Michael Scherer discovered that the ruby_parser ruby gem did not create temporary files in a safe manner. In /usr/share/gems/gems/ruby_parser-2.0.4/lib/gauntlet_rubyparser.rb's diff_pp function it creates files as /tmp/a.[pid] and /tmp/b.[pid] which can be predicted and used for either a denial of service (file cannot be overwritten), or to change the contents of a files that are writable. The initial report is in bug #892221.
Sent email about setting a CRD.
Created attachment 679696 [details] CVE-2013-0162-rubygem-ruby_parser.patch
Acknowledgements: This issue was discovered by Michael Scherer of the Red Hat Regional IT team.
Upstream had been notified as per comment #1 but apparently there was no response. Upstream version 3.1.1 is still vulnerable (verified via download and on github).
This issue has been addressed in following products: CloudForms for RHEL 6 Via RHSA-2013:0548 https://rhn.redhat.com/errata/RHSA-2013-0548.html
This issue has been addressed in following products: Red Hat Subscription Asset Manager 1.2 Via RHSA-2013:0544 https://rhn.redhat.com/errata/RHSA-2013-0544.html
This issue has been addressed in following products: RHEL 6 Version of OpenShift Enterprise Via RHSA-2013:0582 https://rhn.redhat.com/errata/RHSA-2013-0582.html
Created rubygem-ruby_parser tracking bugs for this issue Affects: epel-all [bug 948101]