Bug 1643089 (CVE-2018-16396)
| Summary: | CVE-2018-16396 ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | abhgupta, bkearney, bmcclain, cbillett, dbaker, dblechte, dfediuck, eedri, hhorak, jokerman, jorton, mgoldboi, michal.skrivanek, mo, mtasaka, pvalena, ruby-maint, sbonazzo, sherold, s, sthangav, strzibny, tomckay, trankin, vanmeeuwen+fedora, vondruch, yozone |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-10 10:41:03 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1643091, 1643092, 1643631, 1643633, 1643635, 1647502, 1647503, 1647504, 1647505, 1837062, 1837063 | ||
| Bug Blocks: | 1643090 | ||
|
Description
Andrej Nemec
2018-10-25 13:37:46 UTC
Created ruby tracking bugs for this issue: Affects: fedora-all [bug 1643091] RHEL*/RHSCL affected. Statement: Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. Red Hat Virtualization includes a vulnerable version of ruby, however the affected functionality is not used in Red Hat Virtualization or any of its dependencies. A future update may address this issue. This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2018:3729 https://access.redhat.com/errata/RHSA-2018:3729 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2018:3730 https://access.redhat.com/errata/RHSA-2018:3730 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2018:3731 https://access.redhat.com/errata/RHSA-2018:3731 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2028 https://access.redhat.com/errata/RHSA-2019:2028 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2020:2769 https://access.redhat.com/errata/RHSA-2020:2769 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:2839 https://access.redhat.com/errata/RHSA-2020:2839 |