(RHSA-2013:1427) Moderate: ruby193-ruby security update

2013-10-15T04:00:00
ID RHSA-2013:1427
Type redhat
Reporter RedHat
Modified 2017-03-03T17:38:54

Description

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. RubyGems is the Ruby standard for publishing and managing third-party libraries.

It was discovered that the rubygems API validated version strings using an unsafe regular expression. An application making use of this API to process a version string from an untrusted source could be vulnerable to a denial of service attack through CPU exhaustion. (CVE-2013-4287)

Red Hat would like to thank Rubygems upstream for reporting CVE-2013-4287. Upstream acknowledges Damir Sharipov as the original reporter.

All ruby193-ruby users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.