney, carnil, cbillett, ccoleman, dajohnso, dclarizi, dmcphers, gmccullo, jhardy, jialiu, joelsmith, jokerman, jorton, jprause, jrafanie, jrusnack, jvlcek, kseifried, lmeyer, mmaslano, mmccomas, obarenbo, security-response-team, tomckay, vondruch, xlecauch | ||||||||
Target Milestone: | --- | Keywords: | Security | ||||||||
Target Release: | --- | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | rubygem-activesupport-4.2.2, rubygem-activesupport-4.1.11 | Doc Type: | Bug Fix | ||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2015-07-31 12:56:31 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | 1249062, 1249063, 1249064, 1249065, 1249066 | ||||||||||
Bug Blocks: | 1232306 | ||||||||||
Attachments: |
|
Description
Vasyl Kaigorodov
2015-06-16 13:00:48 UTC
This is now public: http://seclists.org/oss-sec/2015/q2/731 Created attachment 1058046 [details]
Patch for ActiveSupport 3.2
Created attachment 1058047 [details]
Patch for ActiveSupport 4.1
Created attachment 1058049 [details]
Patch for ActiveSupport 4.2
Created rubygem-activesupport tracking bugs for this issue: Affects: fedora-all [bug 1249062] Affects: epel-all [bug 1249063] |