Issued:
2013-08-05
Updated:
2013-08-05

RHSA-2013:1137 - Security Advisory

Synopsis

Moderate: ruby193-ruby security update

Type/Severity

Security Advisory: Moderate

Topic

Updated ruby193-ruby packages that fix one security issue are now available
for Red Hat OpenShift Enterprise 1.2.2.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

Ruby is an extensible, interpreted, object-oriented, scripting language.
It has features to process text files and to do system management tasks.

A flaw was found in Ruby's SSL client's hostname identity check when
handling certificates that contain hostnames with NULL bytes. An attacker
could potentially exploit this flaw to conduct man-in-the-middle attacks to
spoof SSL servers. Note that to exploit this issue, an attacker would need
to obtain a carefully-crafted certificate signed by an authority that the
client trusts. (CVE-2013-4073)

All users of Red Hat OpenShift Enterprise 1.2.2 are advised to upgrade to
these updated packages, which resolve this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

  • Red Hat OpenShift Enterprise Infrastructure 1.2 x86_64
  • Red Hat OpenShift Enterprise Application Node 1.2 x86_64

Fixes

  • BZ - 979251 - CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL client

CVEs

References

Red Hat OpenShift Enterprise Infrastructure 1.2

SRPM
ruby193-ruby-1.9.3.448-38.el6.src.rpm SHA-256: 1cf41acf593fc338f4779453a4a8f89a4c485d6e328c3a24552a2198c7db4185
x86_64
ruby193-ruby-1.9.3.448-38.el6.x86_64.rpm SHA-256: c9497e3de29a2ef3c4143bee3c4e47cf338f537cec0511b270510a1a6b512069
ruby193-ruby-debuginfo-1.9.3.448-38.el6.x86_64.rpm SHA-256: 6ccd79fb82d7a78130d843c94364f1b535106004232c0f3e4c0b4aa28db8df6a
ruby193-ruby-devel-1.9.3.448-38.el6.x86_64.rpm SHA-256: 4aa13d84f291c18a3ba3c46c6f34c77d1529e8b721cea7c2f3b76835a27626e6
ruby193-ruby-doc-1.9.3.448-38.el6.x86_64.rpm SHA-256: a8ee3a973d3ffbc9db1e69dcd8685553a55acb89987bd31ca2ec806e1dadd787
ruby193-ruby-irb-1.9.3.448-38.el6.noarch.rpm SHA-256: 856b050dac96be0932caf58ca862801962ee13fe9c22ccba254e35e061f4eade
ruby193-ruby-libs-1.9.3.448-38.el6.x86_64.rpm SHA-256: 92583ec4d497d3c9b98ed0829d0c709ac2e7540e663b11717db3b70dfbac34fe
ruby193-ruby-tcltk-1.9.3.448-38.el6.x86_64.rpm SHA-256: 7c76a215fb7bdc04090f8f102edcdb725dcf2a6043648a999b0db48c823bf401
ruby193-rubygem-bigdecimal-1.1.0-38.el6.x86_64.rpm SHA-256: 940ee0e505d832feb5586b98c257de76d0ad25b53949518397207a1728c89e6a
ruby193-rubygem-io-console-0.3-38.el6.x86_64.rpm SHA-256: 32b9c8903945bfd0449515811fc8226325f22c598e1120aa3a9315fb30819df8
ruby193-rubygem-json-1.5.5-38.el6.x86_64.rpm SHA-256: 3a7869758c740c65b6d1d119c88e45a0292788ce26fe7d2cae725834a48b3607
ruby193-rubygem-rake-0.9.2.2-38.el6.noarch.rpm SHA-256: fe574964107c152cae9f47fcad4814c6400d324000b43a46f21951d90b5bc7a9
ruby193-rubygem-rdoc-3.9.5-38.el6.x86_64.rpm SHA-256: adf5f8e28aba39bb7289b66cc4e96507bea6d6c9862d3ef025f1b2143f1d3410
ruby193-rubygems-1.8.23-38.el6.noarch.rpm SHA-256: a9a883d7cc3fa6be8a27c8310489d06a726f19d56be09bced6707d41892fbd2f
ruby193-rubygems-devel-1.8.23-38.el6.noarch.rpm SHA-256: a8f9d3cdd47ccd5bf85b8955c5933947244d6e317d396eee08b85d004ea32a95

Red Hat OpenShift Enterprise Application Node 1.2

SRPM
ruby193-ruby-1.9.3.448-38.el6.src.rpm SHA-256: 1cf41acf593fc338f4779453a4a8f89a4c485d6e328c3a24552a2198c7db4185
x86_64
ruby193-ruby-1.9.3.448-38.el6.x86_64.rpm SHA-256: c9497e3de29a2ef3c4143bee3c4e47cf338f537cec0511b270510a1a6b512069
ruby193-ruby-debuginfo-1.9.3.448-38.el6.x86_64.rpm SHA-256: 6ccd79fb82d7a78130d843c94364f1b535106004232c0f3e4c0b4aa28db8df6a
ruby193-ruby-devel-1.9.3.448-38.el6.x86_64.rpm SHA-256: 4aa13d84f291c18a3ba3c46c6f34c77d1529e8b721cea7c2f3b76835a27626e6
ruby193-ruby-doc-1.9.3.448-38.el6.x86_64.rpm SHA-256: a8ee3a973d3ffbc9db1e69dcd8685553a55acb89987bd31ca2ec806e1dadd787
ruby193-ruby-irb-1.9.3.448-38.el6.noarch.rpm SHA-256: 856b050dac96be0932caf58ca862801962ee13fe9c22ccba254e35e061f4eade
ruby193-ruby-libs-1.9.3.448-38.el6.x86_64.rpm SHA-256: 92583ec4d497d3c9b98ed0829d0c709ac2e7540e663b11717db3b70dfbac34fe
ruby193-ruby-tcltk-1.9.3.448-38.el6.x86_64.rpm SHA-256: 7c76a215fb7bdc04090f8f102edcdb725dcf2a6043648a999b0db48c823bf401
ruby193-rubygem-bigdecimal-1.1.0-38.el6.x86_64.rpm SHA-256: 940ee0e505d832feb5586b98c257de76d0ad25b53949518397207a1728c89e6a
ruby193-rubygem-io-console-0.3-38.el6.x86_64.rpm SHA-256: 32b9c8903945bfd0449515811fc8226325f22c598e1120aa3a9315fb30819df8
ruby193-rubygem-json-1.5.5-38.el6.x86_64.rpm SHA-256: 3a7869758c740c65b6d1d119c88e45a0292788ce26fe7d2cae725834a48b3607
ruby193-rubygem-rake-0.9.2.2-38.el6.noarch.rpm SHA-256: fe574964107c152cae9f47fcad4814c6400d324000b43a46f21951d90b5bc7a9
ruby193-rubygem-rdoc-3.9.5-38.el6.x86_64.rpm SHA-256: adf5f8e28aba39bb7289b66cc4e96507bea6d6c9862d3ef025f1b2143f1d3410
ruby193-rubygems-1.8.23-38.el6.noarch.rpm SHA-256: a9a883d7cc3fa6be8a27c8310489d06a726f19d56be09bced6707d41892fbd2f
ruby193-rubygems-devel-1.8.23-38.el6.noarch.rpm SHA-256: a8f9d3cdd47ccd5bf85b8955c5933947244d6e317d396eee08b85d004ea32a95

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.