Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2013:0728 - Security Advisory
Issued:
2013-04-09
Updated:
2013-04-09

RHSA-2013:0728 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: rubygem packages security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

This update fixes one security issue in multiple rubygem packages for
Red Hat OpenShift Enterprise 1.1.3.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to do system management tasks.

It was found that documentation created by RDoc was vulnerable to a
cross-site scripting (XSS) attack. If such documentation was accessible
over a network, and a remote attacker could trick a user into visiting a
specially-crafted URL, it would lead to arbitrary web script execution in
the context of the user's session. As RDoc is used for creating
documentation for Ruby source files (such as classes, modules, and so on),
it is not a common scenario to make such documentation accessible over the
network. (CVE-2013-0256)

This update provides a number of updated rubygem packages that have had
their documentation regenerated with a corrected version of RDoc.

Red Hat would like to thank Eric Hodel of RDoc upstream for reporting this
issue. Upstream acknowledges Evgeny Ermakov as the original reporter.

Users of Red Hat OpenShift Enterprise 1.1.3 are advised to upgrade to these
updated packages, which correct this issue.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

  • Red Hat OpenShift Enterprise Infrastructure 1 x86_64
  • Red Hat OpenShift Enterprise Application Node 1 x86_64

Fixes

  • BZ - 907820 - CVE-2013-0256 rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template

CVEs

  • CVE-2013-0256

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Enterprise Infrastructure 1

SRPM
ruby193-rubygem-activesupport-3.2.8-4.el6.src.rpm SHA-256: 40865e75d859489c282fe7f0a2869ca9fbaba293a671c29121ac336d73358d57
ruby193-rubygem-bcrypt-ruby-3.0.1-7.el6.src.rpm SHA-256: 9ee81c1b925b0ac2f138781f3c9ff5d5d26f239c82bd4568c75676229fac6141
ruby193-rubygem-bson-1.5.2-6.el6op.src.rpm SHA-256: a47429b4a989bb59d6e93c625fd6ed73f00bb1bd1a29868e814a60fb1d92d64c
ruby193-rubygem-chunky_png-1.2.6-3.el6op.src.rpm SHA-256: 4619dc42f604a1d256fcdecddd169816336e354c59db4a016662a266908785a0
ruby193-rubygem-ci_reporter-1.7.2-4.el6op.src.rpm SHA-256: 46427828bb44fc6fe2cb326aa7b0ca1130dd2a54970452d771946d421f66ecc7
ruby193-rubygem-compass-0.12.2-4.el6op.src.rpm SHA-256: 00f33285690b21d0c9873984424aea6f372a294a09edefe1c5f296d2a3e49cd8
ruby193-rubygem-fastthread-1.0.7-7.el6op.src.rpm SHA-256: 814a69fb68475c86639808b290f4c859db4d4e1a988b199a672020f2247088d0
ruby193-rubygem-haml-3.1.7-3.el6op.src.rpm SHA-256: aec20fdf8296046baf87f80bdd56256f7e29fd6f8ac5ecc9a97471fc76c7766c
ruby193-rubygem-http_connection-1.4.1-7.el6.src.rpm SHA-256: 610bbe4bb9ac6884ae407dbbcc82ce271aee3383c4cdd1c854a7453514cdb9bd
ruby193-rubygem-rack-1.4.1-5.el6.src.rpm SHA-256: f2f72b6d63f16c4be0a48198aab052ff4e7553bb0aa99d5d7300f6b02529c777
ruby193-rubygem-rack-test-0.6.1-3.el6.src.rpm SHA-256: 4cfef811dd94a036d65b30dea988e31eff95e69560ccc7b008f18ae7b56d14e0
ruby193-rubygem-rspec-2.11.0-2.el6.src.rpm SHA-256: 17c6733e191758f632f2a37b92f59f4b826bb42c5e0dd3dc2bceedd72c627c9b
ruby193-rubygem-treetop-1.4.10-6.el6.src.rpm SHA-256: bb95ff4d97b1270ad9930396a76f1dfe40d97cb5b31016e916f3279a1520c713
ruby193-rubygem-xml-simple-1.0.12-10.el6op.src.rpm SHA-256: 8ad7b6b4f1cd96ff982bb5644effb3e350c383f71dca9a5490f34ca14be1c61f
x86_64
ruby193-rubygem-activesupport-3.2.8-4.el6.noarch.rpm SHA-256: 9d050e5537498b819daec2c9ab6204c5b05cd437209b42b325846d76b18a51a4
ruby193-rubygem-bcrypt-ruby-3.0.1-7.el6.x86_64.rpm SHA-256: 1223af4e234a62efd8861255a9404f7018b555ea50f71d7e16db6674777422e5
ruby193-rubygem-bcrypt-ruby-debuginfo-3.0.1-7.el6.x86_64.rpm SHA-256: 78a9a49a187a3b9802b8a46b96ff3ac3665aff3d74148dc6152e5c42b640497d
ruby193-rubygem-bson-1.5.2-6.el6op.noarch.rpm SHA-256: 58637ab3c8e2b94dee4eaf8c54c25baff4a0998c805efd8455f3f9edfa0f88f8
ruby193-rubygem-chunky_png-1.2.6-3.el6op.noarch.rpm SHA-256: 1cf031c8ed3b2f791f8518673a7e6aea711b48d8ef70add86ad991b0c4e444a8
ruby193-rubygem-ci_reporter-1.7.2-4.el6op.noarch.rpm SHA-256: 067b465344615d1423c1b758bdbb53702330b2d946f69af1f9d047ec6db1ee23
ruby193-rubygem-compass-0.12.2-4.el6op.noarch.rpm SHA-256: 3393493ad37c23f1f2373119c83a2d7731b0c1bf143bf323389bc7a163e1e61c
ruby193-rubygem-fastthread-1.0.7-7.el6op.x86_64.rpm SHA-256: de92a9614bc44cdd6707f0964ebc9eccd3cf49281e1817e4b753bf65fcc51cc0
ruby193-rubygem-fastthread-debuginfo-1.0.7-7.el6op.x86_64.rpm SHA-256: b61c13a1bb0b426e14c7e50a7fff2f8b56bf47b9be5b523bcb541849b243731c
ruby193-rubygem-haml-3.1.7-3.el6op.noarch.rpm SHA-256: 332dee32d3c5d311ef40339de1d03f0ae2add7e34a5f6d6b08f3c390cebbe85f
ruby193-rubygem-http_connection-1.4.1-7.el6.noarch.rpm SHA-256: 3622ede664363db55745e2bccf03ea195f16a417fd372f083107830d572fa714
ruby193-rubygem-rack-1.4.1-5.el6.noarch.rpm SHA-256: 996e3f440c03d8878222c525f5d9dcdaf2d61b6ae291d389b38c9bfb4009606f
ruby193-rubygem-rack-test-0.6.1-3.el6.noarch.rpm SHA-256: 7e875c98157420d2a933eb647396cdfee6f550d55f71e09614e9b410eaffe881
ruby193-rubygem-rspec-2.11.0-2.el6.noarch.rpm SHA-256: e33fc102b2b839b1d7d7b6464874fe74a0a82ee0d6bf26842b0a5c0a322865b6
ruby193-rubygem-treetop-1.4.10-6.el6.noarch.rpm SHA-256: de506f80c13a2908104598b2bfaa1f87928b6552235aa6f24772d7a18da6782e
ruby193-rubygem-xml-simple-1.0.12-10.el6op.noarch.rpm SHA-256: cf99c0e9c1e46bf78b03a56e3587f0f055cf72c69312894d13530c74d029cbb3

Red Hat OpenShift Enterprise Application Node 1

SRPM
ruby193-rubygem-activesupport-3.2.8-4.el6.src.rpm SHA-256: 40865e75d859489c282fe7f0a2869ca9fbaba293a671c29121ac336d73358d57
ruby193-rubygem-bcrypt-ruby-3.0.1-7.el6.src.rpm SHA-256: 9ee81c1b925b0ac2f138781f3c9ff5d5d26f239c82bd4568c75676229fac6141
ruby193-rubygem-bson-1.5.2-6.el6op.src.rpm SHA-256: a47429b4a989bb59d6e93c625fd6ed73f00bb1bd1a29868e814a60fb1d92d64c
ruby193-rubygem-fastthread-1.0.7-7.el6op.src.rpm SHA-256: 814a69fb68475c86639808b290f4c859db4d4e1a988b199a672020f2247088d0
ruby193-rubygem-http_connection-1.4.1-7.el6.src.rpm SHA-256: 610bbe4bb9ac6884ae407dbbcc82ce271aee3383c4cdd1c854a7453514cdb9bd
ruby193-rubygem-rack-1.4.1-5.el6.src.rpm SHA-256: f2f72b6d63f16c4be0a48198aab052ff4e7553bb0aa99d5d7300f6b02529c777
ruby193-rubygem-rack-test-0.6.1-3.el6.src.rpm SHA-256: 4cfef811dd94a036d65b30dea988e31eff95e69560ccc7b008f18ae7b56d14e0
ruby193-rubygem-rspec-2.11.0-2.el6.src.rpm SHA-256: 17c6733e191758f632f2a37b92f59f4b826bb42c5e0dd3dc2bceedd72c627c9b
ruby193-rubygem-treetop-1.4.10-6.el6.src.rpm SHA-256: bb95ff4d97b1270ad9930396a76f1dfe40d97cb5b31016e916f3279a1520c713
ruby193-rubygem-xml-simple-1.0.12-10.el6op.src.rpm SHA-256: 8ad7b6b4f1cd96ff982bb5644effb3e350c383f71dca9a5490f34ca14be1c61f
x86_64
ruby193-rubygem-activesupport-3.2.8-4.el6.noarch.rpm SHA-256: 9d050e5537498b819daec2c9ab6204c5b05cd437209b42b325846d76b18a51a4
ruby193-rubygem-bcrypt-ruby-3.0.1-7.el6.x86_64.rpm SHA-256: 1223af4e234a62efd8861255a9404f7018b555ea50f71d7e16db6674777422e5
ruby193-rubygem-bcrypt-ruby-debuginfo-3.0.1-7.el6.x86_64.rpm SHA-256: 78a9a49a187a3b9802b8a46b96ff3ac3665aff3d74148dc6152e5c42b640497d
ruby193-rubygem-bson-1.5.2-6.el6op.noarch.rpm SHA-256: 58637ab3c8e2b94dee4eaf8c54c25baff4a0998c805efd8455f3f9edfa0f88f8
ruby193-rubygem-fastthread-1.0.7-7.el6op.x86_64.rpm SHA-256: de92a9614bc44cdd6707f0964ebc9eccd3cf49281e1817e4b753bf65fcc51cc0
ruby193-rubygem-fastthread-debuginfo-1.0.7-7.el6op.x86_64.rpm SHA-256: b61c13a1bb0b426e14c7e50a7fff2f8b56bf47b9be5b523bcb541849b243731c
ruby193-rubygem-http_connection-1.4.1-7.el6.noarch.rpm SHA-256: 3622ede664363db55745e2bccf03ea195f16a417fd372f083107830d572fa714
ruby193-rubygem-rack-1.4.1-5.el6.noarch.rpm SHA-256: 996e3f440c03d8878222c525f5d9dcdaf2d61b6ae291d389b38c9bfb4009606f
ruby193-rubygem-rack-test-0.6.1-3.el6.noarch.rpm SHA-256: 7e875c98157420d2a933eb647396cdfee6f550d55f71e09614e9b410eaffe881
ruby193-rubygem-rspec-2.11.0-2.el6.noarch.rpm SHA-256: e33fc102b2b839b1d7d7b6464874fe74a0a82ee0d6bf26842b0a5c0a322865b6
ruby193-rubygem-treetop-1.4.10-6.el6.noarch.rpm SHA-256: de506f80c13a2908104598b2bfaa1f87928b6552235aa6f24772d7a18da6782e
ruby193-rubygem-xml-simple-1.0.12-10.el6op.noarch.rpm SHA-256: cf99c0e9c1e46bf78b03a56e3587f0f055cf72c69312894d13530c74d029cbb3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility