Skip to navigation

Security Advisory ruby security update

Advisory: RHSA-2004:635-06
Type: Security Advisory
Severity: Moderate
Issued on: 2005-01-17
Last updated on: 2005-01-17
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
CVEs (cve.mitre.org): CVE-2004-0983

Details

An updated ruby package that fixes a denial of service issue for the CGI
instance is now available.

[Updated 17 Jan 2005]
Errata has been updated to include 32-bit libraries on 64-bit architectures.

Ruby is an interpreted scripting language for object-oriented programming.

A flaw was dicovered in the CGI module of Ruby. If empty data is sent by
the POST method to the CGI script which requires MIME type
multipart/form-data, it can get stuck in a loop. A remote attacker could
trigger this flaw and cause a denial of service. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0983 to this issue.

Users are advised to upgrade to this erratum package, which contains a
backported patch to cgi.rb.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

IA-32:
irb-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: f408badb2510f463b5c7872e69a90efc
ruby-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 28689571cc04893ae54659d3bd50600f
ruby-devel-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 6f58c9789a0215e620b07761864d49e1
ruby-docs-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: f2989414a97a41d85efa0386cfd6e63d
ruby-libs-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 645e9618992229a97d7e1de2dbb5c691
ruby-mode-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: f39588cdce470d68cf022ef3d4b7c17d
ruby-tcltk-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 58f1aaa85a9bb7ab46a85dd339b57004
 
x86_64:
irb-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 8ba124cf1c2c7afb3ad723a20b7d5c0d
ruby-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 08fbcb3dbbcc4f6007ff5bb553101e3a
ruby-devel-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: f919fb4d57ac9007db765d15169bb448
ruby-docs-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 9c878a656d96677a21eaeffc98445862
ruby-libs-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 645e9618992229a97d7e1de2dbb5c691
ruby-libs-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: f1b99550c731bb413f8f22bf2af6da95
ruby-mode-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 4900c7792a3c986a8cfcb1ea78ce6045
ruby-tcltk-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 81255d577d75df37f37461811121aa0e
 
Red Hat Enterprise Linux AS (v. 2.1)

IA-32:
irb-1.6.4-2.AS21.1.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 984de6c8bd15661642cf96852eec8594
ruby-1.6.4-2.AS21.1.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 228efa4a0710253ed381d0cb7288654b
ruby-devel-1.6.4-2.AS21.1.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: d45f217ef393decea4bfc43822fad7b3
ruby-docs-1.6.4-2.AS21.1.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: e2eb1318a5a5c800024859f2b8e0bf02
ruby-libs-1.6.4-2.AS21.1.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: edea06b8999c1710ba66d6c580636934
ruby-tcltk-1.6.4-2.AS21.1.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 83393ce9d2ffcaa9159c85fe2ea877f8
 
Red Hat Enterprise Linux AS (v. 3)

IA-32:
irb-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: f408badb2510f463b5c7872e69a90efc
ruby-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 28689571cc04893ae54659d3bd50600f
ruby-devel-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 6f58c9789a0215e620b07761864d49e1
ruby-docs-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: f2989414a97a41d85efa0386cfd6e63d
ruby-libs-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 645e9618992229a97d7e1de2dbb5c691
ruby-mode-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: f39588cdce470d68cf022ef3d4b7c17d
ruby-tcltk-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 58f1aaa85a9bb7ab46a85dd339b57004
 
IA-64:
irb-1.6.8-9.EL3.3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: c592891960b9b93d210b6a83811c847f
ruby-1.6.8-9.EL3.3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 7ac0fee7db9ee459261c63e93546983e
ruby-devel-1.6.8-9.EL3.3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 33cfff0cc59df6f4bb99c6f10f7cfe42
ruby-docs-1.6.8-9.EL3.3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 9646d7fac418cec6cbe503f80d61c0c4
ruby-libs-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 645e9618992229a97d7e1de2dbb5c691
ruby-libs-1.6.8-9.EL3.3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: ac7060784a405a2f2d32c400f20981a9
ruby-mode-1.6.8-9.EL3.3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 76f778eddc74e655d417cae54b6911ed
ruby-tcltk-1.6.8-9.EL3.3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 3a61c755364d2c2fc40235ca174c4109
 
PPC:
irb-1.6.8-9.EL3.3.ppc.rpm
File outdated by:  RHSA-2008:0896
    MD5: 2e78623c3afa71514c422606dcea0eb8
ruby-1.6.8-9.EL3.3.ppc.rpm
File outdated by:  RHSA-2008:0896
    MD5: 1b494554641426f9cc469bdea01b3de2
ruby-devel-1.6.8-9.EL3.3.ppc.rpm
File outdated by:  RHSA-2008:0896
    MD5: c12cf463dda2389c1865643c04a2f200
ruby-docs-1.6.8-9.EL3.3.ppc.rpm
File outdated by:  RHSA-2008:0896
    MD5: 77ebb60cb2b619401afb643b0e417797
ruby-libs-1.6.8-9.EL3.3.ppc.rpm
File outdated by:  RHSA-2008:0896
    MD5: b20f57bfcdff1732a82a8e3d5f939d80
ruby-libs-1.6.8-9.EL3.3.ppc64.rpm
File outdated by:  RHSA-2008:0896
    MD5: f743787692c4c7139fa52b4a9e6e5cea
ruby-mode-1.6.8-9.EL3.3.ppc.rpm
File outdated by:  RHSA-2008:0896
    MD5: 481812301c538d031458b33ac45377ba
ruby-tcltk-1.6.8-9.EL3.3.ppc.rpm
File outdated by:  RHSA-2008:0896
    MD5: 1e68c1c503209d0a00b1d6c49e6f1cc7
 
s390:
irb-1.6.8-9.EL3.3.s390.rpm
File outdated by:  RHSA-2008:0896
    MD5: 417a2dae8057853d95c01752b855a85b
ruby-1.6.8-9.EL3.3.s390.rpm
File outdated by:  RHSA-2008:0896
    MD5: fdcecea5dc82c81fa2def2dd6882be61
ruby-devel-1.6.8-9.EL3.3.s390.rpm
File outdated by:  RHSA-2008:0896
    MD5: 101677cc586a6e0ffa2243f4d44e1690
ruby-docs-1.6.8-9.EL3.3.s390.rpm
File outdated by:  RHSA-2008:0896
    MD5: b9c6e991d23c84cf983c0dda0218b056
ruby-libs-1.6.8-9.EL3.3.s390.rpm
File outdated by:  RHSA-2008:0896
    MD5: 551748a998a181b7aa87d64d97e959b2
ruby-mode-1.6.8-9.EL3.3.s390.rpm
File outdated by:  RHSA-2008:0896
    MD5: 331c153e38936930ee94724649129d4e
ruby-tcltk-1.6.8-9.EL3.3.s390.rpm
File outdated by:  RHSA-2008:0896
    MD5: a01479d847ef53fbad6b7878ace4c326
 
s390x:
irb-1.6.8-9.EL3.3.s390x.rpm
File outdated by:  RHSA-2008:0896
    MD5: dc524b6c4b51ceb1d09fb9aa8f50bfb5
ruby-1.6.8-9.EL3.3.s390x.rpm
File outdated by:  RHSA-2008:0896
    MD5: d067c97c8f1b63216608df91b79f3346
ruby-devel-1.6.8-9.EL3.3.s390x.rpm
File outdated by:  RHSA-2008:0896
    MD5: ca5f632329db91a7d8b0905dfa0c4b98
ruby-docs-1.6.8-9.EL3.3.s390x.rpm
File outdated by:  RHSA-2008:0896
    MD5: 5d54cbc527a849531713ec8569b0b02a
ruby-libs-1.6.8-9.EL3.3.s390.rpm
File outdated by:  RHSA-2008:0896
    MD5: 551748a998a181b7aa87d64d97e959b2
ruby-libs-1.6.8-9.EL3.3.s390x.rpm
File outdated by:  RHSA-2008:0896
    MD5: f184c8c8d7c83527fdc981577050416e
ruby-mode-1.6.8-9.EL3.3.s390x.rpm
File outdated by:  RHSA-2008:0896
    MD5: 77d175cda989287452933c0f419a2a1e
ruby-tcltk-1.6.8-9.EL3.3.s390x.rpm
File outdated by:  RHSA-2008:0896
    MD5: 69b9dd6dcea803c1e83339fa220ef441
 
x86_64:
irb-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 8ba124cf1c2c7afb3ad723a20b7d5c0d
ruby-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 08fbcb3dbbcc4f6007ff5bb553101e3a
ruby-devel-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: f919fb4d57ac9007db765d15169bb448
ruby-docs-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 9c878a656d96677a21eaeffc98445862
ruby-libs-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 645e9618992229a97d7e1de2dbb5c691
ruby-libs-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: f1b99550c731bb413f8f22bf2af6da95
ruby-mode-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 4900c7792a3c986a8cfcb1ea78ce6045
ruby-tcltk-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 81255d577d75df37f37461811121aa0e
 
Red Hat Enterprise Linux ES (v. 2.1)

IA-32:
irb-1.6.4-2.AS21.1.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 984de6c8bd15661642cf96852eec8594
ruby-1.6.4-2.AS21.1.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 228efa4a0710253ed381d0cb7288654b
ruby-devel-1.6.4-2.AS21.1.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: d45f217ef393decea4bfc43822fad7b3
ruby-docs-1.6.4-2.AS21.1.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: e2eb1318a5a5c800024859f2b8e0bf02
ruby-libs-1.6.4-2.AS21.1.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: edea06b8999c1710ba66d6c580636934
ruby-tcltk-1.6.4-2.AS21.1.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 83393ce9d2ffcaa9159c85fe2ea877f8
 
Red Hat Enterprise Linux ES (v. 3)

IA-32:
irb-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: f408badb2510f463b5c7872e69a90efc
ruby-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 28689571cc04893ae54659d3bd50600f
ruby-devel-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 6f58c9789a0215e620b07761864d49e1
ruby-docs-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: f2989414a97a41d85efa0386cfd6e63d
ruby-libs-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 645e9618992229a97d7e1de2dbb5c691
ruby-mode-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: f39588cdce470d68cf022ef3d4b7c17d
ruby-tcltk-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 58f1aaa85a9bb7ab46a85dd339b57004
 
IA-64:
irb-1.6.8-9.EL3.3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: c592891960b9b93d210b6a83811c847f
ruby-1.6.8-9.EL3.3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 7ac0fee7db9ee459261c63e93546983e
ruby-devel-1.6.8-9.EL3.3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 33cfff0cc59df6f4bb99c6f10f7cfe42
ruby-docs-1.6.8-9.EL3.3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 9646d7fac418cec6cbe503f80d61c0c4
ruby-libs-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 645e9618992229a97d7e1de2dbb5c691
ruby-libs-1.6.8-9.EL3.3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: ac7060784a405a2f2d32c400f20981a9
ruby-mode-1.6.8-9.EL3.3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 76f778eddc74e655d417cae54b6911ed
ruby-tcltk-1.6.8-9.EL3.3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 3a61c755364d2c2fc40235ca174c4109
 
x86_64:
irb-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 8ba124cf1c2c7afb3ad723a20b7d5c0d
ruby-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 08fbcb3dbbcc4f6007ff5bb553101e3a
ruby-devel-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: f919fb4d57ac9007db765d15169bb448
ruby-docs-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 9c878a656d96677a21eaeffc98445862
ruby-libs-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 645e9618992229a97d7e1de2dbb5c691
ruby-libs-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: f1b99550c731bb413f8f22bf2af6da95
ruby-mode-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 4900c7792a3c986a8cfcb1ea78ce6045
ruby-tcltk-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 81255d577d75df37f37461811121aa0e
 
Red Hat Enterprise Linux WS (v. 2.1)

IA-32:
irb-1.6.4-2.AS21.1.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 984de6c8bd15661642cf96852eec8594
ruby-1.6.4-2.AS21.1.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 228efa4a0710253ed381d0cb7288654b
ruby-devel-1.6.4-2.AS21.1.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: d45f217ef393decea4bfc43822fad7b3
ruby-docs-1.6.4-2.AS21.1.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: e2eb1318a5a5c800024859f2b8e0bf02
ruby-libs-1.6.4-2.AS21.1.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: edea06b8999c1710ba66d6c580636934
ruby-tcltk-1.6.4-2.AS21.1.i386.rpm
File outdated by:  RHSA-2008:0895
    MD5: 83393ce9d2ffcaa9159c85fe2ea877f8
 
Red Hat Enterprise Linux WS (v. 3)

IA-32:
irb-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: f408badb2510f463b5c7872e69a90efc
ruby-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 28689571cc04893ae54659d3bd50600f
ruby-devel-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 6f58c9789a0215e620b07761864d49e1
ruby-docs-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: f2989414a97a41d85efa0386cfd6e63d
ruby-libs-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 645e9618992229a97d7e1de2dbb5c691
ruby-mode-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: f39588cdce470d68cf022ef3d4b7c17d
ruby-tcltk-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 58f1aaa85a9bb7ab46a85dd339b57004
 
IA-64:
irb-1.6.8-9.EL3.3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: c592891960b9b93d210b6a83811c847f
ruby-1.6.8-9.EL3.3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 7ac0fee7db9ee459261c63e93546983e
ruby-devel-1.6.8-9.EL3.3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 33cfff0cc59df6f4bb99c6f10f7cfe42
ruby-docs-1.6.8-9.EL3.3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 9646d7fac418cec6cbe503f80d61c0c4
ruby-libs-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 645e9618992229a97d7e1de2dbb5c691
ruby-libs-1.6.8-9.EL3.3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: ac7060784a405a2f2d32c400f20981a9
ruby-mode-1.6.8-9.EL3.3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 76f778eddc74e655d417cae54b6911ed
ruby-tcltk-1.6.8-9.EL3.3.ia64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 3a61c755364d2c2fc40235ca174c4109
 
x86_64:
irb-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 8ba124cf1c2c7afb3ad723a20b7d5c0d
ruby-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 08fbcb3dbbcc4f6007ff5bb553101e3a
ruby-devel-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: f919fb4d57ac9007db765d15169bb448
ruby-docs-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 9c878a656d96677a21eaeffc98445862
ruby-libs-1.6.8-9.EL3.3.i386.rpm
File outdated by:  RHSA-2008:0896
    MD5: 645e9618992229a97d7e1de2dbb5c691
ruby-libs-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: f1b99550c731bb413f8f22bf2af6da95
ruby-mode-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 4900c7792a3c986a8cfcb1ea78ce6045
ruby-tcltk-1.6.8-9.EL3.3.x86_64.rpm
File outdated by:  RHSA-2008:0896
    MD5: 81255d577d75df37f37461811121aa0e
 

Bugs fixed (see bugzilla for more information)

138362 - CAN-2004-0983 Denial of Service in Ruby


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/