Bug 1310054 (CVE-2016-2098)
Summary: | CVE-2016-2098 rubygem-actionview, rubygem-actionpack: code injection vulnerability in Action View | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> | ||||||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||||||
Severity: | high | Docs Contact: | |||||||||||
Priority: | high | ||||||||||||
Version: | unspecified | CC: | apatters, bkearney, cbillett, ccoleman, cpelland, dajohnso, dclarizi, dmcphers, gblomqui, gmccullo, gtanzill, jfrey, jhardy, jialiu, joelsmith, jokerman, jorton, jprause, jrusnack, kseifried, lmeyer, mmaslano, mmccomas, obarenbo, roliveri, security-response-team, tazz, tomckay, vondruch, xlecauch | ||||||||||
Target Milestone: | --- | Keywords: | Security | ||||||||||
Target Release: | --- | ||||||||||||
Hardware: | All | ||||||||||||
OS: | Linux | ||||||||||||
Whiteboard: | |||||||||||||
Fixed In Version: | rubygem-actionpack 3.2.22.2, rubygem-actionview 4.1.14.2, rubygem-actionview 4.2.5.2 | Doc Type: | Bug Fix | ||||||||||
Doc Text: |
A code injection flaw was found in the way Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to execute arbitrary code.
|
Story Points: | --- | ||||||||||
Clone Of: | Environment: | ||||||||||||
Last Closed: | 2016-03-15 21:20:09 UTC | Type: | --- | ||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||
Documentation: | --- | CRM: | |||||||||||
Verified Versions: | Category: | --- | |||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
Embargoed: | |||||||||||||
Bug Depends On: | 1310233, 1310234, 1310235, 1310236, 1313387, 1313388, 1313389, 1315704, 1315705, 1316729 | ||||||||||||
Bug Blocks: | 1310055 | ||||||||||||
Attachments: |
|
Description
Adam Mariš
2016-02-19 10:38:20 UTC
Acknowledgments: Name: the Ruby on Rails project Upstream: Tobias Kraze (makandra), joernchen (Phenoelit) Created attachment 1128508 [details]
Upstream patch
Created attachment 1131939 [details]
Upstream patch 3.2
Created attachment 1131942 [details]
Upstream patch 4.1
Created attachment 1131943 [details]
Upstream patch 4.2
Affected versions were changed, previous advisory listed these versions: Versions Affected: 3.2.x, 4.0.x Not affected: 4.1+ Fixed Versions: 3.2.22.2 External Reference: https://groups.google.com/forum/#!msg/rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ Created rubygem-actionpack tracking bugs for this issue: Affects: fedora-all [bug 1313387] Created rubygem-actionpack tracking bugs for this issue: Affects: epel-5 [bug 1313389] Upstream commits: 3.2 https://github.com/rails/rails/commit/769b4d3f6638f8871bb7ca7ad3d076a3dcc9e1a9 4.1 https://github.com/rails/rails/commit/fcf0f42494634861a648276ba7acab6b9b123257 4.2 https://github.com/rails/rails/commit/9e579ef9e239ee8ee76596bc541daf1182ba8b8d hackerone report, but it fails to provide any additional information not already included in the upstream announcement: https://hackerone.com/reports/113928 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Via RHSA-2016:0456 https://rhn.redhat.com/errata/RHSA-2016-0456.html This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Via RHSA-2016:0455 https://rhn.redhat.com/errata/RHSA-2016-0455.html This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Via RHSA-2016:0454 https://rhn.redhat.com/errata/RHSA-2016-0454.html rubygem-actionpack-4.2.3-5.fc23, rubygem-actionview-4.2.3-5.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. rubygem-actionpack-4.2.0-4.fc22, rubygem-actionview-4.2.0-5.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. |