Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.0271
Moderate: CloudForms Common 1.1.2 update
22 February 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: CloudForms Common
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 6
Impact/Access: Overwrite Arbitrary Files -- Existing Account
Denial of Service -- Remote/Unauthenticated
Cross-site Scripting -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2013-0256 CVE-2013-0184 CVE-2013-0183
CVE-2013-0162 CVE-2012-6109
Reference: ASB-2013.0017
ESB-2013.0267
Original Bulletin:
https://rhn.redhat.com/errata/RHSA-2013-0548.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: CloudForms Common 1.1.2 update
Advisory ID: RHSA-2013:0548-01
Product: Red Hat CloudForms
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0548.html
Issue date: 2013-02-21
CVE Names: CVE-2012-6109 CVE-2013-0162 CVE-2013-0183
CVE-2013-0184 CVE-2013-0256
=====================================================================
1. Summary:
CloudForms Common 1.1.2 is now available.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
CloudForms Cloud Engine for RHEL 6 Server - noarch, x86_64
CloudForms System Engine for RHEL 6 Server - noarch, x86_64
3. Description:
Red Hat CloudForms is an on-premise hybrid cloud
Infrastructure-as-a-Service (IaaS) product that lets you create and manage
private and public clouds. It provides self-service computing resources to
users in a managed, governed, and secure way.
Three flaws were found in rubygem-rack. A remote attacker could use these
flaws to perform a denial of service attack against applications using
rubygem-rack. (CVE-2012-6109, CVE-2013-0183, CVE-2013-0184)
It was found that documentation created by rubygem-rdoc was vulnerable to
a cross-site scripting (XSS) attack. If such documentation was accessible
over a network, and a remote attacker could trick a user into visiting a
specially-crafted URL, it would lead to arbitrary web script execution in
the context of the user's session. As rubygem-rdoc is used for creating
documentation for Ruby source files (such as classes, modules, and so on),
it is not a common scenario to make such documentation accessible over the
network. (CVE-2013-0256)
It was found that ruby_parser from rubygem-ruby_parser created a temporary
file in an insecure way. A local attacker could use this flaw to perform a
symbolic link attack, overwriting arbitrary files accessible to the
application using ruby_parser. (CVE-2013-0162)
Red Hat would like to thank Eric Hodel of RDoc upstream for reporting
CVE-2013-0256. Upstream acknowledges Evgeny Ermakov as the original
reporter of CVE-2013-0256. The CVE-2013-0162 issue was discovered by
Michael Scherer of the Red Hat Regional IT team.
Refer to the CloudForms 1.1.2 Release Notes for further information about
this release. The Release Notes will be available shortly from
https://access.redhat.com/knowledge/docs/
Users of CloudForms Common are advised to upgrade to these updated
packages.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
892806 - CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage
895277 - CVE-2012-6109 rubygem-rack: parsing Content-Disposition header DoS
895282 - CVE-2013-0183 rubygem-rack: receiving excessively long lines triggers out-of-memory error
895384 - CVE-2013-0184 rubygem-rack: Rack::Auth::AbstractRequest DoS
907820 - CVE-2013-0256 rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template
6. Package List:
CloudForms Cloud Engine for RHEL 6 Server:
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/rubygem-activesupport-3.0.10-10.el6cf.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/rubygem-delayed_job-2.1.4-3.el6cf.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/rubygem-nokogiri-1.5.0-0.9.beta4.el6cf.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/rubygem-rack-1.3.0-3.el6cf.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/rubygem-rails_warden-0.5.5-2.el6cf.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/rubygem-rdoc-3.8-6.el6cf.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/rubygem-rspec-rails-2.6.1-7.el6cf.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/rubygem-ruby_parser-2.0.4-6.el6cf.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/rubygem-shoulda-2.11.3-5.el6cf.src.rpm
noarch:
rubygem-activesupport-3.0.10-10.el6cf.noarch.rpm
rubygem-delayed_job-2.1.4-3.el6cf.noarch.rpm
rubygem-delayed_job-doc-2.1.4-3.el6cf.noarch.rpm
rubygem-nokogiri-doc-1.5.0-0.9.beta4.el6cf.noarch.rpm
rubygem-rack-1.3.0-3.el6cf.noarch.rpm
rubygem-rails_warden-0.5.5-2.el6cf.noarch.rpm
rubygem-rails_warden-doc-0.5.5-2.el6cf.noarch.rpm
rubygem-rdoc-3.8-6.el6cf.noarch.rpm
rubygem-rdoc-doc-3.8-6.el6cf.noarch.rpm
rubygem-rspec-rails-2.6.1-7.el6cf.noarch.rpm
rubygem-rspec-rails-doc-2.6.1-7.el6cf.noarch.rpm
rubygem-ruby_parser-2.0.4-6.el6cf.noarch.rpm
rubygem-ruby_parser-doc-2.0.4-6.el6cf.noarch.rpm
rubygem-shoulda-2.11.3-5.el6cf.noarch.rpm
rubygem-shoulda-doc-2.11.3-5.el6cf.noarch.rpm
x86_64:
ruby-nokogiri-1.5.0-0.9.beta4.el6cf.x86_64.rpm
rubygem-nokogiri-1.5.0-0.9.beta4.el6cf.x86_64.rpm
rubygem-nokogiri-debuginfo-1.5.0-0.9.beta4.el6cf.x86_64.rpm
CloudForms System Engine for RHEL 6 Server:
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/rubygem-activesupport-3.0.10-10.el6cf.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/rubygem-delayed_job-2.1.4-3.el6cf.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/rubygem-nokogiri-1.5.0-0.9.beta4.el6cf.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/rubygem-rack-1.3.0-3.el6cf.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/rubygem-rails_warden-0.5.5-2.el6cf.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/rubygem-rdoc-3.8-6.el6cf.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/rubygem-ruby_parser-2.0.4-6.el6cf.src.rpm
noarch:
rubygem-activesupport-3.0.10-10.el6cf.noarch.rpm
rubygem-delayed_job-2.1.4-3.el6cf.noarch.rpm
rubygem-delayed_job-doc-2.1.4-3.el6cf.noarch.rpm
rubygem-nokogiri-doc-1.5.0-0.9.beta4.el6cf.noarch.rpm
rubygem-rack-1.3.0-3.el6cf.noarch.rpm
rubygem-rails_warden-0.5.5-2.el6cf.noarch.rpm
rubygem-rails_warden-doc-0.5.5-2.el6cf.noarch.rpm
rubygem-rdoc-3.8-6.el6cf.noarch.rpm
rubygem-rdoc-doc-3.8-6.el6cf.noarch.rpm
rubygem-ruby_parser-2.0.4-6.el6cf.noarch.rpm
rubygem-ruby_parser-doc-2.0.4-6.el6cf.noarch.rpm
x86_64:
ruby-nokogiri-1.5.0-0.9.beta4.el6cf.x86_64.rpm
rubygem-nokogiri-1.5.0-0.9.beta4.el6cf.x86_64.rpm
rubygem-nokogiri-debuginfo-1.5.0-0.9.beta4.el6cf.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-6109.html
https://www.redhat.com/security/data/cve/CVE-2013-0162.html
https://www.redhat.com/security/data/cve/CVE-2013-0183.html
https://www.redhat.com/security/data/cve/CVE-2013-0184.html
https://www.redhat.com/security/data/cve/CVE-2013-0256.html
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/knowledge/docs/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRJnS3XlSAg2UNWIIRAqlfAJ9IdWzwR1jRVkigqRmIspu4cz7MfACfcSMq
dDqeZ5fkafTxBkjC5g2S5oE=
=xVia
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUScUr+4yVqjM2NGpAQL2SA//fnOHKaWeKUFHSkyBEi6NNuWaLSbJmXmY
Ew/KNhnHPwIejKSlSBrzNZjDvhp7D7cUa18VZZs32lULm/p8R+e/QpQUUevjrpid
t9fhWdyoVlvHZ0gRSIwW5SZECJk8/voRwHBp2mVP70fZ5MAshLmXCikiF3Tmr3oH
4HVjIMIyd+WvkPfM+oQ0OHQ7nONXQYQkUf1Vt+FYe8FLcTWFgB4M2JiLkJujwoxy
ljO/cwTp2I7mHCY03Qn/o6PGQoirRfp48uRdUMI9Wh1xL16YCtoWR49RgDUEELYI
xDkP2ZHdt7/Hj2GpVPkp8Dm6YVcSmfT3bXOzu7a5wNSMi82OpRn+CO9jeAjpHO3N
tqTmrP7kmicesid6DCfwp/W4Hl/6NEiclzMOXylDPLYMwmYwIEERAfJUdnrjBFEQ
PlHR/u3gsgIOkmSnlsZ1goSXjbSz271404NFtlfLowevrObDGA2xrOs+JdbYcm9i
5MAwRXOs0xBTYIIn8/veVMlwN5Yau0/Hpy8wo5VERXQV7/youMPKwrxeRKJVJKvt
sIqoSwzNJiRxDvWJvYtAtA5f8SzZkVdi+PghddytBgpiUPIe0AQ0PglY15F2ROy3
LWTI7pDHNlAxLNFjMd+AlAhcxKG/E0zN5YlIt2Q4Lqll69IC9TuEx165GLQ53rlZ
ENNFVDyaZ1c=
=cibh
-----END PGP SIGNATURE-----