Red Hat Bugzilla – Bug 1547420
CVE-2018-1000075 rubygems: Infinite loop vulnerability due to negative size in tar header causes Denial of Service
Last modified: 2018-06-29 18:33:11 EDT
Negative size in ruby gem package tar header can cause and infinite loop. Upstream fix: https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83 External References: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
Created rubygems tracking bugs for this issue: Affects: fedora-all [bug 1547431]
Statement: This issue affects the versions of rubygems as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. This issue affects the versions of rubygems as shipped with Red Hat Satellite version 6 on Red Hat Enterprise Linux version 5. Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.