Bug 11386 - [Update Request]Update RubyGems package to fix CVE-2013-4287
Summary: [Update Request]Update RubyGems package to fix CVE-2013-4287
Status: RESOLVED DUPLICATE of bug 11276
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 3
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://blog.rubygems.org/2013/09/24/C...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-10-06 11:30 CEST by Funda Wang
Modified: 2013-10-06 15:58 CEST (History)
1 user (show)

See Also:
Source RPM: ruby-RubyGems-1.8.27-1.mga3
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Funda Wang 2013-10-06 11:30:16 CEST 
CVE-2013-4363: RubyGems validates versions with a regular expression that is vulnerable to denial of service due to backtracking. For specially crafted RubyGems versions attackers can cause denial of service through CPU consumption.

The ruby-RubyGems was updated to latest 1.8.27 to fix above problems.

URL:
https://bugzilla.redhat.com/show_bug.cgi?id=1002364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4287
http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2013-10-06 15:58:11 CEST 
We already have a bug for this.  Thanks for updating it though!

*** This bug has been marked as a duplicate of bug 11276 ***

Status: NEW => RESOLVED
CC: (none) => luigiwalser
Resolution: (none) => DUPLICATE
Note You need to log in before you can comment on or make changes to this bug.