Bug 909528 (CVE-2013-0276)
Summary: | CVE-2013-0276 rubygem-activerecord/rubygem-activemodel: circumvention of attr_protected | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> | ||||||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||||||
Severity: | medium | Docs Contact: | |||||||||||
Priority: | medium | ||||||||||||
Version: | unspecified | CC: | bkabrda, bkearney, bleanhar, ccoleman, cpelland, dajohnso, dmcphers, jeckersb, jialiu, jomara, lmeyer, mastahnke, mmccune, morazi, msuchy, sclewis, security-response-team, tkramer, vanmeeuwen+fedora, vondruch | ||||||||||
Target Milestone: | --- | Keywords: | Security | ||||||||||
Target Release: | --- | ||||||||||||
Hardware: | All | ||||||||||||
OS: | Linux | ||||||||||||
Whiteboard: | |||||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||||
Doc Text: | Story Points: | --- | |||||||||||
Clone Of: | Environment: | ||||||||||||
Last Closed: | 2014-03-15 04:25:29 UTC | Type: | --- | ||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||
Documentation: | --- | CRM: | |||||||||||
Verified Versions: | Category: | --- | |||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
Embargoed: | |||||||||||||
Bug Depends On: | 909530, 909531, 909532, 909533, 948705, 948706, 995668 | ||||||||||||
Bug Blocks: | 909529, 917836 | ||||||||||||
Attachments: |
|
Description
Kurt Seifried
2013-02-09 08:37:19 UTC
Created attachment 696260 [details]
2-3-attr_protected-cve-2013-0276.patch
Created attachment 696261 [details]
3-0-attr_protected-cve-2013-0276.patch
Created attachment 696262 [details]
3-1-attr_protected-cve-2013-0276.patch
Created attachment 696263 [details]
3-2-attr_protected-cve-2013-0276.patch
Public via: https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8 http://thread.gmane.org/gmane.comp.security.oss.general/9350 Could you please create tracking bug for Fedora? Thank you. This code is in active_record in 2.3 and in activemodel in version 3.0/3.1/3.2, updated title and whiteboard to reflect this. rubygem-activemodel-3.2.8-2.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. rubygem-activemodel-3.0.11-3.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: RHEL 6 Version of OpenShift Enterprise Via RHSA-2013:0582 https://rhn.redhat.com/errata/RHSA-2013-0582.html This issue has been addressed in following products: Red Hat Subscription Asset Manager 1.2 Via RHSA-2013:0686 https://rhn.redhat.com/errata/RHSA-2013-0686.html Created rubygem-activemodel tracking bugs for this issue Affects: fedora-all [bug 948705] Created rubygem-activerecord tracking bugs for this issue Affects: epel-5 [bug 948706] The Red Hat Security Response Team has rated this issue as having moderate security impact in CloudForms 1.1. This issue is not currently planned to be addressed in future updates. |