Bug 11386

Summary: [Update Request]Update RubyGems package to fix CVE-2013-4287
Product: Mageia Reporter: Funda Wang <fundawang>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: luigiwalser
Version: 3   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html
Whiteboard:
Source RPM: ruby-RubyGems-1.8.27-1.mga3 CVE:
Status comment:

Description Funda Wang 2013-10-06 11:30:16 CEST 
CVE-2013-4363: RubyGems validates versions with a regular expression that is vulnerable to denial of service due to backtracking. For specially crafted RubyGems versions attackers can cause denial of service through CPU consumption.

The ruby-RubyGems was updated to latest 1.8.27 to fix above problems.

URL:
https://bugzilla.redhat.com/show_bug.cgi?id=1002364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4287
http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2013-10-06 15:58:11 CEST 
We already have a bug for this.  Thanks for updating it though!

*** This bug has been marked as a duplicate of bug 11276 ***

Status: NEW => RESOLVED
CC: (none) => luigiwalser
Resolution: (none) => DUPLICATE