Bug 1487590 – CVE-2017-0899 rubygems: Escape sequence in the "summary" field of gemspec

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1487590 - (CVE-2017-0899) CVE-2017-0899 rubygems: Escape sequence in the "summary" field of gemspec

Summary:	CVE-2017-0899 rubygems: Escape sequence in the "summary" field of gemspec

Status:	CLOSED ERRATA

Aliases:	CVE-2017-0899

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=low,public=20170831,reported=2...
Keywords:	Security

Depends On:	1487591 1487592 1487593 1502049 1509448 1509449 1509450 1509451 1534437 1534438 1534937 1534941
Blocks:	1487526 1487605
	Show dependency tree / graph

Reported:	2017-09-01 06:55 EDT by Adam Mariš
Modified:	2018-03-26 06:23 EDT (History)
CC List:	30 users (show)

See Also:
Fixed In Version:	rubygems 2.6.13, ruby 2.4.2, ruby 2.2.8, ruby 2.3.5
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2017-12-20 04:42:21 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2017:3485	normal	SHIPPED_LIVE	Moderate: rh-ruby24-ruby security, bug fix, and enhancement update	2017-12-19 08:37:01 EST
Red Hat Product Errata	RHSA-2018:0378	normal	SHIPPED_LIVE	Important: ruby security update	2018-02-28 20:06:17 EST
Red Hat Product Errata	RHSA-2018:0583	None	None	None	2018-03-26 05:45 EDT
Red Hat Product Errata	RHSA-2018:0585	None	None	None	2018-03-26 06:23 EDT

Groups: None (edit)

Description Adam Mariš 2017-09-01 06:55:53 EDT

RubyGems version 2.6.12 and earlier is vulnerable to maliciously
crafted gem specifications that include terminal escape characters.
Printing the gem specification would execute terminal escape
sequences.

Upstream patches:

https://github.com/rubygems/rubygems/commit/1bcbc7fe637b03145401ec9c094066285934a7f1
https://github.com/rubygems/rubygems/commit/ef0aa611effb5f54d40c7fba6e8235eb43c5a491

Bug report:

https://hackerone.com/reports/226335

External References:

http://blog.rubygems.org/2017/08/27/2.6.13-released.html

Comment 1 Adam Mariš 2017-09-01 07:02:06 EDT

Created ruby193-rubygems tracking bugs for this issue:

Affects: openshift-1 [bug 1487592]


Created rubygems tracking bugs for this issue:

Affects: fedora-all [bug 1487591]
Affects: openshift-1 [bug 1487593]

Comment 6 errata-xmlrpc 2017-12-19 03:38:21 EST

This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS

Via RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2017:3485

Comment 7 Cedric Buissart 2017-12-20 04:42:40 EST

Statement:

This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 6, and 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Comment 9 errata-xmlrpc 2018-02-28 15:02:18 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0378

Comment 11 errata-xmlrpc 2018-03-26 05:44:48 EDT

This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS

Via RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0583

Comment 12 errata-xmlrpc 2018-03-26 06:22:56 EDT

This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS

Via RHSA-2018:0585 https://access.redhat.com/errata/RHSA-2018:0585

Note You need to log in before you can comment on or make changes to this bug.

bcourt
bhu
bkearney
cbillett
ccoleman
dedgar
dmcphers
esammons
hhorak
iboverma
jgoulding
jmatthew
jorton
jross
kseifried
mastahnke
matt
mcressma
mmccune
mrike
mtasaka
ohadlevy
ruby-maint
s
tjay
tomckay
tsanders
vanmeeuwen+fedora
vondruch
williams