Skip to navigation

Security Advisory Moderate: CloudForms Commons 1.1 security update

Advisory: RHSA-2012:1542-1
Type: Security Advisory
Severity: Moderate
Issued on: 2012-12-04
Last updated on: 2012-12-04
Affected Products: Red Hat CloudForms
CVEs (cve.mitre.org): CVE-2012-1986
CVE-2012-1987
CVE-2012-1988
CVE-2012-2139
CVE-2012-2140
CVE-2012-2660
CVE-2012-2661
CVE-2012-2694
CVE-2012-2695
CVE-2012-3424
CVE-2012-3463
CVE-2012-3464
CVE-2012-3465
CVE-2012-3864
CVE-2012-3865
CVE-2012-3867

Details

Updated CloudForms Commons packages that fix several security issues are
now available.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Red Hat CloudForms is an on-premise hybrid cloud
Infrastructure-as-a-Service (IaaS) product that lets you create and manage
private and public clouds.

Multiple input validation vulnerabilities were discovered in
rubygem-activerecored. A remote attacker could possibly use these flaws
to perform an SQL injection attack against an application using
rubygem-activerecord. (CVE-2012-2660, CVE-2012-2661, CVE-2012-2694,
CVE-2012-2695)

Multiple cross-site scripting (XSS) flaws were found in rubygem-actionpack.
A remote attacker could use these flaws to conduct XSS attacks against
users of an application using rubygem-actionpack. (CVE-2012-3463,
CVE-2012-3464, CVE-2012-3465)

A flaw was found in the HTTP digest authentication implementation in
rubygem-actionpack. A remote attacker could use this flaw to cause a
denial of service of an application using rubygem-actionpack and digest
authentication. (CVE-2012-3424)

An input validation flaw was found in rubygem-mail's Exim and Sendmail
delivery methods. A remote attacker could use this flaw to execute
arbitrary commands with the privileges of an application using
rubygem-mail. (CVE-2012-2140)

A directory traversal flaw was found in rubygem-mail's file delivery
method. A remote attacker could use this flaw to send a mail with a
specially crafted To: header and write to files with the privileges of
an application using rubygem-mail. (CVE-2012-2139)

Puppet was updated to version 2.6.17, which fixes multiple security
issues. These issues are not exposed by CloudForms. (CVE-2012-1986,
CVE-2012-1987, CVE-2012-1988, CVE-2012-3864, CVE-2012-3865, CVE-2012-3867)

Red Hat would like to thank Puppet Labs for reporting CVE-2012-1988,
CVE-2012-1986, CVE-2012-1987, CVE-2012-3864, CVE-2012-3865, and
CVE-2012-3867.

Users are advised to upgrade to these CloudForms Commons packages, which
resolve these issues.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat CloudForms

SRPMS:
converge-ui-devel-1.0.4-1.el6cf.src.rpm     MD5: 5324fddb7a78f5e64b559f79d51555a8
SHA-256: 27220cde02cfbf029d9b8e6a95b2e9046b5be30080e778975002aa22a78fc4d5
puppet-2.6.17-2.el6cf.src.rpm     MD5: e283a5233b0dfcc416bf9f2921b5b9a5
SHA-256: b63ddfd331ad18036d1cd8e8c630feee389707de6f5d1e42ddb7fa0570781ee8
rubygem-actionpack-3.0.10-10.el6cf.src.rpm
File outdated by:  RHSA-2013:0155
    MD5: 3a78c30fc023aeba717f5ed9a2be7436
SHA-256: ebe680bc656d472892ca38f40a9f829796b4038c515fe8d215e346dff5cb103c
rubygem-activerecord-3.0.10-6.el6cf.src.rpm
File outdated by:  RHSA-2013:0155
    MD5: 5e99b0489a664507daec878b8346d08b
SHA-256: f4ffb21020fd18cc25be9013cce04d4d1515bec80131321af3cc8d28f842ecc0
rubygem-activesupport-3.0.10-4.el6cf.src.rpm
File outdated by:  RHSA-2013:0548
    MD5: 51170708de374ee97f263e6ba7762d78
SHA-256: 1c62971ebb196bd37a2bbee4a49fa580091fd99cf9961f5f7da6c549f089b3b8
rubygem-chunky_png-1.2.0-3.el6cf.src.rpm     MD5: ef29ae92914ef3008c2f1a739cc9cf39
SHA-256: fab3bb4d004901051157fdf933683f83452f8ab5d3f1d4955ede188eaf2c1947
rubygem-compass-0.11.5-2.el6cf.src.rpm     MD5: f04ee322b551d0cc73b22b7a907d816e
SHA-256: b870481f69519c83b71efa3bc605018dfc55fe60463938eeb115dddbf56f2c64
rubygem-compass-960-plugin-0.10.4-2.el6cf.src.rpm     MD5: 7a4a69cb7ba1e665b4ea845607a32c83
SHA-256: c5a318d93145e25d4c576732f99310808c3ede2af336f669835feb67c9997e39
rubygem-delayed_job-2.1.4-2.el6cf.src.rpm
File outdated by:  RHSA-2013:0548
    MD5: a23639001ecdec5b1abe7fdecc423304
SHA-256: 6e6fd55f273489c1c95b01074be33461039249339ac12efae841b6739b4c58a3
rubygem-ldap_fluff-0.1.3-1.el6_3.src.rpm     MD5: 9b49a22d846f975e00449d56c221db8a
SHA-256: d6fd8e8cd7df94e5b8d7c7b8ad1452f2bbaf8bc121eeb511493b142c0df61cea
rubygem-mail-2.3.0-3.el6cf.src.rpm     MD5: 5637ddfe4d2ec98645a780aabe9d5e82
SHA-256: 448d0d2d9e24f8da1b58740b9b168718e4842c2de770f8c97f14b671832dc468
rubygem-net-ldap-0.1.1-3.el6cf.src.rpm     MD5: f2ff0eeb36b89dfbe10896ab1e2dc0ca
SHA-256: b72b1008af7623da5fe51c9d2a359e69fad4a9d5bb5767127059ca5a14913484
 
x86_64:
converge-ui-devel-1.0.4-1.el6cf.noarch.rpm     MD5: 026b230e7f97f98043daac8977e8e9b1
SHA-256: 8fc98b383be90e53da4edda4cdb83842c70a938cebb9f36450870cce99b096b1
puppet-2.6.17-2.el6cf.noarch.rpm     MD5: 8e167cfcf60366b1de71548204fe173d
SHA-256: 831d0dd7bb72c99124ff8270ffc3b4d6bda39aeadb5501ebed42ad879d5ba2ac
puppet-server-2.6.17-2.el6cf.noarch.rpm     MD5: 3c26b8b86a18c76833da77afa1bfe81e
SHA-256: 36236c2c71639d57bd9cf2279b013fa3ac4a31014029bdca24310a3fffe9292f
rubygem-actionpack-3.0.10-10.el6cf.noarch.rpm
File outdated by:  RHSA-2013:0155
    MD5: 032e84102bda7e07fbb2325412d54325
SHA-256: 5ce007e3dc5c2d7dec73702ad054e0afa26326263c95f8da8e5a7498b3a20432
rubygem-activerecord-3.0.10-6.el6cf.noarch.rpm
File outdated by:  RHSA-2013:0155
    MD5: 9314cb76bd6b9b4734899df4c43c9bd3
SHA-256: 87f1c093a0f42be0ec67eb94e4efef9ce77894a429cca0cc312f66b8dbb646db
rubygem-activesupport-3.0.10-4.el6cf.noarch.rpm
File outdated by:  RHSA-2013:0548
    MD5: 44bd331c95a40350de53a6d84e18caae
SHA-256: 030135c8718c16b523ee89a6b50494f0047c4e4c837cf3141addee45f1023609
rubygem-chunky_png-1.2.0-3.el6cf.noarch.rpm     MD5: 959e8bdd26a4dda9a1962cece73a5b06
SHA-256: 41ce38aa09344dca317f592266efc4006aeac1babeafbf8745ad3b6e8df1b20d
rubygem-compass-0.11.5-2.el6cf.noarch.rpm     MD5: 498ab9c5c8a49092a154726a7f8e9186
SHA-256: a0a0e3cf478c1d1cfee8e28adc8d847b56a55a48f3bdb50289293fb6c5d7f362
rubygem-compass-960-plugin-0.10.4-2.el6cf.noarch.rpm     MD5: 13c5ecc3d2dd6c4706f732535c5ad85a
SHA-256: 496108edb91d89ffdc10f83ae87dabc58e7d6de829dd2591802c2eb3308a150e
rubygem-compass-960-plugin-doc-0.10.4-2.el6cf.noarch.rpm     MD5: a8e0c85c5c2e7f17d161d2e2e9914225
SHA-256: a4e9de89f423e597114c6419bbf297bc6a7776fb98eb290047925e8997012c3e
rubygem-delayed_job-2.1.4-2.el6cf.noarch.rpm
File outdated by:  RHSA-2013:0548
    MD5: fa42f338e0dd353a3b37c30203596bf0
SHA-256: a747cab36c71117dc00380f34d4c9155b202c1d5897a908e9574f37e4f933297
rubygem-delayed_job-doc-2.1.4-2.el6cf.noarch.rpm
File outdated by:  RHSA-2013:0548
    MD5: 7beeccd861a81cec9547d3a4a0a96613
SHA-256: 695c703252bb8c50a89e48e306fadb44cc2440860f925ed0f218506d798cd786
rubygem-ldap_fluff-0.1.3-1.el6_3.noarch.rpm     MD5: d872c421085eb6e90d6d45303c2b4e0f
SHA-256: 830d635168eace65afb8163148138cadf02afb4867873da1e80d6729b9d1c86b
rubygem-mail-2.3.0-3.el6cf.noarch.rpm     MD5: 1630ae91f12f3704687d848487603f3f
SHA-256: d8bc179b646fe4f4a5a34934885e507506a630ab6eba3650964da6f41ac1eec8
rubygem-mail-doc-2.3.0-3.el6cf.noarch.rpm     MD5: 222dcfe5f7e48625595f64d7eb2c67ff
SHA-256: be1d87e13fb37d08f741eaa011556b6c4ef5894b71039c4a4ac8a2f63e37430c
rubygem-net-ldap-0.1.1-3.el6cf.noarch.rpm     MD5: a0769373ccfde9229361a4a0a7310a09
SHA-256: a7317d6e2fa03b4ae5e5aff157f5d0a2122c970dee29b0436937f7122a8cd51a
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

810069 - CVE-2012-1986 puppet: Filebucket arbitrary file read
810070 - CVE-2012-1987 puppet: Filebucket denial of service
810071 - CVE-2012-1988 puppet: Filebucket arbitrary code execution
816352 - CVE-2012-2139 CVE-2012-2140 rubygem-mail: arbitrary command execution when using exim or sendmail from commandline, file system traversal flaw
827353 - CVE-2012-2660 rubygem-actionpack: Unsafe query generation
827363 - CVE-2012-2661 rubygem-activerecord: SQL injection when processing nested query paramaters
831573 - CVE-2012-2695 rubygem-activerecord: SQL injection when processing nested query paramaters (a different flaw than CVE-2012-2661)
831581 - CVE-2012-2694 rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660)
839130 - CVE-2012-3864 puppet: authenticated clients allowed to read arbitrary files from the puppet master
839131 - CVE-2012-3865 puppet: authenticated clients allowed to delete arbitrary files on the puppet master
839158 - CVE-2012-3867 puppet: insufficient validation of agent names in CN of SSL certificate requests
843711 - CVE-2012-3424 rubygem-actionpack: DoS vulnerability in authenticate_or_request_with_http_digest
847196 - CVE-2012-3463 rubygem-actionpack: potential XSS vulnerability in select_tag prompt
847199 - CVE-2012-3464 rubygem-actionpack: potential XSS vulnerability
847200 - CVE-2012-3465 rubygem-actionpack: XSS Vulnerability in strip_tags


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/