Vulnerabilities > CVE-2012-5371 - Cryptographic Issues vulnerability in Ruby-Lang Ruby

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
ruby-lang
CWE-310
nessus
NVD
Published: 2012-11-28
Updated: 2024-11-21

Summary

Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.

Vulnerable Configurations

Part Description Count
Application
Ruby-Lang
9

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1428.NASL
    descriptionAccording to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.(CVE-2012-4466) - The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.(CVE-2014-8090) - Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.(CVE-2013-4287) - The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.(CVE-2014-8080) - The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a
    last seen2020-03-17
    modified2019-05-14
    plugin id124931
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124931
    titleEulerOS Virtualization 3.0.1.0 : ruby (EulerOS-SA-2019-1428)
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(124931);
  script_version("1.19");
  script_cvs_date("$Date$");

  script_cve_id(
    "CVE-2012-4464",
    "CVE-2012-4466",
    "CVE-2012-4522",
    "CVE-2012-5371",
    "CVE-2013-2065",
    "CVE-2013-4073",
    "CVE-2013-4164",
    "CVE-2013-4287",
    "CVE-2013-4363",
    "CVE-2014-4975",
    "CVE-2014-8080",
    "CVE-2014-8090",
    "CVE-2018-16395",
    "CVE-2018-16396",
    "CVE-2018-8780"
  );
  script_bugtraq_id(
    55757,
    56115,
    56484,
    59881,
    60843,
    62281,
    62442,
    63873,
    68474,
    70935,
    71230
  );

  script_name(english:"EulerOS Virtualization 3.0.1.0 : ruby (EulerOS-SA-2019-1428)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security
updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the ruby packages installed, the EulerOS
Virtualization installation on the remote host is affected by the
following vulnerabilities :

  - Ruby 1.8.7 before patchlevel 371, 1.9.3 before
    patchlevel 286, and 2.0 before revision r37068 allows
    context-dependent attackers to bypass safe-level
    restrictions and modify untainted strings via the
    name_err_mesg_to_str API function, which marks the
    string as tainted, a different vulnerability than
    CVE-2011-1005.(CVE-2012-4466)

  - The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel
    551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x
    before 2.1.5 allows remote attackers to cause a denial
    of service (CPU and memory consumption) a crafted XML
    document containing an empty string in an entity that
    is used in a large number of nested entity references,
    aka an XML Entity Expansion (XEE) attack. NOTE: this
    vulnerability exists because of an incomplete fix for
    CVE-2013-1821 and CVE-2014-8080.(CVE-2014-8090)

  - Algorithmic complexity vulnerability in
    Gem::Version::VERSION_PATTERN in
    lib/rubygems/version.rb in RubyGems before 1.8.23.1,
    1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x
    before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247,
    allows remote attackers to cause a denial of service
    (CPU consumption) via a crafted gem version that
    triggers a large amount of backtracking in a regular
    expression.(CVE-2013-4287)

  - The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x
    before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote
    attackers to cause a denial of service (memory
    consumption) via a crafted XML document, aka an XML
    Entity Expansion (XEE) attack.(CVE-2014-8080)

  - The OpenSSL::SSL.verify_certificate_identity function
    in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374,
    1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does
    not properly handle a '\\0' character in a domain name
    in the Subject Alternative Name field of an X.509
    certificate, which allows man-in-the-middle attackers
    to spoof arbitrary SSL servers via a crafted
    certificate issued by a legitimate Certification
    Authority, a related issue to
    CVE-2009-2408.(CVE-2013-4073)

  - The rb_get_path_check function in file.c in Ruby 1.9.3
    before patchlevel 286 and Ruby 2.0.0 before r37163
    allows context-dependent attackers to create files in
    unexpected locations or with unexpected names via a NUL
    byte in a file path.(CVE-2012-4522)

  - (1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3
    patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do
    not perform taint checking for native functions, which
    allows context-dependent attackers to bypass intended
    $SAFE level restrictions.(CVE-2013-2065)

  - Algorithmic complexity vulnerability in
    Gem::Version::ANCHORED_VERSION_PATTERN in
    lib/rubygems/version.rb in RubyGems before 1.8.23.2,
    1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x
    before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247,
    allows remote attackers to cause a denial of service
    (CPU consumption) via a crafted gem version that
    triggers a large amount of backtracking in a regular
    expression. NOTE: this issue is due to an incomplete
    fix for CVE-2013-4287.(CVE-2013-4363)

  - Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before
    r37575 computes hash values without properly
    restricting the ability to trigger hash collisions
    predictably, which allows context-dependent attackers
    to cause a denial of service (CPU consumption) via
    crafted input to an application that maintains a hash
    table, as demonstrated by a universal multicollision
    attack against a variant of the MurmurHash2 algorithm,
    a different vulnerability than
    CVE-2011-4815.(CVE-2012-5371)

  - Off-by-one error in the encodes function in pack.c in
    Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when
    using certain format string specifiers, allows
    context-dependent attackers to cause a denial of
    service (segmentation fault) via vectors that trigger a
    stack-based buffer overflow.(CVE-2014-4975)

  - Heap-based buffer overflow in Ruby 1.8, 1.9 before
    1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0
    preview2, and trunk before revision 43780 allows
    context-dependent attackers to cause a denial of
    service (segmentation fault) and possibly execute
    arbitrary code via a string that is converted to a
    floating point value, as demonstrated using (1) the
    to_f method or (2) JSON.parse.(CVE-2013-4164)

  - It was found that the methods from the Dir class did
    not properly handle strings containing the NULL byte.
    An attacker, able to inject NULL bytes in a path, could
    possibly trigger an unspecified behavior of the ruby
    script.(CVE-2018-8780)

  - Ruby 1.9.3 before patchlevel 286 and 2.0 before
    revision r37068 allows context-dependent attackers to
    bypass safe-level restrictions and modify untainted
    strings via the (1) exc_to_s or (2) name_err_to_s API
    function, which marks the string as tainted, a
    different vulnerability than CVE-2012-4466. NOTE: this
    issue might exist because of a CVE-2011-1005
    regression.(CVE-2012-4464)

  - An issue was discovered in the OpenSSL library in Ruby
    before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2,
    and 2.6.x before 2.6.0-preview3. When two
    OpenSSL::X509::Name objects are compared using ==,
    depending on the ordering, non-equal objects may return
    true. When the first argument is one character longer
    than the second, or the second argument contains a
    character that is one less than a character in the same
    position of the first argument, the result of == will
    be true. This could be leveraged to create an
    illegitimate certificate that may be accepted as
    legitimate and then used in signing or encryption
    operations.(CVE-2018-16395)

  - An issue was discovered in Ruby before 2.3.8, 2.4.x
    before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before
    2.6.0-preview3. It does not taint strings that result
    from unpacking tainted strings with some
    formats.(CVE-2018-16396)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1428
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?81cbe7ae");
  script_set_attribute(attribute:"solution", value:
"Update the affected ruby packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8780");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/05/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ruby");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ruby-irb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ruby-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-bigdecimal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-io-console");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-psych");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-rdoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygems");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["ruby-2.0.0.648-33.h12",
        "ruby-irb-2.0.0.648-33.h12",
        "ruby-libs-2.0.0.648-33.h12",
        "rubygem-bigdecimal-1.2.0-33.h12",
        "rubygem-io-console-0.4.2-33.h12",
        "rubygem-json-1.7.7-33.h12",
        "rubygem-psych-2.0.0-33.h12",
        "rubygem-rdoc-4.0.0-33.h12",
        "rubygems-2.0.14.1-33.h12"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby");
}
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_5E647CA32AEA11E2B745001FD0AF1A4C.NASL
    descriptionThe official ruby site reports : Carefully crafted sequence of strings can cause a denial of service attack on the service that parses the sequence to create a Hash object by using the strings as keys. For instance, this vulnerability affects web application that parses the JSON data sent from untrusted entity. This vulnerability is similar to CVS-2011-4815 for ruby 1.8.7. ruby 1.9 versions were using modified MurmurHash function but it
    last seen2020-06-01
    modified2020-06-02
    plugin id62886
    published2012-11-12
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62886
    titleFreeBSD : ruby -- Hash-flooding DoS vulnerability for ruby 1.9 (5e647ca3-2aea-11e2-b745-001fd0af1a4c)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-263.NASL
    descriptionTwo vulnerabilities were identified in the Ruby language interpreter, version 1.9.1. CVE-2012-5371 Jean-Philippe Aumasson identified that Ruby computed hash values without properly restricting the ability to trigger hash collisions predictably, allowing context-dependent attackers to cause a denial of service (CPU consumption). This is a different vulnerability than CVE-2011-4815. CVE-2013-0269 Thomas Hollstegge and Ben Murphy found that the JSON gem for Ruby allowed remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects. For the squeeze distribution, theses vulnerabilities have been fixed in version 1.9.2.0-2+deb6u5 of ruby1.9.1. We recommend that you upgrade your ruby1.9.1 package. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-07-02
    plugin id84494
    published2015-07-02
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84494
    titleDebian DLA-263-1 : ruby1.9.1 security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1733-1.NASL
    descriptionJean-Philippe Aumasson discovered that Ruby incorrectly generated predictable hash values. An attacker could use this issue to generate hash collisions and cause a denial of service. (CVE-2012-5371) Evgeny Ermakov discovered that documentation generated by rdoc is vulnerable to a cross-site scripting issue. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. (CVE-2013-0256) Thomas Hollstegge and Ben Murphy discovered that the JSON implementation in Ruby incorrectly handled certain crafted documents. An attacker could use this issue to cause a denial of service or bypass certain protection mechanisms. (CVE-2013-0269). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id64799
    published2013-02-22
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64799
    titleUbuntu 12.04 LTS / 12.10 : ruby1.9.1 vulnerabilities (USN-1733-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-17949.NASL
    descriptionA security flaw was found on ruby currently shiped on Fedora 18 that carefully crafted sequence of strings may cause a denial of service attack on the service that parses the sequence to create a Hash object by using the strings as keys. This issue is now registered as CVE-2012-5371. This new package should fix this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-11-26
    plugin id63030
    published2012-11-26
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63030
    titleFedora 18 : ruby-1.9.3.327-22.fc18 (2012-17949)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-18017.NASL
    descriptionA security flaw was found on ruby currently shiped on Fedora 18 that carefully crafted sequence of strings may cause a denial of service attack on the service that parses the sequence to create a Hash object by using the strings as keys. This issue is now registered as CVE-2012-5371. This new package should fix this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-11-19
    plugin id62955
    published2012-11-19
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62955
    titleFedora 17 : ruby-1.9.3.327-19.fc17 (2012-18017)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-167.NASL
    descriptionruby19 was updated to fix various bugs and security issues: Update to 1.9.3 p385 (bnc#802406) - XSS exploit of RDoc documentation generated by rdoc (CVE-2013-0256) - for other changes see /usr/share/doc/packages/ruby19/Changelog Update to 1.9.3 p327 (bnc#789983) - CVE-2012-5371 and plenty of other fixes Update to 1.9.3 p286 (bnc#783511, bnc#791199) - This release includes some security fixes, and many other bug fixes. $SAFE escaping vulnerability about Exception#to_s / NameError#to_s (CVE-2012-4464, CVE-2012-4466) - Unintentional file creation caused by inserting an illegal NUL character many other bug fixes. (CVE-2012-4522) Also following bugfixes and packaging fixes were done : - make sure the rdoc output is more stable for build-compare (new patch ruby-sort-rdoc-output.patch) - readd the private header *atomic.h - remove build depencency on ca certificates - only causing cycles - one more header needed for rubygem-ruby-debug-base19 - install vm_core.h and its dependencies as ruby-devel-extra - move the provides to the ruby package instead - add provides for the internal gems - restore the old ruby macros and the gem wrapper script - gem_install_wrapper no longer necessary
    last seen2020-06-05
    modified2014-06-13
    plugin id74909
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74909
    titleopenSUSE Security Update : ruby19 (openSUSE-SU-2013:0376-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201412-27.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201412-27 (Ruby: Denial of Service) Multiple vulnerabilities have been discovered in Ruby. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or bypass security restrictions. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id79980
    published2014-12-15
    reporterThis script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79980
    titleGLSA-201412-27 : Ruby: Denial of Service
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0582.NASL
    descriptionRed Hat OpenShift Enterprise 1.1.1 is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenShift Enterprise is a cloud computing Platform-as-a-Service (PaaS) solution from Red Hat, and is designed for on-premise or private cloud deployments. Installing the updated packages and restarting the OpenShift services are the only requirements for this update. However, if you are updating your system to Red Hat Enterprise Linux 6.4 while applying OpenShift Enterprise 1.1.1 updates, it is recommended that you restart your system. For further information about this release, refer to the OpenShift Enterprise 1.1.1 Technical Notes, available shortly from https://access.redhat.com/knowledge/docs/ This update also fixes the following security issues : Multiple cross-site scripting (XSS) flaws were found in rubygem-actionpack. A remote attacker could use these flaws to conduct XSS attacks against users of an application using rubygem-actionpack. (CVE-2012-3463, CVE-2012-3464, CVE-2012-3465) It was found that certain methods did not sanitize file names before passing them to lower layer routines in Ruby. If a Ruby application created files with names based on untrusted input, it could result in the creation of files with different names than expected. (CVE-2012-4522) A denial of service flaw was found in the implementation of associative arrays (hashes) in Ruby. An attacker able to supply a large number of inputs to a Ruby application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, a new, more collision resistant algorithm has been used to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-5371) Input validation vulnerabilities were discovered in rubygem-activerecord. A remote attacker could possibly use these flaws to perform a SQL injection attack against an application using rubygem-activerecord. (CVE-2012-2661, CVE-2012-2695, CVE-2013-0155) Input validation vulnerabilities were discovered in rubygem-actionpack. A remote attacker could possibly use these flaws to perform a SQL injection attack against an application using rubygem-actionpack and rubygem-activerecord. (CVE-2012-2660, CVE-2012-2694) A flaw was found in the HTTP digest authentication implementation in rubygem-actionpack. A remote attacker could use this flaw to cause a denial of service of an application using rubygem-actionpack and digest authentication. (CVE-2012-3424) A flaw was found in the handling of strings in Ruby safe level 4. A remote attacker can use Exception#to_s to destructively modify an untainted string so that it is tainted, the string can then be arbitrarily modified. (CVE-2012-4466) A flaw was found in the method for translating an exception message into a string in the Ruby Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent. (CVE-2012-4464) It was found that ruby_parser from rubygem-ruby_parser created a temporary file in an insecure way. A local attacker could use this flaw to perform a symbolic link attack, overwriting arbitrary files accessible to the application using ruby_parser. (CVE-2013-0162) The CVE-2013-0162 issue was discovered by Michael Scherer of the Red Hat Regional IT team. Users are advised to upgrade to Red Hat OpenShift Enterprise 1.1.1.
    last seen2020-06-10
    modified2018-12-06
    plugin id119432
    published2018-12-06
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119432
    titleRHEL 6 : openshift (RHSA-2013:0582)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2012-341-04.NASL
    descriptionNew ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id63170
    published2012-12-07
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63170
    titleSlackware 13.1 / 13.37 / 14.0 / current : ruby (SSA:2012-341-04)

Redhat

rpms
  • graphviz-0:2.26.0-10.el6
  • graphviz-debuginfo-0:2.26.0-10.el6
  • graphviz-devel-0:2.26.0-10.el6
  • graphviz-doc-0:2.26.0-10.el6
  • graphviz-gd-0:2.26.0-10.el6
  • graphviz-ruby-0:2.26.0-10.el6
  • openshift-console-0:0.0.16-1.el6op
  • openshift-origin-broker-0:1.0.11-1.el6op
  • openshift-origin-broker-util-0:1.0.15-1.el6op
  • openshift-origin-cartridge-cron-1.4-0:1.0.3-1.el6op
  • openshift-origin-cartridge-diy-0.1-0:1.0.3-1.el6op
  • openshift-origin-cartridge-haproxy-1.4-0:1.0.4-1.el6op
  • openshift-origin-cartridge-jbosseap-6.0-0:1.0.4-1.el6op
  • openshift-origin-cartridge-jbossews-1.0-0:1.0.13-1.el6op
  • openshift-origin-cartridge-jenkins-1.4-0:1.0.2-1.el6op
  • openshift-origin-cartridge-jenkins-client-1.4-0:1.0.2-1.el6op
  • openshift-origin-cartridge-mysql-5.1-0:1.0.5-1.el6op
  • openshift-origin-cartridge-perl-5.10-0:1.0.3-1.el6op
  • openshift-origin-cartridge-php-5.3-0:1.0.5-1.el6op
  • openshift-origin-cartridge-postgresql-8.4-0:1.0.3-2.el6op
  • openshift-origin-cartridge-ruby-1.8-0:1.0.7-1.el6op
  • openshift-origin-cartridge-ruby-1.9-scl-0:1.0.8-1.el6op
  • openshift-origin-msg-node-mcollective-0:1.0.3-1.el6op
  • php-bcmath-0:5.3.3-22.el6
  • php-debuginfo-0:5.3.3-22.el6
  • php-devel-0:5.3.3-22.el6
  • php-imap-0:5.3.3-22.el6
  • php-mbstring-0:5.3.3-22.el6
  • php-process-0:5.3.3-22.el6
  • ruby193-ruby-0:1.9.3.327-25.el6
  • ruby193-ruby-debuginfo-0:1.9.3.327-25.el6
  • ruby193-ruby-devel-0:1.9.3.327-25.el6
  • ruby193-ruby-doc-0:1.9.3.327-25.el6
  • ruby193-ruby-irb-0:1.9.3.327-25.el6
  • ruby193-ruby-libs-0:1.9.3.327-25.el6
  • ruby193-ruby-tcltk-0:1.9.3.327-25.el6
  • ruby193-rubygem-actionpack-1:3.2.8-3.el6
  • ruby193-rubygem-actionpack-doc-1:3.2.8-3.el6
  • ruby193-rubygem-activemodel-0:3.2.8-2.el6
  • ruby193-rubygem-activemodel-doc-0:3.2.8-2.el6
  • ruby193-rubygem-activerecord-1:3.2.8-3.el6
  • ruby193-rubygem-activerecord-doc-1:3.2.8-3.el6
  • ruby193-rubygem-bigdecimal-0:1.1.0-25.el6
  • ruby193-rubygem-io-console-0:0.3-25.el6
  • ruby193-rubygem-json-0:1.5.4-25.el6
  • ruby193-rubygem-minitest-0:2.5.1-25.el6
  • ruby193-rubygem-railties-0:3.2.8-2.el6
  • ruby193-rubygem-railties-doc-0:3.2.8-2.el6
  • ruby193-rubygem-rake-0:0.9.2.2-25.el6
  • ruby193-rubygem-rdoc-0:3.9.4-25.el6
  • ruby193-rubygem-ruby_parser-0:2.3.1-3.el6op
  • ruby193-rubygem-ruby_parser-doc-0:2.3.1-3.el6op
  • ruby193-rubygems-0:1.8.23-25.el6
  • ruby193-rubygems-devel-0:1.8.23-25.el6
  • rubygem-actionpack-1:3.0.13-4.el6op
  • rubygem-activemodel-0:3.0.13-3.el6op
  • rubygem-activemodel-doc-0:3.0.13-3.el6op
  • rubygem-activerecord-1:3.0.13-5.el6op
  • rubygem-bson-0:1.8.1-2.el6op
  • rubygem-mongo-0:1.8.1-2.el6op
  • rubygem-mongo-doc-0:1.8.1-2.el6op
  • rubygem-openshift-origin-auth-remote-user-0:1.0.5-1.el6op
  • rubygem-openshift-origin-console-0:1.0.10-1.el6op
  • rubygem-openshift-origin-console-doc-0:1.0.10-1.el6op
  • rubygem-openshift-origin-controller-0:1.0.12-1.el6op
  • rubygem-openshift-origin-node-0:1.0.11-1.el6op
  • rubygem-ruby_parser-0:2.0.4-6.el6op
  • rubygem-ruby_parser-doc-0:2.0.4-6.el6op

References