Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to do system management
tasks. RubyGems is the Ruby standard for publishing and managing
third-party libraries.
It was discovered that the rubygems API validated version strings using an
unsafe regular expression. An application making use of this API to process
a version string from an untrusted source could be vulnerable to a denial
of service attack through CPU exhaustion. (CVE-2013-4287)
Red Hat would like to thank Rubygems upstream for reporting
CVE-2013-4287. Upstream acknowledges Damir Sharipov as the original
reporter.
All ruby193-ruby users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | noarch | ruby193-rubygem-minitest | < 2.5.1-40.el6 | ruby193-rubygem-minitest-2.5.1-40.el6.noarch.rpm |
RedHat | 6 | x86_64 | ruby193-rubygem-json | < 1.5.5-40.el6 | ruby193-rubygem-json-1.5.5-40.el6.x86_64.rpm |
RedHat | 6 | noarch | ruby193-rubygems | < 1.8.23-40.el6 | ruby193-rubygems-1.8.23-40.el6.noarch.rpm |
RedHat | 6 | x86_64 | ruby193-rubygem-rdoc | < 3.9.5-40.el6 | ruby193-rubygem-rdoc-3.9.5-40.el6.x86_64.rpm |
RedHat | 6 | noarch | ruby193-rubygems-devel | < 1.8.23-40.el6 | ruby193-rubygems-devel-1.8.23-40.el6.noarch.rpm |
RedHat | 6 | src | ruby193-ruby | < 1.9.3.448-40.el6 | ruby193-ruby-1.9.3.448-40.el6.src.rpm |
RedHat | 6 | x86_64 | ruby193-ruby-tcltk | < 1.9.3.448-40.el6 | ruby193-ruby-tcltk-1.9.3.448-40.el6.x86_64.rpm |
RedHat | 6 | x86_64 | ruby193-ruby-libs | < 1.9.3.448-40.el6 | ruby193-ruby-libs-1.9.3.448-40.el6.x86_64.rpm |
RedHat | 6 | noarch | ruby193-rubygem-rake | < 0.9.2.2-40.el6 | ruby193-rubygem-rake-0.9.2.2-40.el6.noarch.rpm |
RedHat | 6 | x86_64 | ruby193-ruby-debuginfo | < 1.9.3.448-40.el6 | ruby193-ruby-debuginfo-1.9.3.448-40.el6.x86_64.rpm |