|Summary:||CVE-2008-5189 rubygems-actionpack: redirect HTTP header injection vulnerability|
|Product:||[Other] Security Response||Reporter:||Jan Lieskovsky <jlieskov>|
|Component:||vulnerability||Assignee:||Jeroen van Meeuwen <vanmeeuwen+fedora>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Version:||unspecified||CC:||lutter, mastahnke, redhat-bugzilla, sseago, vanmeeuwen+fedora|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2009-03-18 03:26:51 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Jan Lieskovsky 2008-11-21 10:27:08 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5189 to the following vulnerability: CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5189 http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk http://www.securityfocus.com/bid/32359 Note: The "offet-limit-sanitization" issue was originally reported as CVE-2008-4094 and we already fixed it in all related packages. Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-4094 for more details.
Comment 1 Robert Scheck 2008-11-21 11:04:23 UTC
If I read correct, the 2.0.x, 2.1.x and 2.2.x series are affected - which means ALL Fedora and EPEL branches - right?
Comment 2 Jan Lieskovsky 2008-11-21 12:37:45 UTC
Yes, this issue affects all versions of the rubygem-actionpack package, as shipped within the Fedora release of 8, 9, 10 and as shipped within the EPEL project.
Comment 3 Tomas Hoger 2009-01-09 09:03:19 UTC
According to: http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing This issue was fixed upstream in 2.1.2. Alternatively, following patch can be used: http://weblog.rubyonrails.org/assets/2008/10/19/2.1.x.redirect_to_sanitisation.diff 2.1.1 seems to be the current version in both all stable Fedora versions and EPEL5.
Comment 4 Tomas Hoger 2009-02-26 16:34:29 UTC
rubygem-actionpack packages 2.2.2 currently in Rawhide have the sanitisation patch included.
Comment 5 Jeroen van Meeuwen 2009-02-27 15:56:48 UTC
I'm checking in rubygem-actionpack 2.1.1-2 in F-10, F-9 and EL-5 right now
Comment 6 Fedora Update System 2009-02-27 16:19:48 UTC
rubygem-actionpack-2.1.1-2.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/rubygem-actionpack-2.1.1-2.fc10
Comment 7 Fedora Update System 2009-02-27 16:19:54 UTC
rubygem-actionpack-2.1.1-2.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/rubygem-actionpack-2.1.1-2.fc9
Comment 8 Fedora Update System 2009-02-28 03:22:15 UTC
rubygem-actionpack-2.1.1-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2009-02-28 03:26:31 UTC
rubygem-actionpack-2.1.1-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
Comment 10 Jeroen van Meeuwen 2009-03-18 03:26:51 UTC
This bug should have been closed already... bodhi!!