Bug 587731 (CVE-2010-0541)
Summary: | CVE-2010-0541 Ruby WEBrick javascript injection flaw | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Josh Bressers <bressers> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | meyering, mjc, omoris, security-response-team, tagoh, vdanen, vondruch |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-06-29 14:36:49 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 605418, 605419, 709957, 709958, 709959 | ||
Bug Blocks: |
Description
Josh Bressers
2010-04-30 17:58:03 UTC
Suggested patch from Apple: --- lib/webrick/httpresponse.rb.old 2010-03-31 18:47:40.000000000 -0700 +++ lib/webrick/httpresponse.rb 2010-03-31 18:48:21.000000000 -0700 @@ -209,7 +209,7 @@ @keep_alive = false self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR end - @header['content-type'] = "text/html" + @header['content-type'] = "text/html; charset=utf-8" if respond_to?(:create_error_page) create_error_page() We've rated this flaw as having a "low" severity. We'll fix it in the next ruby update. This is public now via: http://support.apple.com/kb/HT4188 Created ruby tracking bugs for this issue Affects: fedora-all [bug 605419] This is noted upstream now: http://www.ruby-lang.org/en/news/2010/08/16/xss-in-webrick-cve-2010-0541/ Fixed in 1.8.7p302 and 1.9.1p430 using this official patch (differs slightly from the suggested patch noted in comment #3: ftp://ftp.ruby-lang.org/pub/misc/webrick-cve-2010-0541.diff Index: httpresponse.rb =================================================================== --- httpresponse.rb (revision 28759) +++ httpresponse.rb (working copy) @@ -208,7 +208,7 @@ @keep_alive = false self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR end - @header['content-type'] = "text/html" + @header['content-type'] = "text/html; charset=ISO-8859-1" if respond_to?(:create_error_page) create_error_page() Fix pushed on Fedora 15/14/13/12. The attachments above fixes the issue for RHEL-{4,5}. Let me know how to proceed. Acknowledgements: Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue. This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2011:0908 https://rhn.redhat.com/errata/RHSA-2011-0908.html This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2011:0909 https://rhn.redhat.com/errata/RHSA-2011-0909.html Statement: (none) |