Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2013:0701 - Security Advisory
Issued:
2013-04-02
Updated:
2013-04-02

RHSA-2013:0701 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: ruby193-ruby, rubygem-json and rubygem-rdoc security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated ruby193-ruby, rubygem-json and rubygem-rdoc packages that fix two
security issues are now available for Red Hat OpenShift Enterprise 1.1.3.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to do system management tasks.

A flaw in rubygem-json and ruby193-rubygem-json allowed remote attacks by
creating different types of malicious objects. For example, it could
initiate a denial of service attack through resource consumption by using a
JSON document to create arbitrary Ruby symbols, which were never garbage
collected. It could also be exploited to create internal objects which
could allow a SQL injection attack. (CVE-2013-0269)

It was found that documentation created by rubygem-rdoc and
ruby193-rubygem-rdoc was vulnerable to a cross-site scripting (XSS) attack.
If such documentation was accessible over a network, and a remote attacker
could trick a user into visiting a specially-crafted URL, it would lead to
arbitrary web script execution in the context of the user's session. As
rubygem-rdoc and ruby193-rubygem-rdoc are used for creating documentation
for Ruby source files (such as classes, modules, and so on), it is not a
common scenario to make such documentation accessible over the network.
(CVE-2013-0256)

Red Hat would like to thank Ruby on Rails upstream for reporting
CVE-2013-0269, and Eric Hodel of RDoc upstream for reporting CVE-2013-0256.
Upstream acknowledges Thomas Hollstegge of Zweitag and Ben Murphy as the
original reporters of CVE-2013-0269, and Evgeny Ermakov as the original
reporter of CVE-2013-0256.

Users of Red Hat OpenShift Enterprise 1.1.3 are advised to upgrade to these
updated packages, which correct these issues.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

  • Red Hat OpenShift Enterprise Infrastructure 1 x86_64
  • Red Hat OpenShift Enterprise Application Node 1 x86_64

Fixes

  • BZ - 907820 - CVE-2013-0256 rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template
  • BZ - 909029 - CVE-2013-0269 rubygem-json: Denial of Service and SQL Injection

CVEs

  • CVE-2013-0256
  • CVE-2013-0269

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Enterprise Infrastructure 1

SRPM
ruby193-ruby-1.9.3.327-28.el6.src.rpm SHA-256: be7eb3a952df989df8925308e5ce94c345487a602781c5efc26916d33e8fd0f3
rubygem-json-1.7.3-2.el6op.src.rpm SHA-256: 4311d65976755474ef91ceea6e493be0900d52b1d610ca4a592d33f9ce549412
rubygem-rdoc-3.8-9.el6op.src.rpm SHA-256: 1213ea18ab805a323c414976d0ca35980a4ec75e0972932ac5db62820e8a684e
x86_64
ruby193-ruby-1.9.3.327-28.el6.x86_64.rpm SHA-256: e693c1d2198c93e8f7e9ab80f9efffd9323f4419f794297efadf0c2b2950c3cd
ruby193-ruby-debuginfo-1.9.3.327-28.el6.x86_64.rpm SHA-256: d5551643d5d5f5df37aee86d266024d7b085c270047ffc5e2aa44e38df1c79ca
ruby193-ruby-devel-1.9.3.327-28.el6.x86_64.rpm SHA-256: bdde8afd9d55b51693ee756de2189728a256d7750dab91c82ba6fc7f97c3fdcb
ruby193-ruby-doc-1.9.3.327-28.el6.x86_64.rpm SHA-256: 5eb623e0a1aeac56e09fc05c6853a90748d55f95ea2d80a4815d54ef80957865
ruby193-ruby-irb-1.9.3.327-28.el6.noarch.rpm SHA-256: 7b97cad55305c46d89b7dd73a6f9c0038bd11a788f267b3a1d2c845acbebfbe9
ruby193-ruby-libs-1.9.3.327-28.el6.x86_64.rpm SHA-256: c2210de23b8c0aa72bc8635804e06f7a3097a0271c660d2f99c6a1433c325d63
ruby193-ruby-tcltk-1.9.3.327-28.el6.x86_64.rpm SHA-256: 6fcf7df621cedd6c272571f5fa6b02abc0a19c8d98a2c63cd77d14c62399cc1c
ruby193-rubygem-bigdecimal-1.1.0-28.el6.x86_64.rpm SHA-256: 04fb0e74258fbf4f234382cdcd576bd3d59ef4cf2603e5b7c694cb1d46dda9d5
ruby193-rubygem-io-console-0.3-28.el6.x86_64.rpm SHA-256: d5c0f43a0b41747053600d8214d75f0e5192c47127ebebeaf516493946f5dacb
ruby193-rubygem-json-1.5.4-28.el6.x86_64.rpm SHA-256: 7ae584da3d3a382b0026d820bc2ae2413d0f93f52e89a270ba4120b2a72c3c39
ruby193-rubygem-minitest-2.5.1-28.el6.noarch.rpm SHA-256: cd5f1b16487413f2d39f8b03c5062f87cf23f3b44fa0a6d34e33d9320d243d45
ruby193-rubygem-rake-0.9.2.2-28.el6.noarch.rpm SHA-256: ba5b576df0cab56d25af28fbf1e687b5eb5e596bad5088ba9080e63faf98d200
ruby193-rubygem-rdoc-3.9.4-28.el6.x86_64.rpm SHA-256: 9c87b83e6c5aad1207180b661a1f308bd40391a3bc20b856451d0462291f50c5
ruby193-rubygems-1.8.23-28.el6.noarch.rpm SHA-256: 5a5fbda4d219de420dac0b4e96015b2c9b455168061d05be1dcfb6e22ade47a5
ruby193-rubygems-devel-1.8.23-28.el6.noarch.rpm SHA-256: 1cf53831cbf6d385c6dead517b252f1e4f7d318efc5df2a96dd8767cf8ecfd1a
rubygem-json-1.7.3-2.el6op.x86_64.rpm SHA-256: 52083cd697a927899c6d84c012720a3296962022473e1ee40558eca1b09907df
rubygem-json-debuginfo-1.7.3-2.el6op.x86_64.rpm SHA-256: 9b984459b727a41aa8ca7c1a5ef3433129177a558c0b85629ddb3ba55eb3381e
rubygem-json-doc-1.7.3-2.el6op.noarch.rpm SHA-256: 110431effd815d12e9974c32f2966eb8b8a55ed02e84f628687b6e165afb4731
rubygem-rdoc-3.8-9.el6op.noarch.rpm SHA-256: f28254d901b81ac87fdd782af011b5190a4b72ed736bace457ee4572021cea25
rubygem-rdoc-doc-3.8-9.el6op.noarch.rpm SHA-256: e253519f1340610348fee80180dffb252c1954af3d6d331f43767a867ae92336

Red Hat OpenShift Enterprise Application Node 1

SRPM
ruby193-ruby-1.9.3.327-28.el6.src.rpm SHA-256: be7eb3a952df989df8925308e5ce94c345487a602781c5efc26916d33e8fd0f3
rubygem-json-1.7.3-2.el6op.src.rpm SHA-256: 4311d65976755474ef91ceea6e493be0900d52b1d610ca4a592d33f9ce549412
x86_64
ruby193-ruby-1.9.3.327-28.el6.x86_64.rpm SHA-256: e693c1d2198c93e8f7e9ab80f9efffd9323f4419f794297efadf0c2b2950c3cd
ruby193-ruby-debuginfo-1.9.3.327-28.el6.x86_64.rpm SHA-256: d5551643d5d5f5df37aee86d266024d7b085c270047ffc5e2aa44e38df1c79ca
ruby193-ruby-devel-1.9.3.327-28.el6.x86_64.rpm SHA-256: bdde8afd9d55b51693ee756de2189728a256d7750dab91c82ba6fc7f97c3fdcb
ruby193-ruby-doc-1.9.3.327-28.el6.x86_64.rpm SHA-256: 5eb623e0a1aeac56e09fc05c6853a90748d55f95ea2d80a4815d54ef80957865
ruby193-ruby-irb-1.9.3.327-28.el6.noarch.rpm SHA-256: 7b97cad55305c46d89b7dd73a6f9c0038bd11a788f267b3a1d2c845acbebfbe9
ruby193-ruby-libs-1.9.3.327-28.el6.x86_64.rpm SHA-256: c2210de23b8c0aa72bc8635804e06f7a3097a0271c660d2f99c6a1433c325d63
ruby193-ruby-tcltk-1.9.3.327-28.el6.x86_64.rpm SHA-256: 6fcf7df621cedd6c272571f5fa6b02abc0a19c8d98a2c63cd77d14c62399cc1c
ruby193-rubygem-bigdecimal-1.1.0-28.el6.x86_64.rpm SHA-256: 04fb0e74258fbf4f234382cdcd576bd3d59ef4cf2603e5b7c694cb1d46dda9d5
ruby193-rubygem-io-console-0.3-28.el6.x86_64.rpm SHA-256: d5c0f43a0b41747053600d8214d75f0e5192c47127ebebeaf516493946f5dacb
ruby193-rubygem-json-1.5.4-28.el6.x86_64.rpm SHA-256: 7ae584da3d3a382b0026d820bc2ae2413d0f93f52e89a270ba4120b2a72c3c39
ruby193-rubygem-minitest-2.5.1-28.el6.noarch.rpm SHA-256: cd5f1b16487413f2d39f8b03c5062f87cf23f3b44fa0a6d34e33d9320d243d45
ruby193-rubygem-rake-0.9.2.2-28.el6.noarch.rpm SHA-256: ba5b576df0cab56d25af28fbf1e687b5eb5e596bad5088ba9080e63faf98d200
ruby193-rubygem-rdoc-3.9.4-28.el6.x86_64.rpm SHA-256: 9c87b83e6c5aad1207180b661a1f308bd40391a3bc20b856451d0462291f50c5
ruby193-rubygems-1.8.23-28.el6.noarch.rpm SHA-256: 5a5fbda4d219de420dac0b4e96015b2c9b455168061d05be1dcfb6e22ade47a5
ruby193-rubygems-devel-1.8.23-28.el6.noarch.rpm SHA-256: 1cf53831cbf6d385c6dead517b252f1e4f7d318efc5df2a96dd8767cf8ecfd1a
rubygem-json-1.7.3-2.el6op.x86_64.rpm SHA-256: 52083cd697a927899c6d84c012720a3296962022473e1ee40558eca1b09907df
rubygem-json-debuginfo-1.7.3-2.el6op.x86_64.rpm SHA-256: 9b984459b727a41aa8ca7c1a5ef3433129177a558c0b85629ddb3ba55eb3381e
rubygem-json-doc-1.7.3-2.el6op.noarch.rpm SHA-256: 110431effd815d12e9974c32f2966eb8b8a55ed02e84f628687b6e165afb4731

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter