Bug 1301981 (CVE-2015-7581)
Summary: | CVE-2015-7581 rubygem-actionpack: Object leak vulnerability for wildcard controller routes in Action Pack | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | apatters, bkearney, cbillett, ccoleman, cpelland, dajohnso, dclarizi, dmcphers, gblomqui, gmccullo, gtanzill, jfrey, jhardy, jialiu, joelsmith, jokerman, jorton, jprause, jrusnack, katello-bugs, kseifried, lmeyer, mastahnke, mmaslano, mmccomas, mmorsi, obarenbo, osoukup, pvalena, roliveri, slong, sseago, strzibny, tomckay, vanmeeuwen+fedora, vondruch, xlecauch |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | rubygem-actionpack 4.2.5.1, rubygem-actionpack 4.1.14.1 | Doc Type: | Bug Fix |
Doc Text: |
A flaw was found in the Action Pack component's caching of controller references. An attacker could use this flaw to cause unbounded memory growth, potentially resulting in a denial of service.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2016-03-15 21:22:14 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1301982, 1301983, 1306277, 1306278, 1306279, 1306281 | ||
Bug Blocks: | 1302006 |
Description
Adam Mariš
2016-01-26 13:24:28 UTC
Created rubygem-actionpack tracking bugs for this issue: Affects: fedora-all [bug 1301983] Upstream commit: 4.1 https://github.com/rails/rails/commit/98629dfcce8d5ac2b97d0efece41b686daef8f02 4.2 https://github.com/rails/rails/commit/710c5ce91acd8b4277dc105e60bc5bda90ccbd8a This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Via RHSA-2016:0296 https://rhn.redhat.com/errata/RHSA-2016-0296.html rubygem-actionpack-4.2.0-3.fc22, rubygem-activemodel-4.2.0-2.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. rubygem-actionpack-4.2.3-4.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Via RHSA-2016:0454 https://rhn.redhat.com/errata/RHSA-2016-0454.html |