Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
98
security advisorysecurity issueRed HatRed Hat: RHSA-2014:0510-01 Moderate: Ruby193 Actionpack Directory Flaw
Updated ruby193-rubygem-actionpack packages that fix one security issue are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby193-rubygem-actionpack security update Advisory ID: RHSA-2014:0510-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2014:0510.html Issue date: 2014-05-15 CVE Names: CVE-2014-0130 ==================================================================== 1. Summary: Updated ruby193-rubygem-actionpack packages that fix one security issue are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for RHEL 6 Server - noarch Red Hat Software Collections for RHEL 6 Workstation - noarch 3. Description: Ruby on Rails is a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted request. (CVE-2014-0130) All ruby193-rubygem-actionpack users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previouslyreleased errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1095105 - CVE-2014-0130 rubygem-actionpack: directory traversal issue 6. Package List: Red Hat Software Collections for RHEL 6 Server: Source: noarch: ruby193-rubygem-actionpack-3.2.8-5.5.el6.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-5.5.el6.noarch.rpm Red Hat Software Collections for RHEL 6 Workstation: Source: noarch: ruby193-rubygem-actionpack-3.2.8-5.5.el6.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-5.5.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2014-0130 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTdQkbXlSAg2UNWIIRAkUfAKCZiQqz2TrOgMWt1d2GfNyuk3xtZgCfd7Fs yGC1bCMdkc+kvO3b9eVEoSY=LMJ1 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
May 15, 2014
Red Hat
98
security advisorybuffer overflowred hatRed Hat OpenStack 3: RHSA-2014-0364 Important: Libyaml Buffer Overflows
Updated ruby193-libyaml packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 3.0. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: ruby193-libyaml security update Advisory ID: RHSA-2014:0364-01 Product: Red Hat OpenStack Advisory URL: https://access.redhat.com/errata/RHSA-2014:0364.html Issue date: 2014-04-03 CVE Names: CVE-2013-6393 CVE-2014-2525 ==================================================================== 1. Summary: Updated ruby193-libyaml packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 3.0. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: OpenStack 3 - x86_64 3. Description: YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. A buffer overflow flaw was found in the way the libyaml library parsed URLs in YAML documents. An attacker able to load specially crafted YAML input to an application using libyaml could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2014-2525) An integer overflow flaw was found in the way the libyaml library handled excessively long YAML tags. An attacker able to load specially crafted YAML input to application using libyaml could cause the application to crash or, potentially, execute arbitrary codewith the privileges of the user running the application. (CVE-2013-6393) Red Hat would like to thank oCERT for reporting the CVE-2014-2525 issue. oCERT acknowledges Ivan Fratric of the Google Security Team as the original reporter. The CVE-2013-6393 issue was discovered by Florian Weimer of the Red Hat Product Security Team. All ruby193-libyaml users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against the libyaml library must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1033990 - CVE-2013-6393 libyaml: heap-based buffer overflow when parsing YAML tags 1078083 - CVE-2014-2525 libyaml: heap-based buffer overflow when parsing URLs 6. Package List: OpenStack 3: Source: x86_64: ruby193-libyaml-0.1.4-5.1.el6.x86_64.rpm ruby193-libyaml-debuginfo-0.1.4-5.1.el6.x86_64.rpm ruby193-libyaml-devel-0.1.4-5.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2013-6393 https://access.redhat.com/security/cve/CVE-2014-2525 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTPdAPXlSAg2UNWIIRAlIiAJ4s/G7UD87b9eo1nQSpSvtN3QGlcACeLViP 5QKKSd9j8ZtDpcIu5xged6o=mQYu -----END PGP SIGNATURE----- -- Enterprise-watch-list mailinglist
Apr 03, 2014
•Important
Red Hat
98
security advisoryimportantxssRed Hat OpenStack 3.0 RHSA-2014-0008 Important: XSS, DoS Issues
Updated ruby193-rubygem-actionpack packages that fix multiple security issues are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: ruby193-rubygem-actionpack security update Advisory ID: RHSA-2014:0008-01 Product: Red Hat OpenStack Advisory URL: https://access.redhat.com/errata/RHSA-2014:0008.html Issue date: 2014-01-06 CVE Names: CVE-2013-4491 CVE-2013-6414 CVE-2013-6415 CVE-2013-6417 ==================================================================== 1. Summary: Updated ruby193-rubygem-actionpack packages that fix multiple security issues are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch 3. Description: Ruby on Rails is a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. A flaw was found in the way Ruby on Rails performed JSON parameter parsing. An application using a third party library, which uses the Rack::Request interface, or custom Rack middleware could bypass the protection implemented to fix the CVE-2013-0155 vulnerability, causing the application to receive unsafe parameters and become vulnerable to CVE-2013-0155. (CVE-2013-6417) It was discovered that the internationalization component of Ruby on Rails could, under certain circumstances, return a fallback HTML string that contained user input. A remote attackercould possibly use this flaw to perform a reflective cross-site scripting (XSS) attack by providing a specially crafted input to an application using the aforementioned component. (CVE-2013-4491) A denial of service flaw was found in the header handling component of Action View. A remote attacker could send strings in specially crafted headers that would be cached indefinitely, which would result in all available system memory eventually being consumed. (CVE-2013-6414) It was found that the number_to_currency Action View helper did not properly escape the unit parameter. An attacker could use this flaw to perform a cross-site scripting (XSS) attack on an application that uses data submitted by a user in the unit parameter. (CVE-2013-6415) Users of Red Hat OpenStack 3.0 are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1036409 - CVE-2013-6417 rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013-0155) 1036483 - CVE-2013-6414 rubygem-actionpack: Action View DoS 1036910 - CVE-2013-6415 rubygem-actionpack: number_to_currency XSS 1036922 - CVE-2013-4491 rubygem-actionpack: i18n missing translation XSS 6. Package List: OpenStack 3: Source: noarch: ruby193-rubygem-actionpack-3.2.8-5.1.el6.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-5.1.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7.References: https://access.redhat.com/security/cve/CVE-2013-4491 https://access.redhat.com/security/cve/CVE-2013-6414 https://access.redhat.com/security/cve/CVE-2013-6415 https://access.redhat.com/security/cve/CVE-2013-6417 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSyvhhXlSAg2UNWIIRAtHEAJ4tVJN79jvB810TrVEHMy2Puak4DgCgkEZi gOvl3IL20z5rBR06P/XHVhU=QuM6 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jan 06, 2014
•Important
Red Hat
98
security advisorymoderatesecurity issueRed Hat OpenShift: RHSA-2013-1138-01 Important: Ruby193 Security Update
Updated ruby193-ruby packages that fix one security issue are now available for Red Hat OpenShift Enterprise 1.2.2. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby193-ruby security update Advisory ID: RHSA-2013:1137-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2013:1137.html Issue date: 2013-08-05 CVE Names: CVE-2013-4073 ==================================================================== 1. Summary: Updated ruby193-ruby packages that fix one security issue are now available for Red Hat OpenShift Enterprise 1.2.2. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHOSE Infrastructure 2.1 - noarch, x86_64 RHOSE Node 1.2 - noarch, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts. (CVE-2013-4073) All users of Red Hat OpenShift Enterprise 1.2.2 are advised to upgrade to these updated packages, which resolve this issue. 4. Solution: Before applying this update, make sure all previously releasederrata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 979251 - CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL client 6. Package List: RHOSE Infrastructure 2.1: Source: noarch: ruby193-ruby-irb-1.9.3.448-38.el6.noarch.rpm ruby193-rubygem-rake-0.9.2.2-38.el6.noarch.rpm ruby193-rubygems-1.8.23-38.el6.noarch.rpm ruby193-rubygems-devel-1.8.23-38.el6.noarch.rpm x86_64: ruby193-ruby-1.9.3.448-38.el6.x86_64.rpm ruby193-ruby-debuginfo-1.9.3.448-38.el6.x86_64.rpm ruby193-ruby-devel-1.9.3.448-38.el6.x86_64.rpm ruby193-ruby-doc-1.9.3.448-38.el6.x86_64.rpm ruby193-ruby-libs-1.9.3.448-38.el6.x86_64.rpm ruby193-ruby-tcltk-1.9.3.448-38.el6.x86_64.rpm ruby193-rubygem-bigdecimal-1.1.0-38.el6.x86_64.rpm ruby193-rubygem-io-console-0.3-38.el6.x86_64.rpm ruby193-rubygem-json-1.5.5-38.el6.x86_64.rpm ruby193-rubygem-rdoc-3.9.5-38.el6.x86_64.rpm RHOSE Node 1.2: Source: noarch: ruby193-ruby-irb-1.9.3.448-38.el6.noarch.rpm ruby193-rubygem-rake-0.9.2.2-38.el6.noarch.rpm ruby193-rubygems-1.8.23-38.el6.noarch.rpm ruby193-rubygems-devel-1.8.23-38.el6.noarch.rpm x86_64: ruby193-ruby-1.9.3.448-38.el6.x86_64.rpm ruby193-ruby-debuginfo-1.9.3.448-38.el6.x86_64.rpm ruby193-ruby-devel-1.9.3.448-38.el6.x86_64.rpm ruby193-ruby-doc-1.9.3.448-38.el6.x86_64.rpm ruby193-ruby-libs-1.9.3.448-38.el6.x86_64.rpm ruby193-ruby-tcltk-1.9.3.448-38.el6.x86_64.rpm ruby193-rubygem-bigdecimal-1.1.0-38.el6.x86_64.rpm ruby193-rubygem-io-console-0.3-38.el6.x86_64.rpm ruby193-rubygem-json-1.5.5-38.el6.x86_64.rpm ruby193-rubygem-rdoc-3.9.5-38.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7.References: https://access.redhat.com/security/cve/CVE-2013-4073 https://access.redhat.com/security/updates/classification#moderate https://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR/91BXlSAg2UNWIIRArPtAKDFLmkbG8HJytXxjiS7A6hPPK2fRwCfZAZZ QeMvGIOG4a7Ye0s7SLU1b/g=ldCT -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Aug 05, 2013
•Important
Red Hat
98
security advisorymoderatered hatRed Hat OpenStack 3.0 RHSA-2013:1103-01 Moderate: ruby193-ruby SSL Threat
Updated ruby193-ruby packages that fix one security issue are now available for Red Hat OpenStack 3.0 (Grizzly). The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby193-ruby security update Advisory ID: RHSA-2013:1103-01 Product: Red Hat OpenStack Advisory URL: https://access.redhat.com/errata/RHSA-2013:1103.html Issue date: 2013-07-23 CVE Names: CVE-2013-4073 ==================================================================== 1. Summary: Updated ruby193-ruby packages that fix one security issue are now available for Red Hat OpenStack 3.0 (Grizzly). The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. Red Hat OpenStack makes use of Puppet, which is written in Ruby. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct a man-in-the-middle attack against the Puppet master and its clients. Note that to exploit this issue, an attacker would need to get a carefully-crafted certificate signed by an authority that the Puppet master and clients trust. (CVE-2013-4073) Users of Red Hat OpenStack 3.0 (Grizzly) are advised to upgrade to these updated packages, which correct this issue. After installing the update, the puppetmaster servicemust be restarted on the Puppet master server, and the puppet service must be restarted on all clients that run the Puppet agent as a daemon. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 979251 - CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL client 6. Package List: OpenStack 3: Source: noarch: ruby193-ruby-irb-1.9.3.429-34.2.el6ost.noarch.rpm ruby193-rubygem-minitest-2.5.1-34.2.el6ost.noarch.rpm ruby193-rubygem-rake-0.9.2.2-34.2.el6ost.noarch.rpm x86_64: ruby193-ruby-1.9.3.429-34.2.el6ost.x86_64.rpm ruby193-ruby-debuginfo-1.9.3.429-34.2.el6ost.x86_64.rpm ruby193-ruby-devel-1.9.3.429-34.2.el6ost.x86_64.rpm ruby193-ruby-doc-1.9.3.429-34.2.el6ost.x86_64.rpm ruby193-ruby-libs-1.9.3.429-34.2.el6ost.x86_64.rpm ruby193-ruby-tcltk-1.9.3.429-34.2.el6ost.x86_64.rpm ruby193-rubygem-bigdecimal-1.1.0-34.2.el6ost.x86_64.rpm ruby193-rubygem-io-console-0.3-34.2.el6ost.x86_64.rpm ruby193-rubygem-json-1.5.5-34.2.el6ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2013-4073 https://access.redhat.com/security/updates/classification#moderate https://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR7sSIXlSAg2UNWIIRAntBAKChxkwZ+fuRog0jEy32pX2PIcfGsACfSLLK NDd8FeL3yCLIrQ56A2jxlso=3sSR -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jul 23, 2013
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!