Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.0308
Moderate: Red Hat OpenShift Enterprise 1.1.1 update
1 March 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Red Hat OpenShift Enterprise
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Modify Arbitrary Files -- Remote/Unauthenticated
Create Arbitrary Files -- Remote/Unauthenticated
Overwrite Arbitrary Files -- Existing Account
Denial of Service -- Remote/Unauthenticated
Cross-site Scripting -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2013-0162 CVE-2013-0155 CVE-2012-5371
CVE-2012-4522 CVE-2012-4466 CVE-2012-4464
CVE-2012-3465 CVE-2012-3464 CVE-2012-3463
CVE-2012-3424 CVE-2012-2695 CVE-2012-2694
CVE-2012-2661 CVE-2012-2660
Reference: ASB-2012.0157
ASB-2012.0141
ASB-2012.0113
ASB-2012.0111
ESB-2013.0271
ESB-2013.0267
ESB-2013.0069
ESB-2013.0043
ESB-2012.1146
Original Bulletin:
https://rhn.redhat.com/errata/RHSA-2013-0582.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat OpenShift Enterprise 1.1.1 update
Advisory ID: RHSA-2013:0582-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0582.html
Issue date: 2013-02-28
CVE Names: CVE-2012-2660 CVE-2012-2661 CVE-2012-2694
CVE-2012-2695 CVE-2012-3424 CVE-2012-3463
CVE-2012-3464 CVE-2012-3465 CVE-2012-4464
CVE-2012-4466 CVE-2012-4522 CVE-2012-5371
CVE-2013-0155 CVE-2013-0162
=====================================================================
1. Summary:
Red Hat OpenShift Enterprise 1.1.1 is now available.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat OpenShift Enterprise Infrastructure - noarch, x86_64
Red Hat OpenShift Enterprise JBoss EAP add-on - noarch
Red Hat OpenShift Enterprise Node - noarch, x86_64
3. Description:
OpenShift Enterprise is a cloud computing Platform-as-a-Service (PaaS)
solution from Red Hat, and is designed for on-premise or private cloud
deployments.
Installing the updated packages and restarting the OpenShift services are
the only requirements for this update. However, if you are updating your
system to Red Hat Enterprise Linux 6.4 while applying OpenShift Enterprise
1.1.1 updates, it is recommended that you restart your system.
For further information about this release, refer to the OpenShift
Enterprise 1.1.1 Technical Notes, available shortly from
https://access.redhat.com/knowledge/docs/
This update also fixes the following security issues:
Multiple cross-site scripting (XSS) flaws were found in rubygem-actionpack.
A remote attacker could use these flaws to conduct XSS attacks against
users of an application using rubygem-actionpack. (CVE-2012-3463,
CVE-2012-3464, CVE-2012-3465)
It was found that certain methods did not sanitize file names before
passing them to lower layer routines in Ruby. If a Ruby application created
files with names based on untrusted input, it could result in the creation
of files with different names than expected. (CVE-2012-4522)
A denial of service flaw was found in the implementation of associative
arrays (hashes) in Ruby. An attacker able to supply a large number of
inputs to a Ruby application (such as HTTP POST request parameters sent to
a web application) that are used as keys when inserting data into an array
could trigger multiple hash function collisions, making array operations
take an excessive amount of CPU time. To mitigate this issue, a new, more
collision resistant algorithm has been used to reduce the chance of an
attacker successfully causing intentional collisions. (CVE-2012-5371)
Input validation vulnerabilities were discovered in rubygem-activerecord.
A remote attacker could possibly use these flaws to perform an SQL
injection attack against an application using rubygem-activerecord.
(CVE-2012-2661, CVE-2012-2695, CVE-2013-0155)
Input validation vulnerabilities were discovered in rubygem-actionpack. A
remote attacker could possibly use these flaws to perform an SQL injection
attack against an application using rubygem-actionpack and
rubygem-activerecord. (CVE-2012-2660, CVE-2012-2694)
A flaw was found in the HTTP digest authentication implementation in
rubygem-actionpack. A remote attacker could use this flaw to cause a
denial of service of an application using rubygem-actionpack and digest
authentication. (CVE-2012-3424)
A flaw was found in the handling of strings in Ruby safe level 4. A remote
attacker can use Exception#to_s to destructively modify an untainted string
so that it is tainted, the string can then be arbitrarily modified.
(CVE-2012-4466)
A flaw was found in the method for translating an exception message into a
string in the Ruby Exception class. A remote attacker could use this flaw
to bypass safe level 4 restrictions, allowing untrusted (tainted) code to
modify arbitrary, trusted (untainted) strings, which safe level 4
restrictions would otherwise prevent. (CVE-2012-4464)
It was found that ruby_parser from rubygem-ruby_parser created a temporary
file in an insecure way. A local attacker could use this flaw to perform a
symbolic link attack, overwriting arbitrary files accessible to the
application using ruby_parser. (CVE-2013-0162)
The CVE-2013-0162 issue was discovered by Michael Scherer of the Red Hat
Regional IT team.
Users are advised to upgrade to Red Hat OpenShift Enterprise 1.1.1.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
827353 - CVE-2012-2660 rubygem-actionpack: Unsafe query generation
827363 - CVE-2012-2661 rubygem-activerecord: SQL injection when processing nested query paramaters
831573 - CVE-2012-2695 rubygem-activerecord: SQL injection when processing nested query paramaters (a different flaw than CVE-2012-2661)
831581 - CVE-2012-2694 rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660)
843711 - CVE-2012-3424 rubygem-actionpack: DoS vulnerability in authenticate_or_request_with_http_digest
847196 - CVE-2012-3463 rubygem-actionpack: potential XSS vulnerability in select_tag prompt
847199 - CVE-2012-3464 rubygem-actionpack: potential XSS vulnerability
847200 - CVE-2012-3465 rubygem-actionpack: XSS Vulnerability in strip_tags
862598 - CVE-2012-4464 ruby 1.9.3: Possibility to bypass Ruby's $SAFE (level 4) semantics
862614 - CVE-2012-4466 ruby: safe level bypass via name_err_mesg_to_str()
865940 - CVE-2012-4522 ruby: unintentional file creation caused by inserting an illegal NUL character
875236 - CVE-2012-5371 ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)
887353 - [Cartridge] Removing a cartridge leaves its info directory in place
889426 - The "scale your application" page for scalable app displayed not well
892806 - CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage
892866 - CVE-2013-0155 rubygem-actionpack, rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails
895347 - Should delete all the mongodb cartridge pages and the links about mongodb
895355 - Lack of a dot in domain create and update page
902412 - Warning message is seen when update rubygem-openshift-origin-auth-remote-user package.
902630 - Failed to reload openshift-broker service
903526 - Display overlaps when adding sshkey using long name in IE 9
903546 - Links to ruby-lang.org redirects to wrong url
905021 - Can not get environment variables from scalable php local gear.
905656 - [broker-util] oo-accept-broker doesn't summarize errors and set return code
906227 - The "Follow these steps to install the client" link on get started page of application will redirect to a page which has no expected content.
906845 - create default resource settings for AS/EAP/EWS carts
6. Package List:
Red Hat OpenShift Enterprise Infrastructure:
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/graphviz-2.26.0-10.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-console-0.0.16-1.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-broker-1.0.11-1.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-broker-util-1.0.15-1.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-ruby-1.9.3.327-25.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-actionpack-3.2.8-3.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-activemodel-3.2.8-2.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-activerecord-3.2.8-3.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-railties-3.2.8-2.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-ruby_parser-2.3.1-3.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-actionpack-3.0.13-4.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-activemodel-3.0.13-3.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-activerecord-3.0.13-5.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-bson-1.8.1-2.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-mongo-1.8.1-2.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-openshift-origin-auth-remote-user-1.0.5-1.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-openshift-origin-console-1.0.10-1.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-openshift-origin-controller-1.0.12-1.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-ruby_parser-2.0.4-6.el6op.src.rpm
noarch:
openshift-console-0.0.16-1.el6op.noarch.rpm
openshift-origin-broker-1.0.11-1.el6op.noarch.rpm
openshift-origin-broker-util-1.0.15-1.el6op.noarch.rpm
ruby193-ruby-irb-1.9.3.327-25.el6.noarch.rpm
ruby193-rubygem-actionpack-3.2.8-3.el6.noarch.rpm
ruby193-rubygem-actionpack-doc-3.2.8-3.el6.noarch.rpm
ruby193-rubygem-activemodel-3.2.8-2.el6.noarch.rpm
ruby193-rubygem-activemodel-doc-3.2.8-2.el6.noarch.rpm
ruby193-rubygem-activerecord-3.2.8-3.el6.noarch.rpm
ruby193-rubygem-activerecord-doc-3.2.8-3.el6.noarch.rpm
ruby193-rubygem-minitest-2.5.1-25.el6.noarch.rpm
ruby193-rubygem-railties-3.2.8-2.el6.noarch.rpm
ruby193-rubygem-railties-doc-3.2.8-2.el6.noarch.rpm
ruby193-rubygem-rake-0.9.2.2-25.el6.noarch.rpm
ruby193-rubygem-ruby_parser-2.3.1-3.el6op.noarch.rpm
ruby193-rubygem-ruby_parser-doc-2.3.1-3.el6op.noarch.rpm
ruby193-rubygems-1.8.23-25.el6.noarch.rpm
ruby193-rubygems-devel-1.8.23-25.el6.noarch.rpm
rubygem-actionpack-3.0.13-4.el6op.noarch.rpm
rubygem-activemodel-3.0.13-3.el6op.noarch.rpm
rubygem-activemodel-doc-3.0.13-3.el6op.noarch.rpm
rubygem-activerecord-3.0.13-5.el6op.noarch.rpm
rubygem-bson-1.8.1-2.el6op.noarch.rpm
rubygem-mongo-1.8.1-2.el6op.noarch.rpm
rubygem-mongo-doc-1.8.1-2.el6op.noarch.rpm
rubygem-openshift-origin-auth-remote-user-1.0.5-1.el6op.noarch.rpm
rubygem-openshift-origin-console-1.0.10-1.el6op.noarch.rpm
rubygem-openshift-origin-console-doc-1.0.10-1.el6op.noarch.rpm
rubygem-openshift-origin-controller-1.0.12-1.el6op.noarch.rpm
rubygem-ruby_parser-2.0.4-6.el6op.noarch.rpm
rubygem-ruby_parser-doc-2.0.4-6.el6op.noarch.rpm
x86_64:
graphviz-2.26.0-10.el6.x86_64.rpm
graphviz-debuginfo-2.26.0-10.el6.x86_64.rpm
graphviz-devel-2.26.0-10.el6.x86_64.rpm
graphviz-doc-2.26.0-10.el6.x86_64.rpm
graphviz-gd-2.26.0-10.el6.x86_64.rpm
graphviz-ruby-2.26.0-10.el6.x86_64.rpm
ruby193-ruby-1.9.3.327-25.el6.x86_64.rpm
ruby193-ruby-debuginfo-1.9.3.327-25.el6.x86_64.rpm
ruby193-ruby-devel-1.9.3.327-25.el6.x86_64.rpm
ruby193-ruby-doc-1.9.3.327-25.el6.x86_64.rpm
ruby193-ruby-libs-1.9.3.327-25.el6.x86_64.rpm
ruby193-ruby-tcltk-1.9.3.327-25.el6.x86_64.rpm
ruby193-rubygem-bigdecimal-1.1.0-25.el6.x86_64.rpm
ruby193-rubygem-io-console-0.3-25.el6.x86_64.rpm
ruby193-rubygem-json-1.5.4-25.el6.x86_64.rpm
ruby193-rubygem-rdoc-3.9.4-25.el6.x86_64.rpm
Red Hat OpenShift Enterprise JBoss EAP add-on:
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-jbosseap-6.0-1.0.4-1.el6op.src.rpm
noarch:
openshift-origin-cartridge-jbosseap-6.0-1.0.4-1.el6op.noarch.rpm
Red Hat OpenShift Enterprise Node:
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-cron-1.4-1.0.3-1.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-diy-0.1-1.0.3-1.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-haproxy-1.4-1.0.4-1.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-jbossews-1.0-1.0.13-1.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-jenkins-1.4-1.0.2-1.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-jenkins-client-1.4-1.0.2-1.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-mysql-5.1-1.0.5-1.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-perl-5.10-1.0.3-1.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-php-5.3-1.0.5-1.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-postgresql-8.4-1.0.3-2.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-ruby-1.8-1.0.7-1.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-ruby-1.9-scl-1.0.8-1.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-msg-node-mcollective-1.0.3-1.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/php-5.3.3-22.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-ruby-1.9.3.327-25.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-actionpack-3.2.8-3.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-activemodel-3.2.8-2.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-activerecord-3.2.8-3.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-railties-3.2.8-2.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-ruby_parser-2.3.1-3.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-activemodel-3.0.13-3.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-bson-1.8.1-2.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-openshift-origin-node-1.0.11-1.el6op.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-ruby_parser-2.0.4-6.el6op.src.rpm
noarch:
openshift-origin-cartridge-cron-1.4-1.0.3-1.el6op.noarch.rpm
openshift-origin-cartridge-diy-0.1-1.0.3-1.el6op.noarch.rpm
openshift-origin-cartridge-haproxy-1.4-1.0.4-1.el6op.noarch.rpm
openshift-origin-cartridge-jbossews-1.0-1.0.13-1.el6op.noarch.rpm
openshift-origin-cartridge-jenkins-1.4-1.0.2-1.el6op.noarch.rpm
openshift-origin-cartridge-jenkins-client-1.4-1.0.2-1.el6op.noarch.rpm
openshift-origin-cartridge-mysql-5.1-1.0.5-1.el6op.noarch.rpm
openshift-origin-cartridge-perl-5.10-1.0.3-1.el6op.noarch.rpm
openshift-origin-cartridge-php-5.3-1.0.5-1.el6op.noarch.rpm
openshift-origin-cartridge-postgresql-8.4-1.0.3-2.el6op.noarch.rpm
openshift-origin-cartridge-ruby-1.8-1.0.7-1.el6op.noarch.rpm
openshift-origin-cartridge-ruby-1.9-scl-1.0.8-1.el6op.noarch.rpm
openshift-origin-msg-node-mcollective-1.0.3-1.el6op.noarch.rpm
ruby193-ruby-irb-1.9.3.327-25.el6.noarch.rpm
ruby193-rubygem-actionpack-3.2.8-3.el6.noarch.rpm
ruby193-rubygem-actionpack-doc-3.2.8-3.el6.noarch.rpm
ruby193-rubygem-activemodel-3.2.8-2.el6.noarch.rpm
ruby193-rubygem-activemodel-doc-3.2.8-2.el6.noarch.rpm
ruby193-rubygem-activerecord-3.2.8-3.el6.noarch.rpm
ruby193-rubygem-activerecord-doc-3.2.8-3.el6.noarch.rpm
ruby193-rubygem-minitest-2.5.1-25.el6.noarch.rpm
ruby193-rubygem-railties-3.2.8-2.el6.noarch.rpm
ruby193-rubygem-railties-doc-3.2.8-2.el6.noarch.rpm
ruby193-rubygem-rake-0.9.2.2-25.el6.noarch.rpm
ruby193-rubygem-ruby_parser-2.3.1-3.el6op.noarch.rpm
ruby193-rubygem-ruby_parser-doc-2.3.1-3.el6op.noarch.rpm
ruby193-rubygems-1.8.23-25.el6.noarch.rpm
ruby193-rubygems-devel-1.8.23-25.el6.noarch.rpm
rubygem-activemodel-3.0.13-3.el6op.noarch.rpm
rubygem-activemodel-doc-3.0.13-3.el6op.noarch.rpm
rubygem-bson-1.8.1-2.el6op.noarch.rpm
rubygem-openshift-origin-node-1.0.11-1.el6op.noarch.rpm
rubygem-ruby_parser-2.0.4-6.el6op.noarch.rpm
rubygem-ruby_parser-doc-2.0.4-6.el6op.noarch.rpm
x86_64:
php-bcmath-5.3.3-22.el6.x86_64.rpm
php-debuginfo-5.3.3-22.el6.x86_64.rpm
php-devel-5.3.3-22.el6.x86_64.rpm
php-imap-5.3.3-22.el6.x86_64.rpm
php-mbstring-5.3.3-22.el6.x86_64.rpm
php-process-5.3.3-22.el6.x86_64.rpm
ruby193-ruby-1.9.3.327-25.el6.x86_64.rpm
ruby193-ruby-debuginfo-1.9.3.327-25.el6.x86_64.rpm
ruby193-ruby-devel-1.9.3.327-25.el6.x86_64.rpm
ruby193-ruby-doc-1.9.3.327-25.el6.x86_64.rpm
ruby193-ruby-libs-1.9.3.327-25.el6.x86_64.rpm
ruby193-ruby-tcltk-1.9.3.327-25.el6.x86_64.rpm
ruby193-rubygem-bigdecimal-1.1.0-25.el6.x86_64.rpm
ruby193-rubygem-io-console-0.3-25.el6.x86_64.rpm
ruby193-rubygem-json-1.5.4-25.el6.x86_64.rpm
ruby193-rubygem-rdoc-3.9.4-25.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-2660.html
https://www.redhat.com/security/data/cve/CVE-2012-2661.html
https://www.redhat.com/security/data/cve/CVE-2012-2694.html
https://www.redhat.com/security/data/cve/CVE-2012-2695.html
https://www.redhat.com/security/data/cve/CVE-2012-3424.html
https://www.redhat.com/security/data/cve/CVE-2012-3463.html
https://www.redhat.com/security/data/cve/CVE-2012-3464.html
https://www.redhat.com/security/data/cve/CVE-2012-3465.html
https://www.redhat.com/security/data/cve/CVE-2012-4464.html
https://www.redhat.com/security/data/cve/CVE-2012-4466.html
https://www.redhat.com/security/data/cve/CVE-2012-4522.html
https://www.redhat.com/security/data/cve/CVE-2012-5371.html
https://www.redhat.com/security/data/cve/CVE-2013-0155.html
https://www.redhat.com/security/data/cve/CVE-2013-0162.html
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/knowledge/docs/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRL6xiXlSAg2UNWIIRAlVbAKCigkNkfk2yzOLF5xlEoTc8ZcNkEACeOed6
Rti8t8cYCZRqOc9fSRHReJc=
=kVS7
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUTAhFu4yVqjM2NGpAQKPRg/7BeKMAIVN6kQYrXOEP+889NSZ67lJcs4o
lTeiDdlgAxOgZTtVQwX7pR+QlO6UaIo+L88Yb/gMOTxKWqCRtQI038fWBM4yuY1z
jW0VuKh74PASp3VPhbW/Zfx9YhCfqqa3iaiKH36XL8FerboEh000zlrRMnhY1082
o9XnZmyGBT33GyvlPRdhPs6SX11gKEqlFjq6OvmvrelB3njdqJy+cdmlncYhha+A
HyS7HNGj0WU+J5zRzrIyEqpMAPehGhkOTq+Xewf2HAk9/W0KL2hH4VcVhCw2pJgK
j3VJFyJI5xUq5kRqUZ6/cnr8PLBRD/hC2TOV0ugBLSizI/eFL/upMAZe8lUJmW+b
Knqic1UC5cqUY3yKPyidwYPYkebpL2VUh6CLAfF3zOWrr5Rsx2UG7kTG0o9OUqIv
yrc92UAMtAJcEaYxee2bar08zfp7X/9fNj1e1dT6iPRrNMH/aik0iXTN+Vk5IjvS
km4GHzaaR7qz/Msw7NMyfBUrKQzHiAI/jpdGIJREzaueXlPhGUL9PJHOy59fEmg9
ZhE5AwVlhI2MTwE//4QufkEbVRpIpO3ZZCYgEtmeDP9FoSpFMJyQFkauHE68wftZ
tSahMkQpQZbuKpBd/AfUEouxx3TRXs4XEn9l8LCK4aWu3ODNvrlhb0KIk5SOMj2X
rOuEyvpO/HM=
=21ag
-----END PGP SIGNATURE-----