[FEDORA-2013-17649] Fedora 18: rubygems
Severity
Medium
Affected Packages
1
CVEs
2
Previously a security flow was found on rubygems for validating versions with a regular expression which is vulnerable to denial of service due to backtracking. Although this was thought to be fixed in the previous rubygems, the fix was found imcomplete and the imcompleteness is now assigned as CVE-2013-4363.
A packaging bug was found that a directory was not properly owned.
This new rpm will fix this issue.
Package | Affected Version |
---|---|
pkg:rpm/fedora/rubygems?distro=fedora-18 | < 1.8.25.8.fc18 |
- ID
- FEDORA-2013-17649
- Severity
- medium
- Severity from
- CVE-2013-4363
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2013-17649
- Published
-
2013-10-04T02:02:10
(11 years ago) - Modified
-
2013-10-04T02:02:10
(11 years ago) - Rights
- Copyright 2013 Red Hat, Inc.
- Other Advisories
-
- ALAS-2013-230
- ALAS-2013-231
- ALAS-2014-290
- ELSA-2013-1441
- FEDORA-2013-16251
- FEDORA-2013-16316
- FEDORA-2013-16376
- FEDORA-2013-17603
- FEDORA-2013-17662
- FREEBSD:54237182-9635-4A8B-92D7-33BFAEED84CD
- FREEBSD:742EB9E4-E3CB-4F5A-B94E-0E9A39420600
- RHSA-2013:1441
- RUBYSEC:RUBYGEMS-UPDATE-2013-4287
- RUBYSEC:RUBYGEMS-UPDATE-2013-4363
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/fedora/rubygems?distro=fedora-18 | fedora | rubygems | < 1.8.25.8.fc18 | fedora-18 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |