(RHSA-2013:0728) Moderate: rubygem packages security update

2013-04-0900:00:00

access.redhat.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

69.1%

JSON

Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to do system management tasks.

It was found that documentation created by RDoc was vulnerable to a
cross-site scripting (XSS) attack. If such documentation was accessible
over a network, and a remote attacker could trick a user into visiting a
specially-crafted URL, it would lead to arbitrary web script execution in
the context of the user’s session. As RDoc is used for creating
documentation for Ruby source files (such as classes, modules, and so on),
it is not a common scenario to make such documentation accessible over the
network. (CVE-2013-0256)

This update provides a number of updated rubygem packages that have had
their documentation regenerated with a corrected version of RDoc.

Red Hat would like to thank Eric Hodel of RDoc upstream for reporting this
issue. Upstream acknowledges Evgeny Ermakov as the original reporter.

Users of Red Hat OpenShift Enterprise 1.1.3 are advised to upgrade to these
updated packages, which correct this issue.

OSVersionArchitecturePackageVersionFilename
RedHat6noarchruby193-rubygem-xml-simple< 1.0.12-10.el6opruby193-rubygem-xml-simple-1.0.12-10.el6op.noarch.rpm
RedHat6srcruby193-rubygem-rspec< 2.11.0-2.el6ruby193-rubygem-rspec-2.11.0-2.el6.src.rpm
RedHat6x86_64ruby193-rubygem-bcrypt-ruby-debuginfo< 3.0.1-7.el6ruby193-rubygem-bcrypt-ruby-debuginfo-3.0.1-7.el6.x86_64.rpm
RedHat6x86_64ruby193-rubygem-bcrypt-ruby< 3.0.1-7.el6ruby193-rubygem-bcrypt-ruby-3.0.1-7.el6.x86_64.rpm
RedHat6noarchruby193-rubygem-ci_reporter< 1.7.2-4.el6opruby193-rubygem-ci_reporter-1.7.2-4.el6op.noarch.rpm
RedHat6x86_64ruby193-rubygem-fastthread< 1.0.7-7.el6opruby193-rubygem-fastthread-1.0.7-7.el6op.x86_64.rpm
RedHat6srcruby193-rubygem-chunky_png< 1.2.6-3.el6opruby193-rubygem-chunky_png-1.2.6-3.el6op.src.rpm
RedHat6srcruby193-rubygem-xml-simple< 1.0.12-10.el6opruby193-rubygem-xml-simple-1.0.12-10.el6op.src.rpm
RedHat6noarchruby193-rubygem-rack-test< 0.6.1-3.el6ruby193-rubygem-rack-test-0.6.1-3.el6.noarch.rpm
RedHat6srcruby193-rubygem-fastthread< 1.0.7-7.el6opruby193-rubygem-fastthread-1.0.7-7.el6op.src.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	6	noarch	ruby193-rubygem-xml-simple	< 1.0.12-10.el6op	ruby193-rubygem-xml-simple-1.0.12-10.el6op.noarch.rpm
RedHat	6	src	ruby193-rubygem-rspec	< 2.11.0-2.el6	ruby193-rubygem-rspec-2.11.0-2.el6.src.rpm
RedHat	6	x86_64	ruby193-rubygem-bcrypt-ruby-debuginfo	< 3.0.1-7.el6	ruby193-rubygem-bcrypt-ruby-debuginfo-3.0.1-7.el6.x86_64.rpm
RedHat	6	x86_64	ruby193-rubygem-bcrypt-ruby	< 3.0.1-7.el6	ruby193-rubygem-bcrypt-ruby-3.0.1-7.el6.x86_64.rpm
RedHat	6	noarch	ruby193-rubygem-ci_reporter	< 1.7.2-4.el6op	ruby193-rubygem-ci_reporter-1.7.2-4.el6op.noarch.rpm
RedHat	6	x86_64	ruby193-rubygem-fastthread	< 1.0.7-7.el6op	ruby193-rubygem-fastthread-1.0.7-7.el6op.x86_64.rpm
RedHat	6	src	ruby193-rubygem-chunky_png	< 1.2.6-3.el6op	ruby193-rubygem-chunky_png-1.2.6-3.el6op.src.rpm
RedHat	6	src	ruby193-rubygem-xml-simple	< 1.0.12-10.el6op	ruby193-rubygem-xml-simple-1.0.12-10.el6op.src.rpm
RedHat	6	noarch	ruby193-rubygem-rack-test	< 0.6.1-3.el6	ruby193-rubygem-rack-test-0.6.1-3.el6.noarch.rpm
RedHat	6	src	ruby193-rubygem-fastthread	< 1.0.7-7.el6op	ruby193-rubygem-fastthread-1.0.7-7.el6op.src.rpm