Bug 1365008 (CVE-2016-6316)
Summary: | CVE-2016-6316 rubygem-actionview: cross-site scripting flaw in Action View | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Martin Prpič <mprpic> | ||||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||||
Severity: | medium | Docs Contact: | |||||||||
Priority: | medium | ||||||||||
Version: | unspecified | CC: | bkearney, cbillett, ccoleman, dedgar, dmcphers, hhorak, jgoulding, jialiu, joelsmith, jokerman, jorton, katello-bugs, kseifried, lmeyer, mmccomas, ruby-maint, security-response-team, tomckay | ||||||||
Target Milestone: | --- | Keywords: | Security | ||||||||
Target Release: | --- | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | rubygem-actionview 5.0.0.1, rubygem-actionview 4.2.7.1, rubygem-actionpack 3.2.22.3 | Doc Type: | If docs needed, set a value | ||||||||
Doc Text: |
It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting (XSS) attack.
|
Story Points: | --- | ||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2016-09-13 11:19:06 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | 1366480, 1367062, 1367063, 1367064, 1367065, 1367066, 1367067, 1367068, 1367069, 1381410 | ||||||||||
Bug Blocks: | 1365019 | ||||||||||
Attachments: |
|
Description
Martin Prpič
2016-08-08 11:08:37 UTC
Acknowledgments: Name: the Ruby on Rails project Upstream: Andrew Carpenter (Critical Juncture) Created attachment 1188633 [details]
3-2-attribute-xss.patch
Created attachment 1188634 [details]
4-2-attribute-xss.patch
Created attachment 1188635 [details]
5-0-attribute-xss.patch
Created rubygem-actionview tracking bugs for this issue: Affects: fedora-all [bug 1366480] External References: https://groups.google.com/forum/#!msg/rubyonrails-security/I-VWr034ouk/gGu2FrCwDAAJ The original patch was reported to be faulty: http://seclists.org/oss-sec/2016/q3/263 Correct patches for this issue: https://github.com/rails/rails/commit/4bcccf5ecd81a6272479537911b7d9760c5be164 https://github.com/rails/rails/commit/5aabcf25caefbe84f656256a9d3e7fc0c9e14ecc (In reply to Martin Prpic from comment #8) > The original patch was reported to be faulty: > > http://seclists.org/oss-sec/2016/q3/263 Note that the problem only affected patches against 3.2. Additionally, another problem was found that affected other versions as well. The issues is mentioned here: https://github.com/rails/rails/commit/4bcccf5e#commitcomment-18616328 Upstream pull requests with fix: https://github.com/rails/rails/pull/26131 https://github.com/rails/rails/pull/26133 So the correct set of patches should be: 5.0: https://github.com/rails/rails/commit/8f544bc447612924a50c37ead085a0ea4c217439 https://github.com/rails/rails/commit/d40e5f0033329f8269c97d9480749a92817a2968 4.2: https://github.com/rails/rails/commit/f05af91c68debc0230c302aa9031a253f8786b87 https://github.com/rails/rails/commit/2bcb88c9ce7d6fb1f158f54918eb7f936bd33ce9 3.2: https://github.com/rails/rails/commit/4bcccf5ecd81a6272479537911b7d9760c5be164 https://github.com/rails/rails/commit/5aabcf25caefbe84f656256a9d3e7fc0c9e14ecc https://github.com/rails/rails/commit/efd59ab38231eca1084e85aa990321599308757f This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Via RHSA-2016:1858 https://rhn.redhat.com/errata/RHSA-2016-1858.html This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Via RHSA-2016:1857 https://rhn.redhat.com/errata/RHSA-2016-1857.html This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Via RHSA-2016:1856 https://rhn.redhat.com/errata/RHSA-2016-1856.html This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Via RHSA-2016:1855 https://rhn.redhat.com/errata/RHSA-2016-1855.html |