Issued:: 2021-03-18
Updated:: 2021-03-18

RHSA-2021:0937 - Security Advisory

Overview
Updated Packages

Synopsis

Important: rubygem-em-http-request security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for rubygem-em-http-request is now available for Red Hat
OpenStack Platform 13 (Queens).

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

EventMachine based, async HTTP Request client.

Security Fix(es):

missing SSL hostname validation allows MITM (CVE-2020-13482)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Solution

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack for IBM Power 13 ppc64le
Red Hat OpenStack 13 x86_64

Fixes

BZ - 1911457 - CVE-2020-13482 rubygem-em-http-request: missing SSL hostname validation allows MITM

CVEs

CVE-2020-13482

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack for IBM Power 13

SRPM
rubygem-em-http-request-1.1.5-4.el7ost.src.rpm	SHA-256: ba4b54123f91806af1d3180d838d7b6efafa43e2c31b13dfb1b25d0887fcffd8
ppc64le
rubygem-em-http-request-1.1.5-4.el7ost.ppc64le.rpm	SHA-256: d52d5dfe178ceb80819966c157bad2ea85d873b70dc1e8bf545ebe35513fa20f
rubygem-em-http-request-debuginfo-1.1.5-4.el7ost.ppc64le.rpm	SHA-256: ffadb9fcb3defb56c204706c8333e545843bea9b58c04ecbd7227c7403be874e

Red Hat OpenStack 13

SRPM
rubygem-em-http-request-1.1.5-4.el7ost.src.rpm	SHA-256: ba4b54123f91806af1d3180d838d7b6efafa43e2c31b13dfb1b25d0887fcffd8
x86_64
rubygem-em-http-request-1.1.5-4.el7ost.x86_64.rpm	SHA-256: ac8f3e91c1afaaf7982a31ff96e48fbc23ba800853ad9bb107588eeac7bac2fa
rubygem-em-http-request-debuginfo-1.1.5-4.el7ost.x86_64.rpm	SHA-256: 14d7e396647a2a54b8a7ec1cf79dc90c64c504c076e69fa718195ca4c19f77f5

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation