Bug 892806 (CVE-2013-0162)
Summary: | CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | unspecified | CC: | athomas, bkabrda, bkearney, bleanhar, cpelland, jeckersb, jialiu, jomara, jrusnack, junpark, katello-bugs, lmeyer, mitch, mmccune, morazi, msuchy, rmillner, security-response-team, tdawson, tkramer, vondruch | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2013-04-23 13:26:28 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 892221, 895189, 895191, 895192, 896331, 906437, 948101, 1030772 | ||||||
Bug Blocks: | 767033, 883745, 892809, 892883, 906653, 1028279 | ||||||
Attachments: |
|
Description
Vincent Danen
2013-01-07 21:48:35 UTC
Sent email about setting a CRD. Created attachment 679696 [details]
CVE-2013-0162-rubygem-ruby_parser.patch
Acknowledgements: This issue was discovered by Michael Scherer of the Red Hat Regional IT team. Upstream had been notified as per comment #1 but apparently there was no response. Upstream version 3.1.1 is still vulnerable (verified via download and on github). This issue has been addressed in following products: CloudForms for RHEL 6 Via RHSA-2013:0548 https://rhn.redhat.com/errata/RHSA-2013-0548.html This issue has been addressed in following products: Red Hat Subscription Asset Manager 1.2 Via RHSA-2013:0544 https://rhn.redhat.com/errata/RHSA-2013-0544.html This issue has been addressed in following products: RHEL 6 Version of OpenShift Enterprise Via RHSA-2013:0582 https://rhn.redhat.com/errata/RHSA-2013-0582.html Created rubygem-ruby_parser tracking bugs for this issue Affects: epel-all [bug 948101] |