(RHSA-2013:1201) Low: ruby193-v8 security update

2013-09-0300:00:00

access.redhat.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

77.6%

JSON

V8 is Google’s open source JavaScript engine.

A type confusion issue was found in the V8 JavaScript engine. An attacker
could use this flaw to cause a denial of service or, potentially, execute
arbitrary code. (CVE-2013-2882)

Note: Exploitation of this issue requires, at the least, execution of
malicious JavaScript. In the standard use case of ruby193-v8 in Red Hat
OpenStack it is unlikely that a scenario exists where this would occur.

Users of ruby193-v8 are advised to upgrade to these updated packages,
which correct this issue.

OSVersionArchitecturePackageVersionFilename
RedHat6x86_64ruby193-v8-debuginfo< 3.14.5.10-2.el6ruby193-v8-debuginfo-3.14.5.10-2.el6.x86_64.rpm
RedHat6x86_64ruby193-v8-devel< 3.14.5.10-2.el6ruby193-v8-devel-3.14.5.10-2.el6.x86_64.rpm
RedHat6srcruby193-v8< 3.14.5.10-2.el6ruby193-v8-3.14.5.10-2.el6.src.rpm
RedHat6x86_64ruby193-v8< 3.14.5.10-2.el6ruby193-v8-3.14.5.10-2.el6.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	6	x86_64	ruby193-v8-debuginfo	< 3.14.5.10-2.el6	ruby193-v8-debuginfo-3.14.5.10-2.el6.x86_64.rpm
RedHat	6	x86_64	ruby193-v8-devel	< 3.14.5.10-2.el6	ruby193-v8-devel-3.14.5.10-2.el6.x86_64.rpm
RedHat	6	src	ruby193-v8	< 3.14.5.10-2.el6	ruby193-v8-3.14.5.10-2.el6.src.rpm
RedHat	6	x86_64	ruby193-v8	< 3.14.5.10-2.el6	ruby193-v8-3.14.5.10-2.el6.x86_64.rpm