Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2013:1137 - Security Advisory
Issued:
2013-08-05
Updated:
2013-08-05

RHSA-2013:1137 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: ruby193-ruby security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated ruby193-ruby packages that fix one security issue are now available
for Red Hat OpenShift Enterprise 1.2.2.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

Ruby is an extensible, interpreted, object-oriented, scripting language.
It has features to process text files and to do system management tasks.

A flaw was found in Ruby's SSL client's hostname identity check when
handling certificates that contain hostnames with NULL bytes. An attacker
could potentially exploit this flaw to conduct man-in-the-middle attacks to
spoof SSL servers. Note that to exploit this issue, an attacker would need
to obtain a carefully-crafted certificate signed by an authority that the
client trusts. (CVE-2013-4073)

All users of Red Hat OpenShift Enterprise 1.2.2 are advised to upgrade to
these updated packages, which resolve this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

  • Red Hat OpenShift Enterprise Infrastructure 1.2 x86_64
  • Red Hat OpenShift Enterprise Application Node 1.2 x86_64

Fixes

  • BZ - 979251 - CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL client

CVEs

  • CVE-2013-4073

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Enterprise Infrastructure 1.2

SRPM
ruby193-ruby-1.9.3.448-38.el6.src.rpm SHA-256: 1cf41acf593fc338f4779453a4a8f89a4c485d6e328c3a24552a2198c7db4185
x86_64
ruby193-ruby-1.9.3.448-38.el6.x86_64.rpm SHA-256: c9497e3de29a2ef3c4143bee3c4e47cf338f537cec0511b270510a1a6b512069
ruby193-ruby-debuginfo-1.9.3.448-38.el6.x86_64.rpm SHA-256: 6ccd79fb82d7a78130d843c94364f1b535106004232c0f3e4c0b4aa28db8df6a
ruby193-ruby-devel-1.9.3.448-38.el6.x86_64.rpm SHA-256: 4aa13d84f291c18a3ba3c46c6f34c77d1529e8b721cea7c2f3b76835a27626e6
ruby193-ruby-doc-1.9.3.448-38.el6.x86_64.rpm SHA-256: a8ee3a973d3ffbc9db1e69dcd8685553a55acb89987bd31ca2ec806e1dadd787
ruby193-ruby-irb-1.9.3.448-38.el6.noarch.rpm SHA-256: 856b050dac96be0932caf58ca862801962ee13fe9c22ccba254e35e061f4eade
ruby193-ruby-libs-1.9.3.448-38.el6.x86_64.rpm SHA-256: 92583ec4d497d3c9b98ed0829d0c709ac2e7540e663b11717db3b70dfbac34fe
ruby193-ruby-tcltk-1.9.3.448-38.el6.x86_64.rpm SHA-256: 7c76a215fb7bdc04090f8f102edcdb725dcf2a6043648a999b0db48c823bf401
ruby193-rubygem-bigdecimal-1.1.0-38.el6.x86_64.rpm SHA-256: 940ee0e505d832feb5586b98c257de76d0ad25b53949518397207a1728c89e6a
ruby193-rubygem-io-console-0.3-38.el6.x86_64.rpm SHA-256: 32b9c8903945bfd0449515811fc8226325f22c598e1120aa3a9315fb30819df8
ruby193-rubygem-json-1.5.5-38.el6.x86_64.rpm SHA-256: 3a7869758c740c65b6d1d119c88e45a0292788ce26fe7d2cae725834a48b3607
ruby193-rubygem-rake-0.9.2.2-38.el6.noarch.rpm SHA-256: fe574964107c152cae9f47fcad4814c6400d324000b43a46f21951d90b5bc7a9
ruby193-rubygem-rdoc-3.9.5-38.el6.x86_64.rpm SHA-256: adf5f8e28aba39bb7289b66cc4e96507bea6d6c9862d3ef025f1b2143f1d3410
ruby193-rubygems-1.8.23-38.el6.noarch.rpm SHA-256: a9a883d7cc3fa6be8a27c8310489d06a726f19d56be09bced6707d41892fbd2f
ruby193-rubygems-devel-1.8.23-38.el6.noarch.rpm SHA-256: a8f9d3cdd47ccd5bf85b8955c5933947244d6e317d396eee08b85d004ea32a95

Red Hat OpenShift Enterprise Application Node 1.2

SRPM
ruby193-ruby-1.9.3.448-38.el6.src.rpm SHA-256: 1cf41acf593fc338f4779453a4a8f89a4c485d6e328c3a24552a2198c7db4185
x86_64
ruby193-ruby-1.9.3.448-38.el6.x86_64.rpm SHA-256: c9497e3de29a2ef3c4143bee3c4e47cf338f537cec0511b270510a1a6b512069
ruby193-ruby-debuginfo-1.9.3.448-38.el6.x86_64.rpm SHA-256: 6ccd79fb82d7a78130d843c94364f1b535106004232c0f3e4c0b4aa28db8df6a
ruby193-ruby-devel-1.9.3.448-38.el6.x86_64.rpm SHA-256: 4aa13d84f291c18a3ba3c46c6f34c77d1529e8b721cea7c2f3b76835a27626e6
ruby193-ruby-doc-1.9.3.448-38.el6.x86_64.rpm SHA-256: a8ee3a973d3ffbc9db1e69dcd8685553a55acb89987bd31ca2ec806e1dadd787
ruby193-ruby-irb-1.9.3.448-38.el6.noarch.rpm SHA-256: 856b050dac96be0932caf58ca862801962ee13fe9c22ccba254e35e061f4eade
ruby193-ruby-libs-1.9.3.448-38.el6.x86_64.rpm SHA-256: 92583ec4d497d3c9b98ed0829d0c709ac2e7540e663b11717db3b70dfbac34fe
ruby193-ruby-tcltk-1.9.3.448-38.el6.x86_64.rpm SHA-256: 7c76a215fb7bdc04090f8f102edcdb725dcf2a6043648a999b0db48c823bf401
ruby193-rubygem-bigdecimal-1.1.0-38.el6.x86_64.rpm SHA-256: 940ee0e505d832feb5586b98c257de76d0ad25b53949518397207a1728c89e6a
ruby193-rubygem-io-console-0.3-38.el6.x86_64.rpm SHA-256: 32b9c8903945bfd0449515811fc8226325f22c598e1120aa3a9315fb30819df8
ruby193-rubygem-json-1.5.5-38.el6.x86_64.rpm SHA-256: 3a7869758c740c65b6d1d119c88e45a0292788ce26fe7d2cae725834a48b3607
ruby193-rubygem-rake-0.9.2.2-38.el6.noarch.rpm SHA-256: fe574964107c152cae9f47fcad4814c6400d324000b43a46f21951d90b5bc7a9
ruby193-rubygem-rdoc-3.9.5-38.el6.x86_64.rpm SHA-256: adf5f8e28aba39bb7289b66cc4e96507bea6d6c9862d3ef025f1b2143f1d3410
ruby193-rubygems-1.8.23-38.el6.noarch.rpm SHA-256: a9a883d7cc3fa6be8a27c8310489d06a726f19d56be09bced6707d41892fbd2f
ruby193-rubygems-devel-1.8.23-38.el6.noarch.rpm SHA-256: a8f9d3cdd47ccd5bf85b8955c5933947244d6e317d396eee08b85d004ea32a95

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter