Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2013-0183
Vulnerability from cvelistv5
Published
2013-03-01 02:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:18:09.430Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895282" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://rack.github.com/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs" }, { "name": "openSUSE-SU-2013:0462", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "name": "RHSA-2013:0548", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18" }, { "name": "RHSA-2013:0544", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html" }, { "name": "DSA-2783", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2013/dsa-2783" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-08-22T00:00:00", "descriptions": [ { "lang": "en", "value": "multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-05-15T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895282" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://rack.github.com/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs" }, { "name": "openSUSE-SU-2013:0462", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "name": "RHSA-2013:0548", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18" }, { "name": "RHSA-2013:0544", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html" }, { "name": "DSA-2783", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2013/dsa-2783" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-0183", "datePublished": "2013-03-01T02:00:00", "dateReserved": "2012-12-06T00:00:00", "dateUpdated": "2024-08-06T14:18:09.430Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2013-0183\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2013-03-01T05:40:17.037\",\"lastModified\":\"2024-11-21T01:47:00.983\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.\"},{\"lang\":\"es\",\"value\":\"multipart/parser.rb de Rack v1.3.x antes de v1.3.8 y v1.4.x antes de v1.4.3 permite a atacantes remotos causar una denegaci\u00f3n de servicios (consumo de memoria y accesos fuera de rango) usando un long string en un paquete Multipart HTTP.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98CBCA07-8EEC-49D0-8C17-7887ABB63ED6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93B65658-8E1B-4832-822A-1C3770B33BB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E9E3412-6D9C-46FC-806E-0E0D310D4DDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:1.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10A95FAF-3314-4F3F-8619-DAED41648AE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:1.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00901558-9028-4BDF-AFE6-502DF2632069\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:1.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A8CBC63-DBA8-4A4E-87D7-5B891CDF7091\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:1.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F6A8485-8F4B-42E8-81ED-84CE5CE8E27D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:1.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBEE2AAF-1575-44F7-9B1B-87504E0425E0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A3DD73E-6BD4-4C18-A4B8-AFA6860A4585\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:1.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95E3FF6F-58C3-4491-BBD1-C4C13287A07D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C04A5634-62C7-4B01-B644-06A6A1D5A828\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rack.github.com/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0544.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0548.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2013/dsa-2783\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=895282\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rack.github.com/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0544.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0548.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2013/dsa-2783\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=895282\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
rhsa-2013_0544
Vulnerability from csaf_redhat
Published
2013-02-21 19:04
Modified
2024-11-22 06:14
Summary
Red Hat Security Advisory: Subscription Asset Manager 1.2 update
Notes
Topic
Red Hat Subscription Asset Manager 1.2, which fixes several security
issues, multiple bugs, and adds various enhancements, is now available.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
[Updated 25th February 2013]
This erratum previously failed to include the updated rubygem-rack package.
It also previously incorrectly documented CVE-2012-5604 as being fixed,
however that issue never affected Subscription Asset Manager and is no
longer listed. As well, CVE-2012-6496 was described as being fixed, however
that issue had previously been fixed in RHSA-2013:0154.
Details
Red Hat Subscription Asset Manager acts as a proxy for handling
subscription information and software updates on client machines.
It was discovered that Katello did not properly check user permissions when
handling certain requests. An authenticated remote attacker could use this
flaw to download consumer certificates or change settings of other users'
systems if they knew the target system's UUID. (CVE-2012-5603)
It was found that the
"/usr/share/katello/script/katello-generate-passphrase" utility, which is
run during the installation and configuration process, set world-readable
permissions on the "/etc/katello/secure/passphrase" file. A local attacker
could use this flaw to obtain the passphrase for Katello, giving them
access to information they would otherwise not have access to.
(CVE-2012-5561)
Note: After installing this update, ensure the
"/etc/katello/secure/passphrase" file is owned by the root user and group
and mode 0750 permissions. Sites should also consider re-creating the
Katello passphrase as this issue exposed it to local users.
Three flaws were found in rubygem-rack. A remote attacker could use these
flaws to perform a denial of service attack against applications using
rubygem-rack. (CVE-2012-6109, CVE-2013-0183, CVE-2013-0184)
It was found that ruby_parser from rubygem-ruby_parser created a temporary
file in an insecure way. A local attacker could use this flaw to perform a
symbolic link attack, overwriting arbitrary files accessible to the
application using ruby_parser. (CVE-2013-0162)
The CVE-2012-5603 issue was discovered by Lukas Zapletal of Red Hat;
CVE-2012-5561 was discovered by Aaron Weitekamp of the Red Hat Cloud
Quality Engineering team; and CVE-2013-0162 was discovered by Michael
Scherer of the Red Hat Regional IT team.
These updated Subscription Asset Manager packages include a number of bug
fixes and enhancements. Space precludes documenting all of these changes
in this advisory. Refer to the Red Hat Subscription Asset Manager 1.2
Release Notes for information about these changes:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Subscription_Asset_Manager/1.2/html/Release_Notes/index.html
All users of Red Hat Subscription Asset Manager are advised to upgrade to
these updated packages, which fix these issues and add various
enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat Subscription Asset Manager 1.2, which fixes several security\nissues, multiple bugs, and adds various enhancements, is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\n[Updated 25th February 2013]\nThis erratum previously failed to include the updated rubygem-rack package.\nIt also previously incorrectly documented CVE-2012-5604 as being fixed,\nhowever that issue never affected Subscription Asset Manager and is no\nlonger listed. As well, CVE-2012-6496 was described as being fixed, however\nthat issue had previously been fixed in RHSA-2013:0154.", "title": "Topic" }, { "category": "general", "text": "Red Hat Subscription Asset Manager acts as a proxy for handling\nsubscription information and software updates on client machines.\n\nIt was discovered that Katello did not properly check user permissions when\nhandling certain requests. An authenticated remote attacker could use this\nflaw to download consumer certificates or change settings of other users\u0027\nsystems if they knew the target system\u0027s UUID. (CVE-2012-5603)\n\nIt was found that the\n\"/usr/share/katello/script/katello-generate-passphrase\" utility, which is\nrun during the installation and configuration process, set world-readable\npermissions on the \"/etc/katello/secure/passphrase\" file. A local attacker\ncould use this flaw to obtain the passphrase for Katello, giving them\naccess to information they would otherwise not have access to.\n(CVE-2012-5561)\n\nNote: After installing this update, ensure the\n\"/etc/katello/secure/passphrase\" file is owned by the root user and group\nand mode 0750 permissions. Sites should also consider re-creating the\nKatello passphrase as this issue exposed it to local users.\n\nThree flaws were found in rubygem-rack. A remote attacker could use these\nflaws to perform a denial of service attack against applications using\nrubygem-rack. (CVE-2012-6109, CVE-2013-0183, CVE-2013-0184)\n\nIt was found that ruby_parser from rubygem-ruby_parser created a temporary\nfile in an insecure way. A local attacker could use this flaw to perform a\nsymbolic link attack, overwriting arbitrary files accessible to the\napplication using ruby_parser. (CVE-2013-0162)\n\nThe CVE-2012-5603 issue was discovered by Lukas Zapletal of Red Hat;\nCVE-2012-5561 was discovered by Aaron Weitekamp of the Red Hat Cloud\nQuality Engineering team; and CVE-2013-0162 was discovered by Michael\nScherer of the Red Hat Regional IT team.\n\nThese updated Subscription Asset Manager packages include a number of bug\nfixes and enhancements. Space precludes documenting all of these changes\nin this advisory. Refer to the Red Hat Subscription Asset Manager 1.2\nRelease Notes for information about these changes:\n\nhttps://access.redhat.com/knowledge/docs/en-US/Red_Hat_Subscription_Asset_Manager/1.2/html/Release_Notes/index.html\n\nAll users of Red Hat Subscription Asset Manager are advised to upgrade to\nthese updated packages, which fix these issues and add various\nenhancements.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2013:0544", "url": "https://access.redhat.com/errata/RHSA-2013:0544" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Subscription_Asset_Manager/1.2/html/Release_Notes/index.html", "url": "https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Subscription_Asset_Manager/1.2/html/Release_Notes/index.html" }, { "category": "external", "summary": "760564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=760564" }, { "category": "external", "summary": "800145", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800145" }, { "category": "external", "summary": "809823", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=809823" }, { "category": "external", "summary": "813291", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=813291" }, { "category": "external", "summary": "817845", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=817845" }, { "category": "external", "summary": "817946", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=817946" }, { "category": "external", "summary": "818679", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=818679" }, { "category": "external", "summary": "818903", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=818903" }, { "category": "external", "summary": "819002", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=819002" }, { "category": "external", "summary": "819611", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=819611" }, { "category": "external", "summary": "822942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=822942" }, { "category": "external", "summary": "822943", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=822943" }, { "category": "external", "summary": "822945", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=822945" }, { "category": "external", "summary": "826099", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=826099" }, { "category": "external", "summary": "829474", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829474" }, { "category": "external", "summary": "832425", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=832425" }, { "category": "external", "summary": "832462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=832462" }, { "category": "external", "summary": "840595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840595" }, { "category": "external", "summary": "840600", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840600" }, { "category": "external", "summary": "840603", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840603" }, { "category": "external", "summary": "840609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840609" }, { "category": "external", "summary": "840792", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840792" }, { "category": "external", "summary": "840969", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840969" }, { "category": "external", "summary": "841868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841868" }, { "category": "external", "summary": "843625", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=843625" }, { "category": "external", "summary": "843857", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=843857" }, { "category": "external", "summary": "843861", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=843861" }, { "category": "external", "summary": "843904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=843904" }, { "category": "external", "summary": "845501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=845501" }, { "category": "external", "summary": "845620", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=845620" }, { "category": "external", "summary": "847024", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=847024" }, { "category": "external", "summary": "847117", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=847117" }, { "category": "external", "summary": "847598", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=847598" }, { "category": "external", "summary": "850336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=850336" }, { "category": "external", "summary": "852508", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=852508" }, { "category": "external", "summary": "854278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=854278" }, { "category": "external", "summary": "854283", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=854283" }, { "category": "external", "summary": "854985", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=854985" }, { "category": "external", "summary": "856303", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=856303" }, { "category": "external", "summary": "856777", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=856777" }, { "category": "external", "summary": "856795", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=856795" }, { "category": "external", "summary": "857452", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=857452" }, { "category": "external", "summary": "859128", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=859128" }, { "category": "external", "summary": "863461", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863461" }, { "category": "external", "summary": "865571", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865571" }, { "category": "external", "summary": "866323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=866323" }, { "category": "external", "summary": "866972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=866972" }, { "category": "external", "summary": "866995", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=866995" }, { "category": "external", "summary": "868290", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=868290" }, { "category": "external", "summary": "869380", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=869380" }, { "category": "external", "summary": "871622", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=871622" }, { "category": "external", "summary": "872332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=872332" }, { "category": "external", "summary": "872334", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=872334" }, { "category": "external", "summary": "872335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=872335" }, { "category": "external", "summary": "872602", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=872602" }, { "category": "external", "summary": "872687", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=872687" }, { "category": "external", "summary": "873038", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=873038" }, { "category": "external", "summary": "873443", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=873443" }, { "category": "external", "summary": "873803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=873803" }, { "category": "external", "summary": "873809", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=873809" }, { "category": "external", "summary": "874182", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874182" }, { "category": "external", "summary": "874280", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874280" }, { "category": "external", "summary": "874502", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874502" }, { "category": "external", "summary": "874510", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874510" }, { "category": "external", "summary": "874583", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874583" }, { "category": "external", "summary": "874737", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874737" }, { "category": "external", "summary": "874744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874744" }, { "category": "external", "summary": "875101", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=875101" }, { "category": "external", "summary": "875609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=875609" }, { "category": "external", "summary": "875876", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=875876" }, { "category": "external", "summary": "876869", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=876869" }, { "category": "external", "summary": "876896", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=876896" }, { "category": "external", "summary": "876911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=876911" }, { "category": "external", "summary": "877317", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877317" }, { "category": "external", "summary": "877473", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877473" }, { "category": "external", "summary": "877894", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877894" }, { "category": "external", "summary": "878191", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=878191" }, { "category": "external", "summary": "878341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=878341" }, { "category": "external", "summary": "878355", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=878355" }, { "category": "external", "summary": "878370", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=878370" }, { "category": "external", "summary": "878377", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=878377" }, { "category": "external", "summary": "878693", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=878693" }, { "category": "external", "summary": "878750", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=878750" }, { "category": "external", "summary": "879094", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=879094" }, { "category": "external", "summary": "879170", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=879170" }, { "category": "external", "summary": "879245", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=879245" }, { "category": "external", "summary": "879320", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=879320" }, { "category": "external", "summary": "880113", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=880113" }, { "category": "external", "summary": "880116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=880116" }, { "category": "external", "summary": "880710", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=880710" }, { "category": "external", "summary": "880848", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=880848" }, { "category": "external", "summary": "880905", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=880905" }, { "category": "external", "summary": "881616", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=881616" }, { "category": "external", "summary": "882129", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=882129" }, { "category": "external", "summary": "882957", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=882957" }, { "category": "external", "summary": "885096", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=885096" }, { "category": "external", "summary": "886137", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=886137" }, { "category": "external", "summary": "886462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=886462" }, { "category": "external", "summary": "890000", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=890000" }, { "category": "external", "summary": "892639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892639" }, { "category": "external", "summary": "892806", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892806" }, { "category": "external", "summary": "895277", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895277" }, { "category": "external", "summary": "895282", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895282" }, { "category": "external", "summary": "895384", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895384" }, { "category": "external", "summary": "896550", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=896550" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0544.json" } ], "title": "Red Hat Security Advisory: Subscription Asset Manager 1.2 update", "tracking": { "current_release_date": "2024-11-22T06:14:27+00:00", "generator": { "date": "2024-11-22T06:14:27+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2013:0544", "initial_release_date": "2013-02-21T19:04:00+00:00", "revision_history": [ { "date": "2013-02-21T19:04:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2013-02-25T23:08:04+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T06:14:27+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Subscription Asset Manager for RHEL 6 Server", "product": { "name": "Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12", "product_identification_helper": { "cpe": "cpe:/a:rhel_sam:1.2::el6" } } } ], "category": "product_family", "name": "Red Hat Subscription Asset Manager" }, { "branches": [ { "category": "product_version", "name": "quartz-0:2.1.5-4.el6_3.src", "product": { "name": "quartz-0:2.1.5-4.el6_3.src", "product_id": "quartz-0:2.1.5-4.el6_3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/quartz@2.1.5-4.el6_3?arch=src" } } }, { "category": "product_version", "name": "katello-certs-tools-0:1.2.1-1h.el6_3.src", "product": { "name": "katello-certs-tools-0:1.2.1-1h.el6_3.src", "product_id": "katello-certs-tools-0:1.2.1-1h.el6_3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/katello-certs-tools@1.2.1-1h.el6_3?arch=src" } } }, { "category": "product_version", "name": "elasticsearch-0:0.19.9-5.el6_3.src", "product": { "name": "elasticsearch-0:0.19.9-5.el6_3.src", "product_id": "elasticsearch-0:0.19.9-5.el6_3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/elasticsearch@0.19.9-5.el6_3?arch=src" } } }, { "category": "product_version", "name": "lucene3-0:3.6.1-10h.el6_3.src", "product": { "name": "lucene3-0:3.6.1-10h.el6_3.src", "product_id": "lucene3-0:3.6.1-10h.el6_3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/lucene3@3.6.1-10h.el6_3?arch=src" } } }, { "category": "product_version", "name": "candlepin-0:0.7.23-1.el6_3.src", "product": { "name": "candlepin-0:0.7.23-1.el6_3.src", "product_id": "candlepin-0:0.7.23-1.el6_3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/candlepin@0.7.23-1.el6_3?arch=src" } } }, { "category": "product_version", "name": "apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.src", "product": { "name": "apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.src", "product_id": "apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-mime4j@0.6-4_redhat_1.ep6.el6.1?arch=src" } } }, { "category": "product_version", "name": "thumbslug-0:0.0.28-1.el6_3.src", "product": { "name": "thumbslug-0:0.0.28-1.el6_3.src", "product_id": "thumbslug-0:0.0.28-1.el6_3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/thumbslug@0.0.28-1.el6_3?arch=src" } } }, { "category": "product_version", "name": "katello-selinux-0:1.2.1-2h.el6_3.src", "product": { "name": "katello-selinux-0:1.2.1-2h.el6_3.src", "product_id": "katello-selinux-0:1.2.1-2h.el6_3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/katello-selinux@1.2.1-2h.el6_3?arch=src" } } }, { "category": "product_version", "name": "puppet-0:2.6.17-2.el6cf.src", "product": { "name": "puppet-0:2.6.17-2.el6cf.src", "product_id": "puppet-0:2.6.17-2.el6cf.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/puppet@2.6.17-2.el6cf?arch=src" } } }, { "category": "product_version", "name": "rubygem-mail-0:2.3.0-3.el6cf.src", "product": { "name": "rubygem-mail-0:2.3.0-3.el6cf.src", "product_id": "rubygem-mail-0:2.3.0-3.el6cf.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-mail@2.3.0-3.el6cf?arch=src" } } }, { "category": "product_version", "name": "katello-cli-0:1.2.1-12h.el6_3.src", "product": { "name": "katello-cli-0:1.2.1-12h.el6_3.src", "product_id": "katello-cli-0:1.2.1-12h.el6_3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/katello-cli@1.2.1-12h.el6_3?arch=src" } } }, { "category": "product_version", "name": "rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "product": { "name": "rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "product_id": "rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-ruby_parser@2.0.4-6.el6cf?arch=src" } } }, { "category": "product_version", "name": "rubygem-apipie-rails-0:0.0.12-2.el6cf.src", "product": { "name": "rubygem-apipie-rails-0:0.0.12-2.el6cf.src", "product_id": "rubygem-apipie-rails-0:0.0.12-2.el6cf.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-apipie-rails@0.0.12-2.el6cf?arch=src" } } }, { "category": "product_version", "name": "rubygem-ldap_fluff-0:0.1.3-1.el6_3.src", "product": { "name": "rubygem-ldap_fluff-0:0.1.3-1.el6_3.src", "product_id": "rubygem-ldap_fluff-0:0.1.3-1.el6_3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-ldap_fluff@0.1.3-1.el6_3?arch=src" } } }, { "category": "product_version", "name": "snappy-java-0:1.0.4-2.el6_3.src", "product": { "name": "snappy-java-0:1.0.4-2.el6_3.src", "product_id": "snappy-java-0:1.0.4-2.el6_3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/snappy-java@1.0.4-2.el6_3?arch=src" } } }, { "category": "product_version", "name": "apache-commons-codec-0:1.7-2.el6_3.src", "product": { "name": "apache-commons-codec-0:1.7-2.el6_3.src", "product_id": "apache-commons-codec-0:1.7-2.el6_3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-codec@1.7-2.el6_3?arch=src" } } }, { "category": "product_version", "name": "sigar-0:1.6.5-0.12.git58097d9h.el6_3.src", "product": { "name": "sigar-0:1.6.5-0.12.git58097d9h.el6_3.src", "product_id": "sigar-0:1.6.5-0.12.git58097d9h.el6_3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/sigar@1.6.5-0.12.git58097d9h.el6_3?arch=src" } } }, { "category": "product_version", "name": "katello-configure-0:1.2.3-3h.el6_3.src", "product": { "name": "katello-configure-0:1.2.3-3h.el6_3.src", "product_id": "katello-configure-0:1.2.3-3h.el6_3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/katello-configure@1.2.3-3h.el6_3?arch=src" } } }, { "category": "product_version", "name": "katello-0:1.2.1-15h.el6_3.src", "product": { "name": "katello-0:1.2.1-15h.el6_3.src", "product_id": "katello-0:1.2.1-15h.el6_3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/katello@1.2.1-15h.el6_3?arch=src" } } }, { "category": "product_version", "name": "rubygem-activesupport-1:3.0.10-10.el6cf.src", "product": { "name": "rubygem-activesupport-1:3.0.10-10.el6cf.src", "product_id": "rubygem-activesupport-1:3.0.10-10.el6cf.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-activesupport@3.0.10-10.el6cf?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "rubygem-rack-1:1.3.0-3.el6cf.src", "product": { "name": "rubygem-rack-1:1.3.0-3.el6cf.src", "product_id": "rubygem-rack-1:1.3.0-3.el6cf.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rack@1.3.0-3.el6cf?arch=src\u0026epoch=1" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "quartz-0:2.1.5-4.el6_3.noarch", "product": { "name": "quartz-0:2.1.5-4.el6_3.noarch", "product_id": "quartz-0:2.1.5-4.el6_3.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/quartz@2.1.5-4.el6_3?arch=noarch" } } }, { "category": "product_version", "name": "katello-certs-tools-0:1.2.1-1h.el6_3.noarch", "product": { "name": "katello-certs-tools-0:1.2.1-1h.el6_3.noarch", "product_id": "katello-certs-tools-0:1.2.1-1h.el6_3.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/katello-certs-tools@1.2.1-1h.el6_3?arch=noarch" } } }, { "category": "product_version", "name": "elasticsearch-0:0.19.9-5.el6_3.noarch", "product": { "name": "elasticsearch-0:0.19.9-5.el6_3.noarch", "product_id": "elasticsearch-0:0.19.9-5.el6_3.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/elasticsearch@0.19.9-5.el6_3?arch=noarch" } } }, { "category": "product_version", "name": "lucene3-0:3.6.1-10h.el6_3.noarch", "product": { "name": "lucene3-0:3.6.1-10h.el6_3.noarch", "product_id": "lucene3-0:3.6.1-10h.el6_3.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/lucene3@3.6.1-10h.el6_3?arch=noarch" } } }, { "category": "product_version", "name": "lucene3-contrib-0:3.6.1-10h.el6_3.noarch", "product": { "name": "lucene3-contrib-0:3.6.1-10h.el6_3.noarch", "product_id": "lucene3-contrib-0:3.6.1-10h.el6_3.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/lucene3-contrib@3.6.1-10h.el6_3?arch=noarch" } } }, { "category": "product_version", "name": "candlepin-0:0.7.23-1.el6_3.noarch", "product": { "name": "candlepin-0:0.7.23-1.el6_3.noarch", "product_id": "candlepin-0:0.7.23-1.el6_3.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/candlepin@0.7.23-1.el6_3?arch=noarch" } } }, { "category": "product_version", "name": "candlepin-tomcat6-0:0.7.23-1.el6_3.noarch", "product": { "name": "candlepin-tomcat6-0:0.7.23-1.el6_3.noarch", "product_id": "candlepin-tomcat6-0:0.7.23-1.el6_3.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/candlepin-tomcat6@0.7.23-1.el6_3?arch=noarch" } } }, { "category": "product_version", "name": "candlepin-selinux-0:0.7.23-1.el6_3.noarch", "product": { "name": "candlepin-selinux-0:0.7.23-1.el6_3.noarch", "product_id": "candlepin-selinux-0:0.7.23-1.el6_3.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/candlepin-selinux@0.7.23-1.el6_3?arch=noarch" } } }, { "category": "product_version", "name": "candlepin-devel-0:0.7.23-1.el6_3.noarch", "product": { "name": "candlepin-devel-0:0.7.23-1.el6_3.noarch", "product_id": "candlepin-devel-0:0.7.23-1.el6_3.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/candlepin-devel@0.7.23-1.el6_3?arch=noarch" } } }, { "category": "product_version", "name": "apache-mime4j-javadoc-0:0.6-4_redhat_1.ep6.el6.1.noarch", "product": { "name": "apache-mime4j-javadoc-0:0.6-4_redhat_1.ep6.el6.1.noarch", "product_id": "apache-mime4j-javadoc-0:0.6-4_redhat_1.ep6.el6.1.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-mime4j-javadoc@0.6-4_redhat_1.ep6.el6.1?arch=noarch" } } }, { "category": "product_version", "name": "apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.noarch", "product": { "name": "apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.noarch", "product_id": "apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-mime4j@0.6-4_redhat_1.ep6.el6.1?arch=noarch" } } }, { "category": "product_version", "name": "thumbslug-selinux-0:0.0.28-1.el6_3.noarch", "product": { "name": "thumbslug-selinux-0:0.0.28-1.el6_3.noarch", "product_id": "thumbslug-selinux-0:0.0.28-1.el6_3.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/thumbslug-selinux@0.0.28-1.el6_3?arch=noarch" } } }, { "category": "product_version", "name": "thumbslug-0:0.0.28-1.el6_3.noarch", "product": { "name": "thumbslug-0:0.0.28-1.el6_3.noarch", "product_id": "thumbslug-0:0.0.28-1.el6_3.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/thumbslug@0.0.28-1.el6_3?arch=noarch" } } }, { "category": "product_version", "name": "katello-selinux-0:1.2.1-2h.el6_3.noarch", "product": { "name": "katello-selinux-0:1.2.1-2h.el6_3.noarch", "product_id": "katello-selinux-0:1.2.1-2h.el6_3.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/katello-selinux@1.2.1-2h.el6_3?arch=noarch" } } }, { "category": "product_version", "name": "puppet-server-0:2.6.17-2.el6cf.noarch", "product": { "name": "puppet-server-0:2.6.17-2.el6cf.noarch", "product_id": "puppet-server-0:2.6.17-2.el6cf.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/puppet-server@2.6.17-2.el6cf?arch=noarch" } } }, { "category": "product_version", "name": "puppet-0:2.6.17-2.el6cf.noarch", "product": { "name": "puppet-0:2.6.17-2.el6cf.noarch", "product_id": "puppet-0:2.6.17-2.el6cf.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/puppet@2.6.17-2.el6cf?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-mail-doc-0:2.3.0-3.el6cf.noarch", "product": { "name": "rubygem-mail-doc-0:2.3.0-3.el6cf.noarch", "product_id": "rubygem-mail-doc-0:2.3.0-3.el6cf.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-mail-doc@2.3.0-3.el6cf?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-mail-0:2.3.0-3.el6cf.noarch", "product": { "name": "rubygem-mail-0:2.3.0-3.el6cf.noarch", "product_id": "rubygem-mail-0:2.3.0-3.el6cf.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-mail@2.3.0-3.el6cf?arch=noarch" } } }, { "category": "product_version", "name": "katello-cli-0:1.2.1-12h.el6_3.noarch", "product": { "name": "katello-cli-0:1.2.1-12h.el6_3.noarch", "product_id": "katello-cli-0:1.2.1-12h.el6_3.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/katello-cli@1.2.1-12h.el6_3?arch=noarch" } } }, { "category": "product_version", "name": "katello-cli-common-0:1.2.1-12h.el6_3.noarch", "product": { "name": "katello-cli-common-0:1.2.1-12h.el6_3.noarch", "product_id": "katello-cli-common-0:1.2.1-12h.el6_3.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/katello-cli-common@1.2.1-12h.el6_3?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "product": { "name": "rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "product_id": "rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-ruby_parser-doc@2.0.4-6.el6cf?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "product": { "name": "rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "product_id": "rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-ruby_parser@2.0.4-6.el6cf?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-apipie-rails-0:0.0.12-2.el6cf.noarch", "product": { "name": "rubygem-apipie-rails-0:0.0.12-2.el6cf.noarch", "product_id": "rubygem-apipie-rails-0:0.0.12-2.el6cf.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-apipie-rails@0.0.12-2.el6cf?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-ldap_fluff-0:0.1.3-1.el6_3.noarch", "product": { "name": "rubygem-ldap_fluff-0:0.1.3-1.el6_3.noarch", "product_id": "rubygem-ldap_fluff-0:0.1.3-1.el6_3.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-ldap_fluff@0.1.3-1.el6_3?arch=noarch" } } }, { "category": "product_version", "name": "katello-configure-0:1.2.3-3h.el6_3.noarch", "product": { "name": "katello-configure-0:1.2.3-3h.el6_3.noarch", "product_id": "katello-configure-0:1.2.3-3h.el6_3.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/katello-configure@1.2.3-3h.el6_3?arch=noarch" } } }, { "category": "product_version", "name": "katello-common-0:1.2.1-15h.el6_3.noarch", "product": { "name": "katello-common-0:1.2.1-15h.el6_3.noarch", "product_id": "katello-common-0:1.2.1-15h.el6_3.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/katello-common@1.2.1-15h.el6_3?arch=noarch" } } }, { "category": "product_version", "name": "katello-glue-candlepin-0:1.2.1-15h.el6_3.noarch", "product": { "name": "katello-glue-candlepin-0:1.2.1-15h.el6_3.noarch", "product_id": "katello-glue-candlepin-0:1.2.1-15h.el6_3.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/katello-glue-candlepin@1.2.1-15h.el6_3?arch=noarch" } } }, { "category": "product_version", "name": "katello-headpin-all-0:1.2.1-15h.el6_3.noarch", "product": { "name": "katello-headpin-all-0:1.2.1-15h.el6_3.noarch", "product_id": "katello-headpin-all-0:1.2.1-15h.el6_3.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/katello-headpin-all@1.2.1-15h.el6_3?arch=noarch" } } }, { "category": "product_version", "name": "katello-headpin-0:1.2.1-15h.el6_3.noarch", "product": { "name": "katello-headpin-0:1.2.1-15h.el6_3.noarch", "product_id": "katello-headpin-0:1.2.1-15h.el6_3.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/katello-headpin@1.2.1-15h.el6_3?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "product": { "name": "rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "product_id": "rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-activesupport@3.0.10-10.el6cf?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "rubygem-rack-1:1.3.0-3.el6cf.noarch", "product": { "name": "rubygem-rack-1:1.3.0-3.el6cf.noarch", "product_id": "rubygem-rack-1:1.3.0-3.el6cf.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rack@1.3.0-3.el6cf?arch=noarch\u0026epoch=1" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "snappy-java-debuginfo-0:1.0.4-2.el6_3.x86_64", "product": { "name": "snappy-java-debuginfo-0:1.0.4-2.el6_3.x86_64", "product_id": "snappy-java-debuginfo-0:1.0.4-2.el6_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/snappy-java-debuginfo@1.0.4-2.el6_3?arch=x86_64" } } }, { "category": "product_version", "name": "snappy-java-0:1.0.4-2.el6_3.x86_64", "product": { "name": "snappy-java-0:1.0.4-2.el6_3.x86_64", "product_id": "snappy-java-0:1.0.4-2.el6_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/snappy-java@1.0.4-2.el6_3?arch=x86_64" } } }, { "category": "product_version", "name": "apache-commons-codec-0:1.7-2.el6_3.x86_64", "product": { "name": "apache-commons-codec-0:1.7-2.el6_3.x86_64", "product_id": "apache-commons-codec-0:1.7-2.el6_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-codec@1.7-2.el6_3?arch=x86_64" } } }, { "category": "product_version", "name": "apache-commons-codec-debuginfo-0:1.7-2.el6_3.x86_64", "product": { "name": "apache-commons-codec-debuginfo-0:1.7-2.el6_3.x86_64", "product_id": "apache-commons-codec-debuginfo-0:1.7-2.el6_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-codec-debuginfo@1.7-2.el6_3?arch=x86_64" } } }, { "category": "product_version", "name": "sigar-java-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "product": { "name": "sigar-java-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "product_id": "sigar-java-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/sigar-java@1.6.5-0.12.git58097d9h.el6_3?arch=x86_64" } } }, { "category": "product_version", "name": "sigar-debuginfo-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "product": { "name": "sigar-debuginfo-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "product_id": "sigar-debuginfo-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/sigar-debuginfo@1.6.5-0.12.git58097d9h.el6_3?arch=x86_64" } } }, { "category": "product_version", "name": "sigar-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "product": { "name": "sigar-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "product_id": "sigar-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/sigar@1.6.5-0.12.git58097d9h.el6_3?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "apache-commons-codec-0:1.7-2.el6_3.src as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.src" }, "product_reference": "apache-commons-codec-0:1.7-2.el6_3.src", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-codec-0:1.7-2.el6_3.x86_64 as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.x86_64" }, "product_reference": "apache-commons-codec-0:1.7-2.el6_3.x86_64", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-codec-debuginfo-0:1.7-2.el6_3.x86_64 as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:apache-commons-codec-debuginfo-0:1.7-2.el6_3.x86_64" }, "product_reference": "apache-commons-codec-debuginfo-0:1.7-2.el6_3.x86_64", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.noarch" }, "product_reference": "apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.src as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.src" }, "product_reference": "apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.src", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "apache-mime4j-javadoc-0:0.6-4_redhat_1.ep6.el6.1.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:apache-mime4j-javadoc-0:0.6-4_redhat_1.ep6.el6.1.noarch" }, "product_reference": "apache-mime4j-javadoc-0:0.6-4_redhat_1.ep6.el6.1.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "candlepin-0:0.7.23-1.el6_3.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.noarch" }, "product_reference": "candlepin-0:0.7.23-1.el6_3.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "candlepin-0:0.7.23-1.el6_3.src as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.src" }, "product_reference": "candlepin-0:0.7.23-1.el6_3.src", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "candlepin-devel-0:0.7.23-1.el6_3.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:candlepin-devel-0:0.7.23-1.el6_3.noarch" }, "product_reference": "candlepin-devel-0:0.7.23-1.el6_3.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "candlepin-selinux-0:0.7.23-1.el6_3.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:candlepin-selinux-0:0.7.23-1.el6_3.noarch" }, "product_reference": "candlepin-selinux-0:0.7.23-1.el6_3.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "candlepin-tomcat6-0:0.7.23-1.el6_3.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:candlepin-tomcat6-0:0.7.23-1.el6_3.noarch" }, "product_reference": "candlepin-tomcat6-0:0.7.23-1.el6_3.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "elasticsearch-0:0.19.9-5.el6_3.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.noarch" }, "product_reference": "elasticsearch-0:0.19.9-5.el6_3.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "elasticsearch-0:0.19.9-5.el6_3.src as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.src" }, "product_reference": "elasticsearch-0:0.19.9-5.el6_3.src", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "katello-0:1.2.1-15h.el6_3.src as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:katello-0:1.2.1-15h.el6_3.src" }, "product_reference": "katello-0:1.2.1-15h.el6_3.src", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "katello-certs-tools-0:1.2.1-1h.el6_3.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.noarch" }, "product_reference": "katello-certs-tools-0:1.2.1-1h.el6_3.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "katello-certs-tools-0:1.2.1-1h.el6_3.src as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.src" }, "product_reference": "katello-certs-tools-0:1.2.1-1h.el6_3.src", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "katello-cli-0:1.2.1-12h.el6_3.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.noarch" }, "product_reference": "katello-cli-0:1.2.1-12h.el6_3.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "katello-cli-0:1.2.1-12h.el6_3.src as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.src" }, "product_reference": "katello-cli-0:1.2.1-12h.el6_3.src", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "katello-cli-common-0:1.2.1-12h.el6_3.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:katello-cli-common-0:1.2.1-12h.el6_3.noarch" }, "product_reference": "katello-cli-common-0:1.2.1-12h.el6_3.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "katello-common-0:1.2.1-15h.el6_3.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:katello-common-0:1.2.1-15h.el6_3.noarch" }, "product_reference": "katello-common-0:1.2.1-15h.el6_3.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "katello-configure-0:1.2.3-3h.el6_3.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.noarch" }, "product_reference": "katello-configure-0:1.2.3-3h.el6_3.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "katello-configure-0:1.2.3-3h.el6_3.src as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.src" }, "product_reference": "katello-configure-0:1.2.3-3h.el6_3.src", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "katello-glue-candlepin-0:1.2.1-15h.el6_3.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:katello-glue-candlepin-0:1.2.1-15h.el6_3.noarch" }, "product_reference": "katello-glue-candlepin-0:1.2.1-15h.el6_3.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "katello-headpin-0:1.2.1-15h.el6_3.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:katello-headpin-0:1.2.1-15h.el6_3.noarch" }, "product_reference": "katello-headpin-0:1.2.1-15h.el6_3.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "katello-headpin-all-0:1.2.1-15h.el6_3.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:katello-headpin-all-0:1.2.1-15h.el6_3.noarch" }, "product_reference": "katello-headpin-all-0:1.2.1-15h.el6_3.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "katello-selinux-0:1.2.1-2h.el6_3.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.noarch" }, "product_reference": "katello-selinux-0:1.2.1-2h.el6_3.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "katello-selinux-0:1.2.1-2h.el6_3.src as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.src" }, "product_reference": "katello-selinux-0:1.2.1-2h.el6_3.src", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "lucene3-0:3.6.1-10h.el6_3.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.noarch" }, "product_reference": "lucene3-0:3.6.1-10h.el6_3.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "lucene3-0:3.6.1-10h.el6_3.src as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.src" }, "product_reference": "lucene3-0:3.6.1-10h.el6_3.src", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "lucene3-contrib-0:3.6.1-10h.el6_3.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:lucene3-contrib-0:3.6.1-10h.el6_3.noarch" }, "product_reference": "lucene3-contrib-0:3.6.1-10h.el6_3.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "puppet-0:2.6.17-2.el6cf.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.noarch" }, "product_reference": "puppet-0:2.6.17-2.el6cf.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "puppet-0:2.6.17-2.el6cf.src as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.src" }, "product_reference": "puppet-0:2.6.17-2.el6cf.src", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "puppet-server-0:2.6.17-2.el6cf.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:puppet-server-0:2.6.17-2.el6cf.noarch" }, "product_reference": "puppet-server-0:2.6.17-2.el6cf.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "quartz-0:2.1.5-4.el6_3.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.noarch" }, "product_reference": "quartz-0:2.1.5-4.el6_3.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "quartz-0:2.1.5-4.el6_3.src as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.src" }, "product_reference": "quartz-0:2.1.5-4.el6_3.src", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-activesupport-1:3.0.10-10.el6cf.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.noarch" }, "product_reference": "rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-activesupport-1:3.0.10-10.el6cf.src as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.src" }, "product_reference": "rubygem-activesupport-1:3.0.10-10.el6cf.src", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-apipie-rails-0:0.0.12-2.el6cf.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.noarch" }, "product_reference": "rubygem-apipie-rails-0:0.0.12-2.el6cf.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-apipie-rails-0:0.0.12-2.el6cf.src as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.src" }, "product_reference": "rubygem-apipie-rails-0:0.0.12-2.el6cf.src", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-ldap_fluff-0:0.1.3-1.el6_3.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.noarch" }, "product_reference": "rubygem-ldap_fluff-0:0.1.3-1.el6_3.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-ldap_fluff-0:0.1.3-1.el6_3.src as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.src" }, "product_reference": "rubygem-ldap_fluff-0:0.1.3-1.el6_3.src", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-mail-0:2.3.0-3.el6cf.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.noarch" }, "product_reference": "rubygem-mail-0:2.3.0-3.el6cf.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-mail-0:2.3.0-3.el6cf.src as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.src" }, "product_reference": "rubygem-mail-0:2.3.0-3.el6cf.src", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-mail-doc-0:2.3.0-3.el6cf.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:rubygem-mail-doc-0:2.3.0-3.el6cf.noarch" }, "product_reference": "rubygem-mail-doc-0:2.3.0-3.el6cf.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rack-1:1.3.0-3.el6cf.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.noarch" }, "product_reference": "rubygem-rack-1:1.3.0-3.el6cf.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rack-1:1.3.0-3.el6cf.src as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.src" }, "product_reference": "rubygem-rack-1:1.3.0-3.el6cf.src", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch" }, "product_reference": "rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-ruby_parser-0:2.0.4-6.el6cf.src as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.src" }, "product_reference": "rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch" }, "product_reference": "rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "sigar-0:1.6.5-0.12.git58097d9h.el6_3.src as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.src" }, "product_reference": "sigar-0:1.6.5-0.12.git58097d9h.el6_3.src", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "sigar-0:1.6.5-0.12.git58097d9h.el6_3.x86_64 as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.x86_64" }, "product_reference": "sigar-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "sigar-debuginfo-0:1.6.5-0.12.git58097d9h.el6_3.x86_64 as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:sigar-debuginfo-0:1.6.5-0.12.git58097d9h.el6_3.x86_64" }, "product_reference": "sigar-debuginfo-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "sigar-java-0:1.6.5-0.12.git58097d9h.el6_3.x86_64 as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:sigar-java-0:1.6.5-0.12.git58097d9h.el6_3.x86_64" }, "product_reference": "sigar-java-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "snappy-java-0:1.0.4-2.el6_3.src as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.src" }, "product_reference": "snappy-java-0:1.0.4-2.el6_3.src", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "snappy-java-0:1.0.4-2.el6_3.x86_64 as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.x86_64" }, "product_reference": "snappy-java-0:1.0.4-2.el6_3.x86_64", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "snappy-java-debuginfo-0:1.0.4-2.el6_3.x86_64 as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:snappy-java-debuginfo-0:1.0.4-2.el6_3.x86_64" }, "product_reference": "snappy-java-debuginfo-0:1.0.4-2.el6_3.x86_64", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "thumbslug-0:0.0.28-1.el6_3.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.noarch" }, "product_reference": "thumbslug-0:0.0.28-1.el6_3.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "thumbslug-0:0.0.28-1.el6_3.src as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.src" }, "product_reference": "thumbslug-0:0.0.28-1.el6_3.src", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" }, { "category": "default_component_of", "full_product_name": { "name": "thumbslug-selinux-0:0.0.28-1.el6_3.noarch as a component of Red Hat Subscription Asset Manager for RHEL 6 Server", "product_id": "6Server-SubscriptionAssetManager12:thumbslug-selinux-0:0.0.28-1.el6_3.noarch" }, "product_reference": "thumbslug-selinux-0:0.0.28-1.el6_3.noarch", "relates_to_product_reference": "6Server-SubscriptionAssetManager12" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Aaron Weitekamp" ], "organization": "Red Hat Cloud Quality Engineering team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2012-5561", "discovery_date": "2012-11-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "879094" } ], "notes": [ { "category": "description", "text": "script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file.", "title": "Vulnerability description" }, { "category": "summary", "text": "Katello: /etc/katello/secure/passphrase is world readable", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.src", "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-commons-codec-debuginfo-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.src", "6Server-SubscriptionAssetManager12:apache-mime4j-javadoc-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.src", "6Server-SubscriptionAssetManager12:candlepin-devel-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-selinux-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-tomcat6-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.src", "6Server-SubscriptionAssetManager12:katello-0:1.2.1-15h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-common-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-common-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-glue-candlepin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-all-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-contrib-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.src", "6Server-SubscriptionAssetManager12:puppet-server-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-mail-doc-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.src", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-debuginfo-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-java-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.src", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-debuginfo-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.src", "6Server-SubscriptionAssetManager12:thumbslug-selinux-0:0.0.28-1.el6_3.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5561" }, { "category": "external", "summary": "RHBZ#879094", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=879094" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5561", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5561" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5561", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5561" } ], "release_date": "2013-01-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-02-21T19:04:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.src", "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-commons-codec-debuginfo-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.src", "6Server-SubscriptionAssetManager12:apache-mime4j-javadoc-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.src", "6Server-SubscriptionAssetManager12:candlepin-devel-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-selinux-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-tomcat6-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.src", "6Server-SubscriptionAssetManager12:katello-0:1.2.1-15h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-common-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-common-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-glue-candlepin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-all-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-contrib-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.src", "6Server-SubscriptionAssetManager12:puppet-server-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-mail-doc-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.src", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-debuginfo-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-java-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.src", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-debuginfo-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.src", "6Server-SubscriptionAssetManager12:thumbslug-selinux-0:0.0.28-1.el6_3.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0544" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.src", "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-commons-codec-debuginfo-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.src", "6Server-SubscriptionAssetManager12:apache-mime4j-javadoc-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.src", "6Server-SubscriptionAssetManager12:candlepin-devel-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-selinux-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-tomcat6-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.src", "6Server-SubscriptionAssetManager12:katello-0:1.2.1-15h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-common-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-common-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-glue-candlepin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-all-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-contrib-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.src", "6Server-SubscriptionAssetManager12:puppet-server-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-mail-doc-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.src", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-debuginfo-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-java-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.src", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-debuginfo-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.src", "6Server-SubscriptionAssetManager12:thumbslug-selinux-0:0.0.28-1.el6_3.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Katello: /etc/katello/secure/passphrase is world readable" }, { "acknowledgments": [ { "names": [ "Lukas Zapletal" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2012-5603", "discovery_date": "2012-05-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "882129" } ], "notes": [ { "category": "description", "text": "proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users\u0027 settings via unspecified vectors related to the \"consumer UUID\" of a system.", "title": "Vulnerability description" }, { "category": "summary", "text": "Katello: lack of authorization in proxies_controller.rb", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.src", "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-commons-codec-debuginfo-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.src", "6Server-SubscriptionAssetManager12:apache-mime4j-javadoc-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.src", "6Server-SubscriptionAssetManager12:candlepin-devel-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-selinux-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-tomcat6-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.src", "6Server-SubscriptionAssetManager12:katello-0:1.2.1-15h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-common-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-common-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-glue-candlepin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-all-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-contrib-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.src", "6Server-SubscriptionAssetManager12:puppet-server-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-mail-doc-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.src", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-debuginfo-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-java-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.src", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-debuginfo-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.src", "6Server-SubscriptionAssetManager12:thumbslug-selinux-0:0.0.28-1.el6_3.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5603" }, { "category": "external", "summary": "RHBZ#882129", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=882129" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5603", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5603" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5603", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5603" } ], "release_date": "2012-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-02-21T19:04:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.src", "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-commons-codec-debuginfo-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.src", "6Server-SubscriptionAssetManager12:apache-mime4j-javadoc-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.src", "6Server-SubscriptionAssetManager12:candlepin-devel-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-selinux-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-tomcat6-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.src", "6Server-SubscriptionAssetManager12:katello-0:1.2.1-15h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-common-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-common-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-glue-candlepin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-all-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-contrib-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.src", "6Server-SubscriptionAssetManager12:puppet-server-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-mail-doc-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.src", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-debuginfo-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-java-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.src", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-debuginfo-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.src", "6Server-SubscriptionAssetManager12:thumbslug-selinux-0:0.0.28-1.el6_3.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0544" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0" }, "products": [ "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.src", "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-commons-codec-debuginfo-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.src", "6Server-SubscriptionAssetManager12:apache-mime4j-javadoc-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.src", "6Server-SubscriptionAssetManager12:candlepin-devel-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-selinux-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-tomcat6-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.src", "6Server-SubscriptionAssetManager12:katello-0:1.2.1-15h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-common-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-common-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-glue-candlepin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-all-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-contrib-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.src", "6Server-SubscriptionAssetManager12:puppet-server-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-mail-doc-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.src", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-debuginfo-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-java-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.src", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-debuginfo-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.src", "6Server-SubscriptionAssetManager12:thumbslug-selinux-0:0.0.28-1.el6_3.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Katello: lack of authorization in proxies_controller.rb" }, { "cve": "CVE-2012-6109", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2013-01-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "895277" } ], "notes": [ { "category": "description", "text": "lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.", "title": "Vulnerability description" }, { "category": "summary", "text": "rubygem-rack: parsing Content-Disposition header DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.src", "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-commons-codec-debuginfo-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.src", "6Server-SubscriptionAssetManager12:apache-mime4j-javadoc-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.src", "6Server-SubscriptionAssetManager12:candlepin-devel-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-selinux-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-tomcat6-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.src", "6Server-SubscriptionAssetManager12:katello-0:1.2.1-15h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-common-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-common-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-glue-candlepin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-all-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-contrib-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.src", "6Server-SubscriptionAssetManager12:puppet-server-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-mail-doc-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.src", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-debuginfo-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-java-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.src", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-debuginfo-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.src", "6Server-SubscriptionAssetManager12:thumbslug-selinux-0:0.0.28-1.el6_3.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-6109" }, { "category": "external", "summary": "RHBZ#895277", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895277" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-6109", "url": "https://www.cve.org/CVERecord?id=CVE-2012-6109" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-6109", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6109" } ], "release_date": "2012-05-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-02-21T19:04:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.src", "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-commons-codec-debuginfo-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.src", "6Server-SubscriptionAssetManager12:apache-mime4j-javadoc-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.src", "6Server-SubscriptionAssetManager12:candlepin-devel-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-selinux-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-tomcat6-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.src", "6Server-SubscriptionAssetManager12:katello-0:1.2.1-15h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-common-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-common-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-glue-candlepin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-all-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-contrib-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.src", "6Server-SubscriptionAssetManager12:puppet-server-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-mail-doc-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.src", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-debuginfo-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-java-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.src", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-debuginfo-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.src", "6Server-SubscriptionAssetManager12:thumbslug-selinux-0:0.0.28-1.el6_3.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0544" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.src", "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-commons-codec-debuginfo-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.src", "6Server-SubscriptionAssetManager12:apache-mime4j-javadoc-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.src", "6Server-SubscriptionAssetManager12:candlepin-devel-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-selinux-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-tomcat6-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.src", "6Server-SubscriptionAssetManager12:katello-0:1.2.1-15h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-common-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-common-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-glue-candlepin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-all-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-contrib-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.src", "6Server-SubscriptionAssetManager12:puppet-server-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-mail-doc-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.src", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-debuginfo-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-java-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.src", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-debuginfo-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.src", "6Server-SubscriptionAssetManager12:thumbslug-selinux-0:0.0.28-1.el6_3.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "rubygem-rack: parsing Content-Disposition header DoS" }, { "acknowledgments": [ { "names": [ "Michael Scherer" ], "organization": "Red Hat Regional IT team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2013-0162", "cwe": { "id": "CWE-377", "name": "Insecure Temporary File" }, "discovery_date": "2013-01-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "892806" } ], "notes": [ { "category": "description", "text": "The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.", "title": "Vulnerability description" }, { "category": "summary", "text": "rubygem-ruby_parser: incorrect temporary file usage", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.src", "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-commons-codec-debuginfo-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.src", "6Server-SubscriptionAssetManager12:apache-mime4j-javadoc-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.src", "6Server-SubscriptionAssetManager12:candlepin-devel-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-selinux-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-tomcat6-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.src", "6Server-SubscriptionAssetManager12:katello-0:1.2.1-15h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-common-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-common-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-glue-candlepin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-all-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-contrib-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.src", "6Server-SubscriptionAssetManager12:puppet-server-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-mail-doc-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.src", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-debuginfo-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-java-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.src", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-debuginfo-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.src", "6Server-SubscriptionAssetManager12:thumbslug-selinux-0:0.0.28-1.el6_3.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0162" }, { "category": "external", "summary": "RHBZ#892806", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892806" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0162", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0162" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0162", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0162" } ], "release_date": "2013-01-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-02-21T19:04:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.src", "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-commons-codec-debuginfo-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.src", "6Server-SubscriptionAssetManager12:apache-mime4j-javadoc-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.src", "6Server-SubscriptionAssetManager12:candlepin-devel-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-selinux-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-tomcat6-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.src", "6Server-SubscriptionAssetManager12:katello-0:1.2.1-15h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-common-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-common-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-glue-candlepin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-all-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-contrib-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.src", "6Server-SubscriptionAssetManager12:puppet-server-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-mail-doc-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.src", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-debuginfo-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-java-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.src", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-debuginfo-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.src", "6Server-SubscriptionAssetManager12:thumbslug-selinux-0:0.0.28-1.el6_3.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0544" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.src", "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-commons-codec-debuginfo-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.src", "6Server-SubscriptionAssetManager12:apache-mime4j-javadoc-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.src", "6Server-SubscriptionAssetManager12:candlepin-devel-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-selinux-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-tomcat6-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.src", "6Server-SubscriptionAssetManager12:katello-0:1.2.1-15h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-common-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-common-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-glue-candlepin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-all-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-contrib-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.src", "6Server-SubscriptionAssetManager12:puppet-server-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-mail-doc-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.src", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-debuginfo-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-java-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.src", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-debuginfo-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.src", "6Server-SubscriptionAssetManager12:thumbslug-selinux-0:0.0.28-1.el6_3.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "rubygem-ruby_parser: incorrect temporary file usage" }, { "cve": "CVE-2013-0183", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2013-01-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "895282" } ], "notes": [ { "category": "description", "text": "multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.", "title": "Vulnerability description" }, { "category": "summary", "text": "rubygem-rack: receiving excessively long lines triggers out-of-memory error", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.src", "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-commons-codec-debuginfo-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.src", "6Server-SubscriptionAssetManager12:apache-mime4j-javadoc-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.src", "6Server-SubscriptionAssetManager12:candlepin-devel-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-selinux-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-tomcat6-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.src", "6Server-SubscriptionAssetManager12:katello-0:1.2.1-15h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-common-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-common-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-glue-candlepin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-all-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-contrib-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.src", "6Server-SubscriptionAssetManager12:puppet-server-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-mail-doc-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.src", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-debuginfo-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-java-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.src", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-debuginfo-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.src", "6Server-SubscriptionAssetManager12:thumbslug-selinux-0:0.0.28-1.el6_3.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0183" }, { "category": "external", "summary": "RHBZ#895282", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895282" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0183", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0183" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0183", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0183" } ], "release_date": "2013-01-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-02-21T19:04:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.src", "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-commons-codec-debuginfo-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.src", "6Server-SubscriptionAssetManager12:apache-mime4j-javadoc-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.src", "6Server-SubscriptionAssetManager12:candlepin-devel-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-selinux-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-tomcat6-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.src", "6Server-SubscriptionAssetManager12:katello-0:1.2.1-15h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-common-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-common-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-glue-candlepin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-all-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-contrib-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.src", "6Server-SubscriptionAssetManager12:puppet-server-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-mail-doc-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.src", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-debuginfo-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-java-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.src", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-debuginfo-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.src", "6Server-SubscriptionAssetManager12:thumbslug-selinux-0:0.0.28-1.el6_3.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0544" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.src", "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-commons-codec-debuginfo-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.src", "6Server-SubscriptionAssetManager12:apache-mime4j-javadoc-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.src", "6Server-SubscriptionAssetManager12:candlepin-devel-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-selinux-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-tomcat6-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.src", "6Server-SubscriptionAssetManager12:katello-0:1.2.1-15h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-common-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-common-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-glue-candlepin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-all-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-contrib-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.src", "6Server-SubscriptionAssetManager12:puppet-server-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-mail-doc-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.src", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-debuginfo-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-java-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.src", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-debuginfo-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.src", "6Server-SubscriptionAssetManager12:thumbslug-selinux-0:0.0.28-1.el6_3.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "rubygem-rack: receiving excessively long lines triggers out-of-memory error" }, { "cve": "CVE-2013-0184", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2013-01-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "895384" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to \"symbolized arbitrary strings.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "rubygem-rack: Rack::Auth:: AbstractRequest DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.src", "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-commons-codec-debuginfo-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.src", "6Server-SubscriptionAssetManager12:apache-mime4j-javadoc-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.src", "6Server-SubscriptionAssetManager12:candlepin-devel-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-selinux-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-tomcat6-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.src", "6Server-SubscriptionAssetManager12:katello-0:1.2.1-15h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-common-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-common-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-glue-candlepin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-all-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-contrib-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.src", "6Server-SubscriptionAssetManager12:puppet-server-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-mail-doc-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.src", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-debuginfo-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-java-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.src", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-debuginfo-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.src", "6Server-SubscriptionAssetManager12:thumbslug-selinux-0:0.0.28-1.el6_3.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0184" }, { "category": "external", "summary": "RHBZ#895384", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895384" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0184", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0184" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0184", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0184" } ], "release_date": "2012-05-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-02-21T19:04:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.src", "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-commons-codec-debuginfo-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.src", "6Server-SubscriptionAssetManager12:apache-mime4j-javadoc-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.src", "6Server-SubscriptionAssetManager12:candlepin-devel-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-selinux-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-tomcat6-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.src", "6Server-SubscriptionAssetManager12:katello-0:1.2.1-15h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-common-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-common-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-glue-candlepin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-all-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-contrib-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.src", "6Server-SubscriptionAssetManager12:puppet-server-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-mail-doc-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.src", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-debuginfo-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-java-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.src", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-debuginfo-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.src", "6Server-SubscriptionAssetManager12:thumbslug-selinux-0:0.0.28-1.el6_3.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0544" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.src", "6Server-SubscriptionAssetManager12:apache-commons-codec-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-commons-codec-debuginfo-0:1.7-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1.src", "6Server-SubscriptionAssetManager12:apache-mime4j-javadoc-0:0.6-4_redhat_1.ep6.el6.1.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-0:0.7.23-1.el6_3.src", "6Server-SubscriptionAssetManager12:candlepin-devel-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-selinux-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:candlepin-tomcat6-0:0.7.23-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.noarch", "6Server-SubscriptionAssetManager12:elasticsearch-0:0.19.9-5.el6_3.src", "6Server-SubscriptionAssetManager12:katello-0:1.2.1-15h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-certs-tools-0:1.2.1-1h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-cli-0:1.2.1-12h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-cli-common-0:1.2.1-12h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-common-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-configure-0:1.2.3-3h.el6_3.src", "6Server-SubscriptionAssetManager12:katello-glue-candlepin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-headpin-all-0:1.2.1-15h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.noarch", "6Server-SubscriptionAssetManager12:katello-selinux-0:1.2.1-2h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:lucene3-0:3.6.1-10h.el6_3.src", "6Server-SubscriptionAssetManager12:lucene3-contrib-0:3.6.1-10h.el6_3.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:puppet-0:2.6.17-2.el6cf.src", "6Server-SubscriptionAssetManager12:puppet-server-0:2.6.17-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.noarch", "6Server-SubscriptionAssetManager12:quartz-0:2.1.5-4.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-apipie-rails-0:0.0.12-2.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:rubygem-ldap_fluff-0:0.1.3-1.el6_3.src", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-mail-0:2.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-mail-doc-0:2.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SubscriptionAssetManager12:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.src", "6Server-SubscriptionAssetManager12:sigar-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-debuginfo-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:sigar-java-0:1.6.5-0.12.git58097d9h.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.src", "6Server-SubscriptionAssetManager12:snappy-java-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:snappy-java-debuginfo-0:1.0.4-2.el6_3.x86_64", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.noarch", "6Server-SubscriptionAssetManager12:thumbslug-0:0.0.28-1.el6_3.src", "6Server-SubscriptionAssetManager12:thumbslug-selinux-0:0.0.28-1.el6_3.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "rubygem-rack: Rack::Auth:: AbstractRequest DoS" } ] }
rhsa-2013_0548
Vulnerability from csaf_redhat
Published
2013-02-21 18:56
Modified
2024-11-22 06:25
Summary
Red Hat Security Advisory: CloudForms Common 1.1.2 update
Notes
Topic
CloudForms Common 1.1.2 is now available.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat CloudForms is an on-premise hybrid cloud
Infrastructure-as-a-Service (IaaS) product that lets you create and manage
private and public clouds. It provides self-service computing resources to
users in a managed, governed, and secure way.
Three flaws were found in rubygem-rack. A remote attacker could use these
flaws to perform a denial of service attack against applications using
rubygem-rack. (CVE-2012-6109, CVE-2013-0183, CVE-2013-0184)
It was found that documentation created by rubygem-rdoc was vulnerable to
a cross-site scripting (XSS) attack. If such documentation was accessible
over a network, and a remote attacker could trick a user into visiting a
specially-crafted URL, it would lead to arbitrary web script execution in
the context of the user's session. As rubygem-rdoc is used for creating
documentation for Ruby source files (such as classes, modules, and so on),
it is not a common scenario to make such documentation accessible over the
network. (CVE-2013-0256)
It was found that ruby_parser from rubygem-ruby_parser created a temporary
file in an insecure way. A local attacker could use this flaw to perform a
symbolic link attack, overwriting arbitrary files accessible to the
application using ruby_parser. (CVE-2013-0162)
Red Hat would like to thank Eric Hodel of RDoc upstream for reporting
CVE-2013-0256. Upstream acknowledges Evgeny Ermakov as the original
reporter of CVE-2013-0256. The CVE-2013-0162 issue was discovered by
Michael Scherer of the Red Hat Regional IT team.
Refer to the CloudForms 1.1.2 Release Notes for further information about
this release. The Release Notes will be available shortly from
https://access.redhat.com/knowledge/docs/
Users of CloudForms Common are advised to upgrade to these updated
packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "CloudForms Common 1.1.2 is now available.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat CloudForms is an on-premise hybrid cloud\nInfrastructure-as-a-Service (IaaS) product that lets you create and manage\nprivate and public clouds. It provides self-service computing resources to\nusers in a managed, governed, and secure way.\n\nThree flaws were found in rubygem-rack. A remote attacker could use these\nflaws to perform a denial of service attack against applications using\nrubygem-rack. (CVE-2012-6109, CVE-2013-0183, CVE-2013-0184)\n\nIt was found that documentation created by rubygem-rdoc was vulnerable to\na cross-site scripting (XSS) attack. If such documentation was accessible\nover a network, and a remote attacker could trick a user into visiting a\nspecially-crafted URL, it would lead to arbitrary web script execution in\nthe context of the user\u0027s session. As rubygem-rdoc is used for creating\ndocumentation for Ruby source files (such as classes, modules, and so on),\nit is not a common scenario to make such documentation accessible over the\nnetwork. (CVE-2013-0256)\n\nIt was found that ruby_parser from rubygem-ruby_parser created a temporary\nfile in an insecure way. A local attacker could use this flaw to perform a\nsymbolic link attack, overwriting arbitrary files accessible to the\napplication using ruby_parser. (CVE-2013-0162)\n\nRed Hat would like to thank Eric Hodel of RDoc upstream for reporting\nCVE-2013-0256. Upstream acknowledges Evgeny Ermakov as the original\nreporter of CVE-2013-0256. The CVE-2013-0162 issue was discovered by\nMichael Scherer of the Red Hat Regional IT team.\n\nRefer to the CloudForms 1.1.2 Release Notes for further information about\nthis release. The Release Notes will be available shortly from\nhttps://access.redhat.com/knowledge/docs/\n\nUsers of CloudForms Common are advised to upgrade to these updated\npackages.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2013:0548", "url": "https://access.redhat.com/errata/RHSA-2013:0548" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/knowledge/docs/", "url": "https://access.redhat.com/knowledge/docs/" }, { "category": "external", "summary": "892806", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892806" }, { "category": "external", "summary": "895277", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895277" }, { "category": "external", "summary": "895282", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895282" }, { "category": "external", "summary": "895384", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895384" }, { "category": "external", "summary": "907820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907820" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0548.json" } ], "title": "Red Hat Security Advisory: CloudForms Common 1.1.2 update", "tracking": { "current_release_date": "2024-11-22T06:25:49+00:00", "generator": { "date": "2024-11-22T06:25:49+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2013:0548", "initial_release_date": "2013-02-21T18:56:00+00:00", "revision_history": [ { "date": "2013-02-21T18:56:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2013-02-21T19:00:32+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T06:25:49+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "CloudForms Cloud Engine for RHEL 6 Server", "product": { "name": "CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine", "product_identification_helper": { "cpe": "cpe:/a:cloudforms_cloudengine:1::el6" } } }, { "category": "product_name", "name": "CloudForms System Engine for RHEL 6 Server", "product": { "name": "CloudForms System Engine for RHEL 6 Server", "product_id": "6Server-SystemEngine", "product_identification_helper": { "cpe": "cpe:/a:cloudforms_systemengine:1::el6" } } } ], "category": "product_family", "name": "Red Hat CloudForms" }, { "branches": [ { "category": "product_version", "name": "rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "product": { "name": "rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "product_id": "rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-ruby_parser@2.0.4-6.el6cf?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "product": { "name": "rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "product_id": "rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-ruby_parser-doc@2.0.4-6.el6cf?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-rack-1:1.3.0-3.el6cf.noarch", "product": { "name": "rubygem-rack-1:1.3.0-3.el6cf.noarch", "product_id": "rubygem-rack-1:1.3.0-3.el6cf.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rack@1.3.0-3.el6cf?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "product": { "name": "rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "product_id": "rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rdoc-doc@3.8-6.el6cf?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-rdoc-0:3.8-6.el6cf.noarch", "product": { "name": "rubygem-rdoc-0:3.8-6.el6cf.noarch", "product_id": "rubygem-rdoc-0:3.8-6.el6cf.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rdoc@3.8-6.el6cf?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-shoulda-doc-0:2.11.3-5.el6cf.noarch", "product": { "name": "rubygem-shoulda-doc-0:2.11.3-5.el6cf.noarch", "product_id": "rubygem-shoulda-doc-0:2.11.3-5.el6cf.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-shoulda-doc@2.11.3-5.el6cf?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-shoulda-0:2.11.3-5.el6cf.noarch", "product": { "name": "rubygem-shoulda-0:2.11.3-5.el6cf.noarch", "product_id": "rubygem-shoulda-0:2.11.3-5.el6cf.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-shoulda@2.11.3-5.el6cf?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-rspec-rails-0:2.6.1-7.el6cf.noarch", "product": { "name": "rubygem-rspec-rails-0:2.6.1-7.el6cf.noarch", "product_id": "rubygem-rspec-rails-0:2.6.1-7.el6cf.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rspec-rails@2.6.1-7.el6cf?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-rspec-rails-doc-0:2.6.1-7.el6cf.noarch", "product": { "name": "rubygem-rspec-rails-doc-0:2.6.1-7.el6cf.noarch", "product_id": "rubygem-rspec-rails-doc-0:2.6.1-7.el6cf.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rspec-rails-doc@2.6.1-7.el6cf?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "product": { "name": "rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "product_id": "rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rails_warden-doc@0.5.5-2.el6cf?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "product": { "name": "rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "product_id": "rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rails_warden@0.5.5-2.el6cf?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "product": { "name": "rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "product_id": "rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-delayed_job@2.1.4-3.el6cf?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "product": { "name": "rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "product_id": "rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-delayed_job-doc@2.1.4-3.el6cf?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "product": { "name": "rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "product_id": "rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-nokogiri-doc@1.5.0-0.9.beta4.el6cf?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "product": { "name": "rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "product_id": "rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-activesupport@3.0.10-10.el6cf?arch=noarch\u0026epoch=1" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "product": { "name": "rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "product_id": "rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-ruby_parser@2.0.4-6.el6cf?arch=src" } } }, { "category": "product_version", "name": "rubygem-rack-1:1.3.0-3.el6cf.src", "product": { "name": "rubygem-rack-1:1.3.0-3.el6cf.src", "product_id": "rubygem-rack-1:1.3.0-3.el6cf.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rack@1.3.0-3.el6cf?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "rubygem-rdoc-0:3.8-6.el6cf.src", "product": { "name": "rubygem-rdoc-0:3.8-6.el6cf.src", "product_id": "rubygem-rdoc-0:3.8-6.el6cf.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rdoc@3.8-6.el6cf?arch=src" } } }, { "category": "product_version", "name": "rubygem-shoulda-0:2.11.3-5.el6cf.src", "product": { "name": "rubygem-shoulda-0:2.11.3-5.el6cf.src", "product_id": "rubygem-shoulda-0:2.11.3-5.el6cf.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-shoulda@2.11.3-5.el6cf?arch=src" } } }, { "category": "product_version", "name": "rubygem-rspec-rails-0:2.6.1-7.el6cf.src", "product": { "name": "rubygem-rspec-rails-0:2.6.1-7.el6cf.src", "product_id": "rubygem-rspec-rails-0:2.6.1-7.el6cf.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rspec-rails@2.6.1-7.el6cf?arch=src" } } }, { "category": "product_version", "name": "rubygem-rails_warden-0:0.5.5-2.el6cf.src", "product": { "name": "rubygem-rails_warden-0:0.5.5-2.el6cf.src", "product_id": "rubygem-rails_warden-0:0.5.5-2.el6cf.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rails_warden@0.5.5-2.el6cf?arch=src" } } }, { "category": "product_version", "name": "rubygem-delayed_job-0:2.1.4-3.el6cf.src", "product": { "name": "rubygem-delayed_job-0:2.1.4-3.el6cf.src", "product_id": "rubygem-delayed_job-0:2.1.4-3.el6cf.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-delayed_job@2.1.4-3.el6cf?arch=src" } } }, { "category": "product_version", "name": "rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "product": { "name": "rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "product_id": "rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-nokogiri@1.5.0-0.9.beta4.el6cf?arch=src" } } }, { "category": "product_version", "name": "rubygem-activesupport-1:3.0.10-10.el6cf.src", "product": { "name": "rubygem-activesupport-1:3.0.10-10.el6cf.src", "product_id": "rubygem-activesupport-1:3.0.10-10.el6cf.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-activesupport@3.0.10-10.el6cf?arch=src\u0026epoch=1" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "product": { "name": "rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "product_id": "rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-nokogiri@1.5.0-0.9.beta4.el6cf?arch=x86_64" } } }, { "category": "product_version", "name": "ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "product": { "name": "ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "product_id": "ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby-nokogiri@1.5.0-0.9.beta4.el6cf?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "product": { "name": "rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "product_id": "rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-nokogiri-debuginfo@1.5.0-0.9.beta4.el6cf?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64 as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64" }, "product_reference": "ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-activesupport-1:3.0.10-10.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch" }, "product_reference": "rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-activesupport-1:3.0.10-10.el6cf.src as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src" }, "product_reference": "rubygem-activesupport-1:3.0.10-10.el6cf.src", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-delayed_job-0:2.1.4-3.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch" }, "product_reference": "rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-delayed_job-0:2.1.4-3.el6cf.src as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src" }, "product_reference": "rubygem-delayed_job-0:2.1.4-3.el6cf.src", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch" }, "product_reference": "rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src" }, "product_reference": "rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64 as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64" }, "product_reference": "rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64 as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64" }, "product_reference": "rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch" }, "product_reference": "rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rack-1:1.3.0-3.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch" }, "product_reference": "rubygem-rack-1:1.3.0-3.el6cf.noarch", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rack-1:1.3.0-3.el6cf.src as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.src" }, "product_reference": "rubygem-rack-1:1.3.0-3.el6cf.src", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rails_warden-0:0.5.5-2.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch" }, "product_reference": "rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rails_warden-0:0.5.5-2.el6cf.src as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src" }, "product_reference": "rubygem-rails_warden-0:0.5.5-2.el6cf.src", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch" }, "product_reference": "rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rdoc-0:3.8-6.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch" }, "product_reference": "rubygem-rdoc-0:3.8-6.el6cf.noarch", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rdoc-0:3.8-6.el6cf.src as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.src" }, "product_reference": "rubygem-rdoc-0:3.8-6.el6cf.src", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rdoc-doc-0:3.8-6.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch" }, "product_reference": "rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rspec-rails-0:2.6.1-7.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.noarch" }, "product_reference": "rubygem-rspec-rails-0:2.6.1-7.el6cf.noarch", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rspec-rails-0:2.6.1-7.el6cf.src as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.src" }, "product_reference": "rubygem-rspec-rails-0:2.6.1-7.el6cf.src", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rspec-rails-doc-0:2.6.1-7.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-rspec-rails-doc-0:2.6.1-7.el6cf.noarch" }, "product_reference": "rubygem-rspec-rails-doc-0:2.6.1-7.el6cf.noarch", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch" }, "product_reference": "rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-ruby_parser-0:2.0.4-6.el6cf.src as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src" }, "product_reference": "rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch" }, "product_reference": "rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-shoulda-0:2.11.3-5.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.noarch" }, "product_reference": "rubygem-shoulda-0:2.11.3-5.el6cf.noarch", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-shoulda-0:2.11.3-5.el6cf.src as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.src" }, "product_reference": "rubygem-shoulda-0:2.11.3-5.el6cf.src", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-shoulda-doc-0:2.11.3-5.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server", "product_id": "6Server-CloudEngine:rubygem-shoulda-doc-0:2.11.3-5.el6cf.noarch" }, "product_reference": "rubygem-shoulda-doc-0:2.11.3-5.el6cf.noarch", "relates_to_product_reference": "6Server-CloudEngine" }, { "category": "default_component_of", "full_product_name": { "name": "ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64 as a component of CloudForms System Engine for RHEL 6 Server", "product_id": "6Server-SystemEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64" }, "product_reference": "ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "relates_to_product_reference": "6Server-SystemEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-activesupport-1:3.0.10-10.el6cf.noarch as a component of CloudForms System Engine for RHEL 6 Server", "product_id": "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch" }, "product_reference": "rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "relates_to_product_reference": "6Server-SystemEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-activesupport-1:3.0.10-10.el6cf.src as a component of CloudForms System Engine for RHEL 6 Server", "product_id": "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src" }, "product_reference": "rubygem-activesupport-1:3.0.10-10.el6cf.src", "relates_to_product_reference": "6Server-SystemEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-delayed_job-0:2.1.4-3.el6cf.noarch as a component of CloudForms System Engine for RHEL 6 Server", "product_id": "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch" }, "product_reference": "rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "relates_to_product_reference": "6Server-SystemEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-delayed_job-0:2.1.4-3.el6cf.src as a component of CloudForms System Engine for RHEL 6 Server", "product_id": "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src" }, "product_reference": "rubygem-delayed_job-0:2.1.4-3.el6cf.src", "relates_to_product_reference": "6Server-SystemEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch as a component of CloudForms System Engine for RHEL 6 Server", "product_id": "6Server-SystemEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch" }, "product_reference": "rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "relates_to_product_reference": "6Server-SystemEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src as a component of CloudForms System Engine for RHEL 6 Server", "product_id": "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src" }, "product_reference": "rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "relates_to_product_reference": "6Server-SystemEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64 as a component of CloudForms System Engine for RHEL 6 Server", "product_id": "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64" }, "product_reference": "rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "relates_to_product_reference": "6Server-SystemEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64 as a component of CloudForms System Engine for RHEL 6 Server", "product_id": "6Server-SystemEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64" }, "product_reference": "rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "relates_to_product_reference": "6Server-SystemEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch as a component of CloudForms System Engine for RHEL 6 Server", "product_id": "6Server-SystemEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch" }, "product_reference": "rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "relates_to_product_reference": "6Server-SystemEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rack-1:1.3.0-3.el6cf.noarch as a component of CloudForms System Engine for RHEL 6 Server", "product_id": "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch" }, "product_reference": "rubygem-rack-1:1.3.0-3.el6cf.noarch", "relates_to_product_reference": "6Server-SystemEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rack-1:1.3.0-3.el6cf.src as a component of CloudForms System Engine for RHEL 6 Server", "product_id": "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.src" }, "product_reference": "rubygem-rack-1:1.3.0-3.el6cf.src", "relates_to_product_reference": "6Server-SystemEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rails_warden-0:0.5.5-2.el6cf.noarch as a component of CloudForms System Engine for RHEL 6 Server", "product_id": "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch" }, "product_reference": "rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "relates_to_product_reference": "6Server-SystemEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rails_warden-0:0.5.5-2.el6cf.src as a component of CloudForms System Engine for RHEL 6 Server", "product_id": "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src" }, "product_reference": "rubygem-rails_warden-0:0.5.5-2.el6cf.src", "relates_to_product_reference": "6Server-SystemEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch as a component of CloudForms System Engine for RHEL 6 Server", "product_id": "6Server-SystemEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch" }, "product_reference": "rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "relates_to_product_reference": "6Server-SystemEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rdoc-0:3.8-6.el6cf.noarch as a component of CloudForms System Engine for RHEL 6 Server", "product_id": "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch" }, "product_reference": "rubygem-rdoc-0:3.8-6.el6cf.noarch", "relates_to_product_reference": "6Server-SystemEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rdoc-0:3.8-6.el6cf.src as a component of CloudForms System Engine for RHEL 6 Server", "product_id": "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.src" }, "product_reference": "rubygem-rdoc-0:3.8-6.el6cf.src", "relates_to_product_reference": "6Server-SystemEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rdoc-doc-0:3.8-6.el6cf.noarch as a component of CloudForms System Engine for RHEL 6 Server", "product_id": "6Server-SystemEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch" }, "product_reference": "rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "relates_to_product_reference": "6Server-SystemEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch as a component of CloudForms System Engine for RHEL 6 Server", "product_id": "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch" }, "product_reference": "rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "relates_to_product_reference": "6Server-SystemEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-ruby_parser-0:2.0.4-6.el6cf.src as a component of CloudForms System Engine for RHEL 6 Server", "product_id": "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src" }, "product_reference": "rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "relates_to_product_reference": "6Server-SystemEngine" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch as a component of CloudForms System Engine for RHEL 6 Server", "product_id": "6Server-SystemEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch" }, "product_reference": "rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "relates_to_product_reference": "6Server-SystemEngine" } ] }, "vulnerabilities": [ { "cve": "CVE-2012-6109", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2013-01-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "895277" } ], "notes": [ { "category": "description", "text": "lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.", "title": "Vulnerability description" }, { "category": "summary", "text": "rubygem-rack: parsing Content-Disposition header DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-CloudEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-CloudEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.src", "6Server-CloudEngine:rubygem-rspec-rails-doc-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-CloudEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.src", "6Server-CloudEngine:rubygem-shoulda-doc-0:2.11.3-5.el6cf.noarch", "6Server-SystemEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-SystemEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SystemEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-6109" }, { "category": "external", "summary": "RHBZ#895277", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895277" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-6109", "url": "https://www.cve.org/CVERecord?id=CVE-2012-6109" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-6109", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6109" } ], "release_date": "2012-05-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-02-21T18:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "6Server-CloudEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-CloudEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.src", "6Server-CloudEngine:rubygem-rspec-rails-doc-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-CloudEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.src", "6Server-CloudEngine:rubygem-shoulda-doc-0:2.11.3-5.el6cf.noarch", "6Server-SystemEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-SystemEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SystemEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0548" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "6Server-CloudEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-CloudEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.src", "6Server-CloudEngine:rubygem-rspec-rails-doc-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-CloudEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.src", "6Server-CloudEngine:rubygem-shoulda-doc-0:2.11.3-5.el6cf.noarch", "6Server-SystemEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-SystemEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SystemEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "rubygem-rack: parsing Content-Disposition header DoS" }, { "acknowledgments": [ { "names": [ "Michael Scherer" ], "organization": "Red Hat Regional IT team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2013-0162", "cwe": { "id": "CWE-377", "name": "Insecure Temporary File" }, "discovery_date": "2013-01-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "892806" } ], "notes": [ { "category": "description", "text": "The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.", "title": "Vulnerability description" }, { "category": "summary", "text": "rubygem-ruby_parser: incorrect temporary file usage", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-CloudEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-CloudEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.src", "6Server-CloudEngine:rubygem-rspec-rails-doc-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-CloudEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.src", "6Server-CloudEngine:rubygem-shoulda-doc-0:2.11.3-5.el6cf.noarch", "6Server-SystemEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-SystemEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SystemEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0162" }, { "category": "external", "summary": "RHBZ#892806", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892806" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0162", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0162" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0162", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0162" } ], "release_date": "2013-01-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-02-21T18:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "6Server-CloudEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-CloudEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.src", "6Server-CloudEngine:rubygem-rspec-rails-doc-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-CloudEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.src", "6Server-CloudEngine:rubygem-shoulda-doc-0:2.11.3-5.el6cf.noarch", "6Server-SystemEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-SystemEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SystemEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0548" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "6Server-CloudEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-CloudEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.src", "6Server-CloudEngine:rubygem-rspec-rails-doc-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-CloudEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.src", "6Server-CloudEngine:rubygem-shoulda-doc-0:2.11.3-5.el6cf.noarch", "6Server-SystemEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-SystemEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SystemEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "rubygem-ruby_parser: incorrect temporary file usage" }, { "cve": "CVE-2013-0183", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2013-01-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "895282" } ], "notes": [ { "category": "description", "text": "multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.", "title": "Vulnerability description" }, { "category": "summary", "text": "rubygem-rack: receiving excessively long lines triggers out-of-memory error", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-CloudEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-CloudEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.src", "6Server-CloudEngine:rubygem-rspec-rails-doc-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-CloudEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.src", "6Server-CloudEngine:rubygem-shoulda-doc-0:2.11.3-5.el6cf.noarch", "6Server-SystemEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-SystemEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SystemEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0183" }, { "category": "external", "summary": "RHBZ#895282", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895282" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0183", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0183" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0183", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0183" } ], "release_date": "2013-01-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-02-21T18:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "6Server-CloudEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-CloudEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.src", "6Server-CloudEngine:rubygem-rspec-rails-doc-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-CloudEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.src", "6Server-CloudEngine:rubygem-shoulda-doc-0:2.11.3-5.el6cf.noarch", "6Server-SystemEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-SystemEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SystemEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0548" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "6Server-CloudEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-CloudEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.src", "6Server-CloudEngine:rubygem-rspec-rails-doc-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-CloudEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.src", "6Server-CloudEngine:rubygem-shoulda-doc-0:2.11.3-5.el6cf.noarch", "6Server-SystemEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-SystemEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SystemEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "rubygem-rack: receiving excessively long lines triggers out-of-memory error" }, { "cve": "CVE-2013-0184", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2013-01-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "895384" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to \"symbolized arbitrary strings.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "rubygem-rack: Rack::Auth:: AbstractRequest DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-CloudEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-CloudEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.src", "6Server-CloudEngine:rubygem-rspec-rails-doc-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-CloudEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.src", "6Server-CloudEngine:rubygem-shoulda-doc-0:2.11.3-5.el6cf.noarch", "6Server-SystemEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-SystemEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SystemEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0184" }, { "category": "external", "summary": "RHBZ#895384", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895384" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0184", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0184" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0184", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0184" } ], "release_date": "2012-05-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-02-21T18:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "6Server-CloudEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-CloudEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.src", "6Server-CloudEngine:rubygem-rspec-rails-doc-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-CloudEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.src", "6Server-CloudEngine:rubygem-shoulda-doc-0:2.11.3-5.el6cf.noarch", "6Server-SystemEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-SystemEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SystemEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0548" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "6Server-CloudEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-CloudEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.src", "6Server-CloudEngine:rubygem-rspec-rails-doc-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-CloudEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.src", "6Server-CloudEngine:rubygem-shoulda-doc-0:2.11.3-5.el6cf.noarch", "6Server-SystemEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-SystemEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SystemEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "rubygem-rack: Rack::Auth:: AbstractRequest DoS" }, { "acknowledgments": [ { "names": [ "Eric Hodel" ], "organization": "RDoc upstream" }, { "names": [ "Evgeny Ermakov" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2013-0256", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2013-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "907820" } ], "notes": [ { "category": "description", "text": "darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.", "title": "Vulnerability description" }, { "category": "summary", "text": "rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-CloudEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-CloudEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.src", "6Server-CloudEngine:rubygem-rspec-rails-doc-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-CloudEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.src", "6Server-CloudEngine:rubygem-shoulda-doc-0:2.11.3-5.el6cf.noarch", "6Server-SystemEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-SystemEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SystemEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0256" }, { "category": "external", "summary": "RHBZ#907820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907820" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0256", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0256" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0256", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0256" }, { "category": "external", "summary": "http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/", "url": "http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/" } ], "release_date": "2013-02-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-02-21T18:56:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "6Server-CloudEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-CloudEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.src", "6Server-CloudEngine:rubygem-rspec-rails-doc-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-CloudEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.src", "6Server-CloudEngine:rubygem-shoulda-doc-0:2.11.3-5.el6cf.noarch", "6Server-SystemEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-SystemEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SystemEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0548" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "6Server-CloudEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-CloudEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-CloudEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-CloudEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-CloudEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-CloudEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-CloudEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-CloudEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-rspec-rails-0:2.6.1-7.el6cf.src", "6Server-CloudEngine:rubygem-rspec-rails-doc-0:2.6.1-7.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-CloudEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.noarch", "6Server-CloudEngine:rubygem-shoulda-0:2.11.3-5.el6cf.src", "6Server-CloudEngine:rubygem-shoulda-doc-0:2.11.3-5.el6cf.noarch", "6Server-SystemEngine:ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.noarch", "6Server-SystemEngine:rubygem-activesupport-1:3.0.10-10.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-delayed_job-0:2.1.4-3.el6cf.src", "6Server-SystemEngine:rubygem-delayed_job-doc-0:2.1.4-3.el6cf.noarch", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.src", "6Server-SystemEngine:rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64", "6Server-SystemEngine:rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.noarch", "6Server-SystemEngine:rubygem-rack-1:1.3.0-3.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rails_warden-0:0.5.5-2.el6cf.src", "6Server-SystemEngine:rubygem-rails_warden-doc-0:0.5.5-2.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-rdoc-0:3.8-6.el6cf.src", "6Server-SystemEngine:rubygem-rdoc-doc-0:3.8-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.noarch", "6Server-SystemEngine:rubygem-ruby_parser-0:2.0.4-6.el6cf.src", "6Server-SystemEngine:rubygem-ruby_parser-doc-0:2.0.4-6.el6cf.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template" } ] }
gsd-2013-0183
Vulnerability from gsd
Modified
2013-01-07 00:00
Details
multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2013-0183", "description": "multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.", "id": "GSD-2013-0183", "references": [ "https://www.suse.com/security/cve/CVE-2013-0183.html", "https://www.debian.org/security/2013/dsa-2783", "https://access.redhat.com/errata/RHSA-2013:0548", "https://access.redhat.com/errata/RHSA-2013:0544" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "affected": [ { "package": { "ecosystem": "RubyGems", "name": "rack", "purl": "pkg:gem/rack" } } ], "aliases": [ "CVE-2013-0183", "OSVDB-89320" ], "details": "multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.", "id": "GSD-2013-0183", "modified": "2013-01-07T00:00:00.000Z", "published": "2013-01-07T00:00:00.000Z", "references": [ { "type": "WEB", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0183" } ], "schema_version": "1.4.0", "severity": [ { "score": 5.0, "type": "CVSS_V2" } ], "summary": "CVE-2013-0183 rubygem-rack: receiving excessively long lines triggers out-of-memory error" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0183", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_affected": "=", "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html", "refsource": "MISC", "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "name": "http://rhn.redhat.com/errata/RHSA-2013-0544.html", "refsource": "MISC", "url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html" }, { "name": "http://rhn.redhat.com/errata/RHSA-2013-0548.html", "refsource": "MISC", "url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html" }, { "name": "http://www.debian.org/security/2013/dsa-2783", "refsource": "MISC", "url": "http://www.debian.org/security/2013/dsa-2783" }, { "name": "http://rack.github.com/", "refsource": "MISC", "url": "http://rack.github.com/" }, { "name": "https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff", "refsource": "MISC", "url": "https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff" }, { "name": "https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18", "refsource": "MISC", "url": "https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18" }, { "name": "https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI", "refsource": "MISC", "url": "https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI" }, { "name": "https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs", "refsource": "MISC", "url": "https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=895282", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895282" } ] } }, "github.com/rubysec/ruby-advisory-db": { "cve": "2013-0183", "cvss_v2": 5.0, "date": "2013-01-07", "description": "multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.", "gem": "rack", "osvdb": 89320, "patched_versions": [ "~\u003e 1.3.8", "\u003e= 1.4.3" ], "title": "CVE-2013-0183 rubygem-rack: receiving excessively long lines triggers out-of-memory error", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0183" }, "gitlab.com": { "advisories": [ { "affected_range": "\u003e=1.3.0 \u003c=1.4.2", "affected_versions": "All versions starting from 1.3.0 up to 1.4.2", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cwe_ids": [ "CWE-1035", "CWE-119", "CWE-937" ], "date": "2018-08-13", "description": "multipart/parser.rb in Rack allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.", "fixed_versions": [ "1.4.3" ], "identifier": "CVE-2013-0183", "identifiers": [ "CVE-2013-0183" ], "not_impacted": "All versions before 1.3.0, all versions after 1.4.2", "package_slug": "gem/rack", "pubdate": "2013-03-01", "solution": "Upgrade to version 1.4.3 or above.", "title": "Improper Restriction of Operations within the Bounds of a Memory Buffer", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2013-0183", "http://rack.github.com/", "http://rhn.redhat.com/errata/RHSA-2013-0548.html", "https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff", "https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18", "https://bugzilla.redhat.com/show_bug.cgi?id=895282", "http://rhn.redhat.com/errata/RHSA-2013-0544.html", "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html", "http://www.debian.org/security/2013/dsa-2783", "https://groups.google.com/forum/#!topic/rack-devel/-MWPHDeGWtI", "https://groups.google.com/forum/#!topic/rack-devel/7ZKPNAjgRSs" ], "uuid": "50e54305-7579-48c4-983c-6e140959d093" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:rack_project:rack:1.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rack_project:rack:1.3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rack_project:rack:1.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rack_project:rack:1.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rack_project:rack:1.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rack_project:rack:1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rack_project:rack:1.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rack_project:rack:1.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:rack_project:rack:1.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rack_project:rack:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rack_project:rack:1.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0183" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-119" } ] } ] }, "references": { "reference_data": [ { "name": "http://rack.github.com/", "refsource": "CONFIRM", "tags": [], "url": "http://rack.github.com/" }, { "name": "RHSA-2013:0548", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html" }, { "name": "https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff", "refsource": "CONFIRM", "tags": [], "url": "https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff" }, { "name": "https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18", "refsource": "CONFIRM", "tags": [], "url": "https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=895282", "refsource": "MISC", "tags": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895282" }, { "name": "RHSA-2013:0544", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html" }, { "name": "openSUSE-SU-2013:0462", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "name": "DSA-2783", "refsource": "DEBIAN", "tags": [], "url": "http://www.debian.org/security/2013/dsa-2783" }, { "name": "https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs", "refsource": "MISC", "tags": [], "url": "https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs" }, { "name": "https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI", "refsource": "MISC", "tags": [], "url": "https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false } }, "lastModifiedDate": "2023-02-13T04:38Z", "publishedDate": "2013-03-01T05:40Z" } } }
ghsa-3pxh-h8hw-mj8w
Vulnerability from github
Published
2017-10-24 18:33
Modified
2023-08-28 12:50
Summary
Rack rubygems receiving excessively long lines triggers out-of-memory error
Details
multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.
{ "affected": [ { "package": { "ecosystem": "RubyGems", "name": "rack" }, "ranges": [ { "events": [ { "introduced": "1.3.0" }, { "fixed": "1.3.8" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "RubyGems", "name": "rack" }, "ranges": [ { "events": [ { "introduced": "1.4.0" }, { "fixed": "1.4.3" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2013-0183" ], "database_specific": { "cwe_ids": [ "CWE-119", "CWE-400" ], "github_reviewed": true, "github_reviewed_at": "2020-06-16T20:55:49Z", "nvd_published_at": "2013-03-01T05:40:00Z", "severity": "MODERATE" }, "details": "multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.", "id": "GHSA-3pxh-h8hw-mj8w", "modified": "2023-08-28T12:50:30Z", "published": "2017-10-24T18:33:37Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0183" }, { "type": "WEB", "url": "https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff" }, { "type": "WEB", "url": "https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2013:0544" }, { "type": "WEB", "url": "https://access.redhat.com/security/cve/CVE-2013-0183" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895282" }, { "type": "PACKAGE", "url": "https://github.com/rack/rack" }, { "type": "WEB", "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0183.yml" }, { "type": "WEB", "url": "https://groups.google.com/forum/#!topic/rack-devel/-MWPHDeGWtI" }, { "type": "WEB", "url": "https://groups.google.com/forum/#!topic/rack-devel/7ZKPNAjgRSs" }, { "type": "WEB", "url": "https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI" }, { "type": "WEB", "url": "https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "type": "WEB", "url": "http://rack.github.com" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html" }, { "type": "WEB", "url": "http://www.debian.org/security/2013/dsa-2783" } ], "schema_version": "1.4.0", "severity": [], "summary": "Rack rubygems receiving excessively long lines triggers out-of-memory error" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.