[RHSA-2015:2180] rubygem-bundler and rubygem-thor security, bug fix, and enhancement update
Bundler manages an application's dependencies through its entire life,
across many machines, systematically and repeatably. Thor is a toolkit for
building powerful command-line interfaces.
A flaw was found in the way Bundler handled gems available from multiple
sources. An attacker with access to one of the sources could create a
malicious gem with the same name, which they could then use to trick a user
into installing, potentially resulting in execution of code from the
attacker-supplied malicious gem. (CVE-2013-0334)
Bundler has been upgraded to upstream version 1.7.8 and Thor has been
upgraded to upstream version 1.19.1, both of which provide a number of bug
fixes and enhancements over the previous versions. (BZ#1194243, BZ#1209921)
All rubygem-bundler and rubygem-thor users are advised to upgrade to these
updated packages, which correct these issues and add these enhancements.
Package | Affected Version |
---|---|
pkg:rpm/redhat/rubygem-thor?distro=redhat-7 | < 0.19.1-1.el7 |
pkg:rpm/redhat/rubygem-thor-doc?distro=redhat-7 | < 0.19.1-1.el7 |
pkg:rpm/redhat/rubygem-bundler?distro=redhat-7 | < 1.7.8-3.el7 |
pkg:rpm/redhat/rubygem-bundler-doc?distro=redhat-7 | < 1.7.8-3.el7 |
- ID
- RHSA-2015:2180
- Severity
- moderate
- URL
- https://access.redhat.com/errata/RHSA-2015:2180
- Published
-
2015-11-19T00:00:00
(8 years ago) - Modified
-
2015-11-19T00:00:00
(8 years ago) - Rights
- Copyright 2015 Red Hat, Inc.
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1146335 | https://bugzilla.redhat.com/1146335 | |
RHSA | RHSA-2015:2180 | https://access.redhat.com/errata/RHSA-2015:2180 | |
CVE | CVE-2013-0334 | https://access.redhat.com/security/cve/CVE-2013-0334 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/redhat/rubygem-thor?distro=redhat-7 | redhat | rubygem-thor | < 0.19.1-1.el7 | redhat-7 | ||
Affected | pkg:rpm/redhat/rubygem-thor-doc?distro=redhat-7 | redhat | rubygem-thor-doc | < 0.19.1-1.el7 | redhat-7 | ||
Affected | pkg:rpm/redhat/rubygem-bundler?distro=redhat-7 | redhat | rubygem-bundler | < 1.7.8-3.el7 | redhat-7 | ||
Affected | pkg:rpm/redhat/rubygem-bundler-doc?distro=redhat-7 | redhat | rubygem-bundler-doc | < 1.7.8-3.el7 | redhat-7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |