Skip to navigation

Security Advisory Moderate: Red Hat OpenShift Enterprise 1.1.1 update

Advisory: RHSA-2013:0582-1
Type: Security Advisory
Severity: Moderate
Issued on: 2013-02-28
Last updated on: 2013-02-28
Affected Products: Red Hat OpenShift Enterprise 1
CVEs (cve.mitre.org): CVE-2012-2660
CVE-2012-2661
CVE-2012-2694
CVE-2012-2695
CVE-2012-3424
CVE-2012-3463
CVE-2012-3464
CVE-2012-3465
CVE-2012-4464
CVE-2012-4466
CVE-2012-4522
CVE-2012-5371
CVE-2013-0155
CVE-2013-0162
CVE-2013-0276

Details

Red Hat OpenShift Enterprise 1.1.1 is now available.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

OpenShift Enterprise is a cloud computing Platform-as-a-Service (PaaS)
solution from Red Hat, and is designed for on-premise or private cloud
deployments.

Installing the updated packages and restarting the OpenShift services are
the only requirements for this update. However, if you are updating your
system to Red Hat Enterprise Linux 6.4 while applying OpenShift Enterprise
1.1.1 updates, it is recommended that you restart your system.

For further information about this release, refer to the OpenShift
Enterprise 1.1.1 Technical Notes, available shortly from
https://access.redhat.com/knowledge/docs/

This update also fixes the following security issues:

Multiple cross-site scripting (XSS) flaws were found in rubygem-actionpack.
A remote attacker could use these flaws to conduct XSS attacks against
users of an application using rubygem-actionpack. (CVE-2012-3463,
CVE-2012-3464, CVE-2012-3465)

It was found that certain methods did not sanitize file names before
passing them to lower layer routines in Ruby. If a Ruby application created
files with names based on untrusted input, it could result in the creation
of files with different names than expected. (CVE-2012-4522)

A denial of service flaw was found in the implementation of associative
arrays (hashes) in Ruby. An attacker able to supply a large number of
inputs to a Ruby application (such as HTTP POST request parameters sent to
a web application) that are used as keys when inserting data into an array
could trigger multiple hash function collisions, making array operations
take an excessive amount of CPU time. To mitigate this issue, a new, more
collision resistant algorithm has been used to reduce the chance of an
attacker successfully causing intentional collisions. (CVE-2012-5371)

Input validation vulnerabilities were discovered in rubygem-activerecord.
A remote attacker could possibly use these flaws to perform an SQL
injection attack against an application using rubygem-activerecord.
(CVE-2012-2661, CVE-2012-2695, CVE-2013-0155)

Input validation vulnerabilities were discovered in rubygem-actionpack. A
remote attacker could possibly use these flaws to perform an SQL injection
attack against an application using rubygem-actionpack and
rubygem-activerecord. (CVE-2012-2660, CVE-2012-2694)

A flaw was found in the HTTP digest authentication implementation in
rubygem-actionpack. A remote attacker could use this flaw to cause a
denial of service of an application using rubygem-actionpack and digest
authentication. (CVE-2012-3424)

A flaw was found in the handling of strings in Ruby safe level 4. A remote
attacker can use Exception#to_s to destructively modify an untainted string
so that it is tainted, the string can then be arbitrarily modified.
(CVE-2012-4466)

A flaw was found in the method for translating an exception message into a
string in the Ruby Exception class. A remote attacker could use this flaw
to bypass safe level 4 restrictions, allowing untrusted (tainted) code to
modify arbitrary, trusted (untainted) strings, which safe level 4
restrictions would otherwise prevent. (CVE-2012-4464)

It was found that ruby_parser from rubygem-ruby_parser created a temporary
file in an insecure way. A local attacker could use this flaw to perform a
symbolic link attack, overwriting arbitrary files accessible to the
application using ruby_parser. (CVE-2013-0162)

The CVE-2013-0162 issue was discovered by Michael Scherer of the Red Hat
Regional IT team.

Users are advised to upgrade to Red Hat OpenShift Enterprise 1.1.1.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat OpenShift Enterprise 1

SRPMS:
graphviz-2.26.0-10.el6.src.rpm     MD5: dfd4ef5bd10717a332cc5cf6071d8aae
SHA-256: a7fa9284a4b514ac8756c213b2869806c0ae42acc5536edb1665d4ddf54b88a1
openshift-console-0.0.16-1.el6op.src.rpm
File outdated by:  RHBA-2013:0694
    MD5: ce6f31d75844670595adc5ca9e7760dd
SHA-256: 5486eca3472a295b116de92b31d21cc275f6c5bd282fce461dc4326d0e16adb4
openshift-origin-broker-1.0.11-1.el6op.src.rpm
File outdated by:  RHBA-2013:0694
    MD5: 08627c9143e0447031fc5f49c7094d99
SHA-256: 54fa95a173f947b177751ee62641f826e2c1844ae239b2711477385bd26fb7eb
openshift-origin-broker-util-1.0.15-1.el6op.src.rpm
File outdated by:  RHBA-2013:0694
    MD5: 87e9d2c82537b7f7348c19e193c399bc
SHA-256: 0a52f12c9d40306d4dbcfd5c396b7fb91250f29234df28ba3818365be38df6c0
openshift-origin-cartridge-cron-1.4-1.0.3-1.el6op.src.rpm     MD5: 3fab203abc9d53cd03e3125bd0fbd7ef
SHA-256: 2dd6fb052bf4cd596fd25d45e4392c19929b51f5534d3328b595257633415001
openshift-origin-cartridge-diy-0.1-1.0.3-1.el6op.src.rpm     MD5: 6357dda1bf4a7dd167d0171d44070974
SHA-256: bf90facd60a68a6dfc6c95542a98f7c6f5234e6f6df3090d46758d05a6be904d
openshift-origin-cartridge-haproxy-1.4-1.0.4-1.el6op.src.rpm
File outdated by:  RHBA-2013:0694
    MD5: b93e8e2a7949109e492082f36139af94
SHA-256: e3340103c3ac1c641a758b4ea99f40baebdd9b06e06dbbc54822b0406edcbb63
openshift-origin-cartridge-jbosseap-6.0-1.0.4-1.el6op.src.rpm
File outdated by:  RHBA-2013:0694
    MD5: 2282078056d1b1bd2c4eb6edf42030cb
SHA-256: a7034594c30545f473d433057537c23f1d4f765a57f2163bdaf065c3eceb73ae
openshift-origin-cartridge-jbossews-1.0-1.0.13-1.el6op.src.rpm     MD5: 01bdf8fb0c6e204e2def7ae270f59911
SHA-256: b73fd5d8b0d97d9790f9d51a911f10786bfe99441c00bd6914951b1511f619a2
openshift-origin-cartridge-jenkins-1.4-1.0.2-1.el6op.src.rpm
File outdated by:  RHSA-2013:0638
    MD5: fb056c23bc212b39d884b0bc66cc5b82
SHA-256: 7c38c268cea70a8a426af1bb1573db00174eaa507903a9c4014d20cbafc31f10
openshift-origin-cartridge-jenkins-client-1.4-1.0.2-1.el6op.src.rpm     MD5: 6f91c996878f44839deb119bc34fa994
SHA-256: 0f21dfa95cb8def82e709d9e1898e015446b97f930b913d4d7923d8ffc0f6f6b
openshift-origin-cartridge-mysql-5.1-1.0.5-1.el6op.src.rpm     MD5: 90e9228317cbfa6c29570c4edcf96186
SHA-256: cfea2d9a326db5f35c98bf89309e160ef64e9ebd5ed7eafbcc4f91cc4f6f189b
openshift-origin-cartridge-perl-5.10-1.0.3-1.el6op.src.rpm     MD5: f9dd347b3120e00b4756511679a513fa
SHA-256: 6879a4241d903167e32dd95cf3151ebecc4c0a9df59093bda7a97f3bf1daaa87
openshift-origin-cartridge-php-5.3-1.0.5-1.el6op.src.rpm     MD5: 6536dbd2734a013e078d40a83ffe5956
SHA-256: 6589ba6a98475b2dd9d2a5ceb4b91da727be16507602f590ea65ce1ea26c4033
openshift-origin-cartridge-postgresql-8.4-1.0.3-2.el6op.src.rpm     MD5: 7061b422ae739fc2d6dd44a9067dbda8
SHA-256: 58e25bfc2daffb070e5aadd5a9568b65b18730db386b127b0e290e17ca364dac
openshift-origin-cartridge-ruby-1.8-1.0.7-1.el6op.src.rpm
File outdated by:  RHBA-2013:0694
    MD5: b7a3cb698513c9459a709cce3cc9585c
SHA-256: 8cc61cad0057f49e90e0b14639a15d93c17a5fb92b11570043a79c9f1fa3a609
openshift-origin-cartridge-ruby-1.9-scl-1.0.8-1.el6op.src.rpm
File outdated by:  RHBA-2013:0694
    MD5: 118e1c1dbcb4f75cf4e997712303b045
SHA-256: 0c01b99b790e275e836d28ebd09a2197b5c0c401eb9ec25e777787e4833b0ece
openshift-origin-msg-node-mcollective-1.0.3-1.el6op.src.rpm
File outdated by:  RHBA-2013:0723
    MD5: 5ffa5016f21b3bc084889cafa1f9e234
SHA-256: 4ccca21fba30d7d38289fedd7c32d59eac75dd15295b4cc88ea5e5a169b92f66
php-5.3.3-22.el6.src.rpm     MD5: 047e9204e7f1b7ce6b6bb1b782051eaf
SHA-256: 6dc3aa6379069070988edf9bec066bfcafa9288a114dd48bff28996bf4e46e8a
ruby193-ruby-1.9.3.327-25.el6.src.rpm
File outdated by:  RHSA-2013:0701
    MD5: 3353be4a5080e91cccccca15efcbab6e
SHA-256: 88cc0d385d053b5109ca66169c632d8b857a15939eaef682849290d0d5502c6b
ruby193-rubygem-actionpack-3.2.8-3.el6.src.rpm
File outdated by:  RHSA-2013:0698
    MD5: 7676be2e459f1d4622824733ade496f6
SHA-256: d607b39f84cc4d3c3a510281edf1439e772330882f39f42f64f7e403ca8dd21a
ruby193-rubygem-activemodel-3.2.8-2.el6.src.rpm     MD5: 9d462d134ef783bc42b758c3e77b038c
SHA-256: efa3787ea9f0242c7a68111d6d871b4148d875aba074354dc1a11a47da537389
ruby193-rubygem-activerecord-3.2.8-3.el6.src.rpm
File outdated by:  RHSA-2013:0699
    MD5: d6781a70239b72f272521b741739dd00
SHA-256: 1558582dfcdb203c140cf2354832b806d1731dd37608c4708bdc38de36651f3c
ruby193-rubygem-railties-3.2.8-2.el6.src.rpm     MD5: 93961ccd41eccffdb4f867fff73132dc
SHA-256: 97d2dfc90bd78868f9a1f31e1d7626002a8857ac6f3c45970ebe925598f90dda
ruby193-rubygem-ruby_parser-2.3.1-3.el6op.src.rpm     MD5: a1c9b474fc619c284cce85edba8d81f8
SHA-256: efc9e5324e74f9c5ad700bfdf08b3a2d120a6eb78f8820badcca3b067ced2906
rubygem-actionpack-3.0.13-4.el6op.src.rpm
File outdated by:  RHSA-2013:0698
    MD5: 604e02a3552db99dadb1ad8eb888b305
SHA-256: c1cf92d6d22e3dfd7cb11dc0f7714cba535fa881e92d5ad3a28eca0e9c1d809e
rubygem-activemodel-3.0.13-3.el6op.src.rpm     MD5: 81a37c7a6693cd61c56b4b3f41e8cfee
SHA-256: 3b4040e7f0ab5d261937df6178555684b1970eb8abeb37bb3f084297bf8dc93c
rubygem-activerecord-3.0.13-5.el6op.src.rpm     MD5: 15f144f7221d8806ed73eea28fc28a4c
SHA-256: bd9567bc588900449e29b1a26e390542052334653cd9d40f02130e377a8d1cbb
rubygem-bson-1.8.1-2.el6op.src.rpm
File outdated by:  RHBA-2013:0694
    MD5: 417adb8eadc8894a20943aa4ce8ce8a3
SHA-256: 4cf0880b9c5d97f06193e2a05c609f2832e4ce08b62250b399aa4bcb465448de
rubygem-mongo-1.8.1-2.el6op.src.rpm
File outdated by:  RHBA-2013:0694
    MD5: 5d3bb140d77f3cdf19a616c04034598c
SHA-256: a7af187cd28d0fb25fbdd4881984a284da86351cd68302c17c6592593b39178d
rubygem-openshift-origin-auth-remote-user-1.0.5-1.el6op.src.rpm     MD5: 8fb0588f55435038fe341afc17297094
SHA-256: 7016d250da26673da90aaf82dd5c578b873c06ea513975d8655615a945b6e727
rubygem-openshift-origin-console-1.0.10-1.el6op.src.rpm     MD5: 96f6844e03ad4355335a74c0242de32c
SHA-256: 7a4a1a52727ff9d1469e575224ce5decd0278fcbf4a2c02b69e5bb1c4d069b93
rubygem-openshift-origin-controller-1.0.12-1.el6op.src.rpm
File outdated by:  RHBA-2013:0694
    MD5: 50cba88185b41e6b278c9b6ca2ee91be
SHA-256: 3762ad2c6340673ac1bc1b4ae4514fb9fb667fbcb733743ef099ea8cbeafbb2f
rubygem-openshift-origin-node-1.0.11-1.el6op.src.rpm
File outdated by:  RHBA-2013:0694
    MD5: 0de9ec05b655ab46d7cf3fddd7b5e445
SHA-256: 2427684e8261892eba25bfff981eb6f15777ef01d67c1cf5b1c20e4ba18adfb8
rubygem-ruby_parser-2.0.4-6.el6op.src.rpm     MD5: 6852781ddb662ff6c2937c416f87ee5e
SHA-256: 9fa6564f0855d83c2a021cabc2e06ebb87e91679858d77ecb92656bf446f019f
 
x86_64:
graphviz-2.26.0-10.el6.x86_64.rpm     MD5: d44b159b9b42a03cfb7f8489d11490c4
SHA-256: 533fd8b898a21d59fa47c3edcde8d93681014fbe0940777df3ea6cf791cb6588
graphviz-debuginfo-2.26.0-10.el6.x86_64.rpm     MD5: e8b8acc9e879c60b5bc7c39dfa06ccd2
SHA-256: e06c8daa4bf480b0920e93e3514ebee3e73c4cb876b16c2a00fdecb0563eeb90
graphviz-devel-2.26.0-10.el6.x86_64.rpm     MD5: ebe9266a84076b5e9aef84dd8145cbd0
SHA-256: 4152097c0aa01bf95bebf896d434a244c0d6b198c5631cc25e19ec0481a6e151
graphviz-doc-2.26.0-10.el6.x86_64.rpm     MD5: 486520e8eef1a44a4f1979249d447e1a
SHA-256: 3f1cbc8ad11cabeb4f9a8d5fdabaec39117365ed9a18526dbaefc882cfe64ea7
graphviz-gd-2.26.0-10.el6.x86_64.rpm     MD5: c48c59885716977ec747efc78467c6a1
SHA-256: 2421c235f17f3ce21ac9784871b7d96275378afdce6fee2077d3af14c3482cbc
graphviz-ruby-2.26.0-10.el6.x86_64.rpm     MD5: 23aa79be200406421042dd3152aaa873
SHA-256: c4f972accdf351d2cfa2c0141a26e8803e48b0976f3faaef0fd787d4d3865868
openshift-console-0.0.16-1.el6op.noarch.rpm
File outdated by:  RHBA-2013:0694
    MD5: dc7bfe64a9add0b4fc2b83570a1fd14d
SHA-256: 14b15e9deee32e5a448f5123e04ce8cb7c176d5db2c7c97db811a0c94ed7dd3b
openshift-origin-broker-1.0.11-1.el6op.noarch.rpm
File outdated by:  RHBA-2013:0694
    MD5: 623f44d709d6cf413ae6397ea793c05c
SHA-256: cb7c7cbdbb951f284eacc48acd536886d48310375d71a3035d1e0e23a977d1c7
openshift-origin-broker-util-1.0.15-1.el6op.noarch.rpm
File outdated by:  RHBA-2013:0694
    MD5: 2c2d5fcc5a19592e870e0ca7037e85e5
SHA-256: f51fafe68b0b7691246571b8ea848859351c82aeb786a04f5d7b4ad55a533854
openshift-origin-cartridge-cron-1.4-1.0.3-1.el6op.noarch.rpm     MD5: c8feb608cdd5347fbcc783992d2906fb
SHA-256: 43ec5609650b1476ac8d7145beb9fa3ae26eb4c84189143e257198a83ddbea03
openshift-origin-cartridge-diy-0.1-1.0.3-1.el6op.noarch.rpm     MD5: 085c01a6e7568009d8e16150bc436ef1
SHA-256: 7598f1ba51b0b176c82ff86a035ea552e686153621efc32a333e08526ed45b8b
openshift-origin-cartridge-haproxy-1.4-1.0.4-1.el6op.noarch.rpm
File outdated by:  RHBA-2013:0694
    MD5: ed0014650781693ac30eb2a4116f6a1c
SHA-256: b2697f80d15d8ed6ebd7586f780bb0efe1b9af51fb8c5a48b3b61c40b4617057
openshift-origin-cartridge-jbosseap-6.0-1.0.4-1.el6op.noarch.rpm
File outdated by:  RHBA-2013:0694
    MD5: d90a7209b000368ccef0bc1f410faa26
SHA-256: 86b728463b54950109ecf9180b4f3468fd9484d8cfd3b21e34be6d4cebca4337
openshift-origin-cartridge-jbossews-1.0-1.0.13-1.el6op.noarch.rpm     MD5: f9d4fc61b0a34d08ae0ce85ccd818b59
SHA-256: e645c495bbab768a287a0df70ba8359d84904689a6f8286b2cb75e2c5d6a58ed
openshift-origin-cartridge-jenkins-1.4-1.0.2-1.el6op.noarch.rpm
File outdated by:  RHSA-2013:0638
    MD5: e28a8dd7d778c77846ffcae6da1d6bae
SHA-256: 860b36bc87800945bc0d0f8b780a67ece4f0a0fe08cdafffa2975e5865e636f3
openshift-origin-cartridge-jenkins-client-1.4-1.0.2-1.el6op.noarch.rpm     MD5: 0268c261b9d2a3d307c571429b37d89c
SHA-256: dc8c8d2d398e2ae096696280df45f7f53961a314d8e81597764efdb8c1b5e94e
openshift-origin-cartridge-mysql-5.1-1.0.5-1.el6op.noarch.rpm     MD5: ae0a225fbabbb5a98309e7dd107d2ba1
SHA-256: 04fc5fef488dc585b0341c9d746802457af4fc2e7d47d8090992b66f961965f1
openshift-origin-cartridge-perl-5.10-1.0.3-1.el6op.noarch.rpm     MD5: 31fc105dd88811b8b4aa93bdbcb68d9c
SHA-256: a08c6cc45dbbc78686e649b18ed0eb94e9964e9faa60655dafeb607d8b4b98bd
openshift-origin-cartridge-php-5.3-1.0.5-1.el6op.noarch.rpm     MD5: aba3a0407c6496b726a1c748531ff1c5
SHA-256: e4d1386c024042e7cc09b0ae52c5ed1649e70dce36d84fa3bef9770f8b7b2857
openshift-origin-cartridge-postgresql-8.4-1.0.3-2.el6op.noarch.rpm     MD5: fe00e3cffee18ba87dec927d67080d77
SHA-256: bc51e5b7a73b5cc0e411be1a5b3923f65acd10757241934020041626dc947fc7
openshift-origin-cartridge-ruby-1.8-1.0.7-1.el6op.noarch.rpm
File outdated by:  RHBA-2013:0694
    MD5: e771a41191832f22bd681c5cd52bdbf9
SHA-256: 026bad91029d42438f7c7fca78436db26506890475498ac5aef63bff94f579f4
openshift-origin-cartridge-ruby-1.9-scl-1.0.8-1.el6op.noarch.rpm
File outdated by:  RHBA-2013:0694
    MD5: 4cef5184902cb8bbbf5abce18755e68c
SHA-256: c27de2e2d1ad73991a42ae1eed2c1adb522e3ad88f74c252100fbbd5cbf8c24c
openshift-origin-msg-node-mcollective-1.0.3-1.el6op.noarch.rpm
File outdated by:  RHBA-2013:0723
    MD5: c2ec8f5d930f34915efa08aa8a1f4b0b
SHA-256: 8066e168d27d93a722d4bdaa1ab6cacfd45e0801d1a86d512edb6b3f34cb3774
php-bcmath-5.3.3-22.el6.x86_64.rpm     MD5: 0dceeb03b788e17b92371b20406097ec
SHA-256: ad95cd9582f2ac481ff87879c2ce233bf7b4e7b0a7965e140c49f0a750556e35
php-debuginfo-5.3.3-22.el6.x86_64.rpm     MD5: fd1cc86d663e6b0c50827b5770ed43d1
SHA-256: 4e52efb0048640c086253026901125066776df0bc95080d4ca120b978dde5ca4
php-devel-5.3.3-22.el6.x86_64.rpm     MD5: 5c7f10a5c087cc25aef328311ba7ea5d
SHA-256: 3c30c65333f60a7cc10a048687ac7c37eac9bb5cead3cfd037db140ccdae4396
php-imap-5.3.3-22.el6.x86_64.rpm     MD5: 0c213052e1d90473aa70af420f0e8836
SHA-256: 82191a750c564b26a770fa21601cec605ab9c4cacf15dfe779e4f55e4cc174cf
php-mbstring-5.3.3-22.el6.x86_64.rpm     MD5: 70782a4378be9a54004a2e4aaf468aa7
SHA-256: ed4dddca9631891be2a0de480ec50fe4f9e4b5ebac106e99229daad344c938b9
php-process-5.3.3-22.el6.x86_64.rpm     MD5: 4bff58b30d15eaa493e25d4b56723017
SHA-256: fdfc19c790f90ae4e0f8be1ba2a58804e166b8af1a02045dff3b13391edec018
ruby193-ruby-1.9.3.327-25.el6.x86_64.rpm
File outdated by:  RHSA-2013:0701
    MD5: 3ba3ce9f05dcbad0e5a7da4e9ce332b8
SHA-256: 6baaa5a101137887ae49455a7a54c1337a6a9b621957b63ae80fb50aa6ccc3f1
ruby193-ruby-debuginfo-1.9.3.327-25.el6.x86_64.rpm
File outdated by:  RHSA-2013:0701
    MD5: 385a1174f6a838bcd5727a3002f29924
SHA-256: e85ba842c879275d425e7a4fe09130493e68272339a09c8565451be8b27c4672
ruby193-ruby-devel-1.9.3.327-25.el6.x86_64.rpm
File outdated by:  RHSA-2013:0701
    MD5: a435a17fcda1877008112bed9a6901dd
SHA-256: 9047e515a08e59a9849b8e17ed030e6786a671179ae63ef01346208a4989c2bd
ruby193-ruby-doc-1.9.3.327-25.el6.x86_64.rpm
File outdated by:  RHSA-2013:0701
    MD5: 17ed5c55ba505c50908b2301763f84db
SHA-256: f25850b98b8a2168692c5942dd7a94e74fdc6191c2a8ab7db4b2adda77511057
ruby193-ruby-irb-1.9.3.327-25.el6.noarch.rpm
File outdated by:  RHSA-2013:0701
    MD5: bd560ec0dc24ea89e035e3557f2968ab
SHA-256: d2ccbfd21ebf29c8a1d5ae17ac00080f947f72b7855d575c1c4bd89728451448
ruby193-ruby-libs-1.9.3.327-25.el6.x86_64.rpm
File outdated by:  RHSA-2013:0701
    MD5: ff85a4952df4c0acf49dc0853a2c18a2
SHA-256: 41c335e2e0ee2e0f99be547d9f3634d5db2a81132878fe16c4e6da913275db45
ruby193-ruby-tcltk-1.9.3.327-25.el6.x86_64.rpm
File outdated by:  RHSA-2013:0701
    MD5: 6d6e4948e8430a0a67492ed22ddb4902
SHA-256: 57b46252dc5910b4fbda339cc9ff432dfe2554f4a94413abbe548f09747f1758
ruby193-rubygem-actionpack-3.2.8-3.el6.noarch.rpm
File outdated by:  RHSA-2013:0698
    MD5: 5ae8d37de7f0ce189406f0078037bfb2
SHA-256: 46fcfabe145081abfd985bfacd0eaa1456c5e9c3fe3c837a0aada43c7992b576
ruby193-rubygem-actionpack-doc-3.2.8-3.el6.noarch.rpm
File outdated by:  RHSA-2013:0698
    MD5: 111c40e2874da6ac522c3943523e594c
SHA-256: bec2b35c748bdebea1667e8de81398828ec635132a18907740aa1fa2e5641d13
ruby193-rubygem-activemodel-3.2.8-2.el6.noarch.rpm     MD5: e41a0c9c0d08b46e1e03e7821ccbf051
SHA-256: 99d5bae973a7c3bffcbb8dbf329e4749ba1c392d5e61c5d774980f43e9853fdf
ruby193-rubygem-activemodel-doc-3.2.8-2.el6.noarch.rpm     MD5: 6655ae0467a76373346df1ab638b4b34
SHA-256: aec77ee1a0986510de930e21dea503297b1b8d4c575df76a633be65606b5740e
ruby193-rubygem-activerecord-3.2.8-3.el6.noarch.rpm
File outdated by:  RHSA-2013:0699
    MD5: 660811d7fa96b087965c38efab51ef8c
SHA-256: 93019a710eb6820746cbb75a130e9c1107fb6900bde5c691b002c3f943bb6691
ruby193-rubygem-activerecord-doc-3.2.8-3.el6.noarch.rpm
File outdated by:  RHSA-2013:0699
    MD5: 28a1042cfa8213cef92aa893e094e08e
SHA-256: f8b3ad34e2d21c47b4ee7d903d6035cfd7d189d1159f8c888911c75f75152611
ruby193-rubygem-bigdecimal-1.1.0-25.el6.x86_64.rpm
File outdated by:  RHSA-2013:0701
    MD5: 81d96e6f9bed70a7bb900bf238d7214c
SHA-256: 3b7e5effad702af2c368dbc6c1d3881b9c004ace1fd0669036f94a7317ebad79
ruby193-rubygem-io-console-0.3-25.el6.x86_64.rpm
File outdated by:  RHSA-2013:0701
    MD5: f1ce6b4eda67b94c804c0133520c8613
SHA-256: 392ee043e66f18965fc6b15da58b6b66acc54b5a76dda11464b0319338e47211
ruby193-rubygem-json-1.5.4-25.el6.x86_64.rpm
File outdated by:  RHSA-2013:0701
    MD5: f0d4b889c076f7697245d4b70e266b02
SHA-256: 5d8796a542fdf7b13154ccfeca7524d48fb4dd98aaa13deb9324682772ba8ac8
ruby193-rubygem-minitest-2.5.1-25.el6.noarch.rpm
File outdated by:  RHSA-2013:0701
    MD5: cb3d98cbc224831d96be917f639d2c62
SHA-256: 9ccdebc3ae27983193b9bfd793ffe210a206bc9bff1bad22d82adf02363c3515
ruby193-rubygem-railties-3.2.8-2.el6.noarch.rpm     MD5: 3abf7112a5f132966e6134e82b54ad13
SHA-256: db550d1797e8291c44d86bf47244f499bdea5874678e74fb207151aaf41473b4
ruby193-rubygem-railties-doc-3.2.8-2.el6.noarch.rpm     MD5: 205e571b609d1f2bb81a026e8d5163e6
SHA-256: 8a8e670bb5d3acc20d987e010601a8cc282221a6fd680a3145242e9725fdbf9f
ruby193-rubygem-rake-0.9.2.2-25.el6.noarch.rpm
File outdated by:  RHSA-2013:0701
    MD5: 1f573ef41c7b8cb5d58e51e822e6c44d
SHA-256: 2d376478f53ef8d30de3ed9a6f0401c9ff354bd645083450aea05af82ae49901
ruby193-rubygem-rdoc-3.9.4-25.el6.x86_64.rpm
File outdated by:  RHSA-2013:0701
    MD5: 017a89fff9a25d9ba788ef0e19cce3b7
SHA-256: c8de16a12176ec3affec852774b9dfe12d40d8380e5b06354144007db09d546e
ruby193-rubygem-ruby_parser-2.3.1-3.el6op.noarch.rpm     MD5: 1027601bd52b288a2bd0021a8d64bcec
SHA-256: a75eefa6af3336e0412d439f88f38b843815c2eb9475661c3e5d0b985e3c2c7b
ruby193-rubygem-ruby_parser-doc-2.3.1-3.el6op.noarch.rpm     MD5: a2cee9fbed52e9d21a272e76c12486ad
SHA-256: 6b514262ca48298ce3634e5941f01ef037208932726cc9a22299ad1cbc14cbbd
ruby193-rubygems-1.8.23-25.el6.noarch.rpm
File outdated by:  RHSA-2013:0701
    MD5: abf60010e4123a9d23109b6135d21ab9
SHA-256: e319d00fcbb87e6dd1dc31ae00c3db8bbf23376bd48049e7eef02194ac7cc29f
ruby193-rubygems-devel-1.8.23-25.el6.noarch.rpm
File outdated by:  RHSA-2013:0701
    MD5: 1b12cc5c326375045ffb1703f00c71a1
SHA-256: cfcdcb75137e46bb8e3ee4b1a88169d3d6815b49e15e4956199fd6ad0169a2ab
rubygem-actionpack-3.0.13-4.el6op.noarch.rpm
File outdated by:  RHSA-2013:0698
    MD5: f54a4508ce8df61d61200d4486ae1182
SHA-256: d2754f7140906cd33f7529895f4ee11c78a816c450482f8a53cb2a66d4c0a1a7
rubygem-activemodel-3.0.13-3.el6op.noarch.rpm     MD5: f83d52fbaee6e093eda9168d513406b6
SHA-256: 7c3d522632fdf0e7cacb99a1e864a8a56f99380f632fc4b1ff47d5c765e78cb4
rubygem-activemodel-doc-3.0.13-3.el6op.noarch.rpm     MD5: 7644403242992487d65c63d4e754b311
SHA-256: 4ad13bec5771ce3ed368e4ed4b80a67cfc380a85137b91bd6f30e75c92a1dcce
rubygem-activerecord-3.0.13-5.el6op.noarch.rpm     MD5: afa96e0158e76c2a0299e3f78eb755d7
SHA-256: afa1239604bf7a3e24c0b9de3bdb4f802e88fec01d0e23e8d9db5e8bea1181f4
rubygem-bson-1.8.1-2.el6op.noarch.rpm
File outdated by:  RHBA-2013:0694
    MD5: 5e5ac5e8be5c43c239b4b720f01f83e8
SHA-256: 17b7d0d2b939360dbb9c125cc9dcb889b0e4911f2fe9a5f6305e730f554cbd8a
rubygem-mongo-1.8.1-2.el6op.noarch.rpm
File outdated by:  RHBA-2013:0694
    MD5: ce0870260f4e0a1b35675ad101ae11fc
SHA-256: 905bedf6e438bd20a9fe2b9e5d7295fd0c6c0f40053585f0879fa4714df67f12
rubygem-mongo-doc-1.8.1-2.el6op.noarch.rpm
File outdated by:  RHBA-2013:0694
    MD5: cef417b067aa0efc4c3518383b77001a
SHA-256: afa0fe247be6c1f5d298e3a5204862e2f01c10d7f91e503003d6523d278202a0
rubygem-openshift-origin-auth-remote-user-1.0.5-1.el6op.noarch.rpm     MD5: f07cdffcef1571a1f063146abd3344cb
SHA-256: a4199eb7d6cfc1c79957dd8af609f9a2395665d44d46a5823e719613b81f522a
rubygem-openshift-origin-console-1.0.10-1.el6op.noarch.rpm     MD5: fabb7e7565b5685acff7c89ed083456e
SHA-256: 9ac535e4adacdef8ecc08b75f32e18740cf10240f3e9c7ac593dcdf459e4aad0
rubygem-openshift-origin-console-doc-1.0.10-1.el6op.noarch.rpm     MD5: 765e17b2474760b159dad419779a619c
SHA-256: 7e9640944df6355f2609752671749e3eeb00047c11e993e5c4d13656f41a185c
rubygem-openshift-origin-controller-1.0.12-1.el6op.noarch.rpm
File outdated by:  RHBA-2013:0694
    MD5: 3b2028df006ef0b82ab823938a342175
SHA-256: 70611fda8215962e3af75410d774ccfcb569ee9bf4b21008b7f8d31a40f30ecc
rubygem-openshift-origin-node-1.0.11-1.el6op.noarch.rpm
File outdated by:  RHBA-2013:0694
    MD5: 04244637227e8ef4b52760da7e1f07a9
SHA-256: c03af4fe9f8f1be4b31d236a957cb6f6d1edd279a2dd2cf67d51d3ca1e5089c8
rubygem-ruby_parser-2.0.4-6.el6op.noarch.rpm     MD5: b988e69eb036e6809caef9c3d3512128
SHA-256: e548e8f1abdcff0a06388fc2e062df2f64f33563dc9a84d03f04516d826b05d0
rubygem-ruby_parser-doc-2.0.4-6.el6op.noarch.rpm     MD5: 6ebb0d69d003cb7791fc0a0240dec75f
SHA-256: 44f1099defd71c6c54bc712fc170101626f2b56e62db21e27704d878b7dd7752
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

827353 - CVE-2012-2660 rubygem-actionpack: Unsafe query generation
827363 - CVE-2012-2661 rubygem-activerecord: SQL injection when processing nested query paramaters
831573 - CVE-2012-2695 rubygem-activerecord: SQL injection when processing nested query paramaters (a different flaw than CVE-2012-2661)
831581 - CVE-2012-2694 rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660)
843711 - CVE-2012-3424 rubygem-actionpack: DoS vulnerability in authenticate_or_request_with_http_digest
847196 - CVE-2012-3463 rubygem-actionpack: potential XSS vulnerability in select_tag prompt
847199 - CVE-2012-3464 rubygem-actionpack: potential XSS vulnerability
847200 - CVE-2012-3465 rubygem-actionpack: XSS Vulnerability in strip_tags
862598 - CVE-2012-4464 ruby 1.9.3: Possibility to bypass Ruby's $SAFE (level 4) semantics
862614 - CVE-2012-4466 ruby: safe level bypass via name_err_mesg_to_str()
865940 - CVE-2012-4522 ruby: unintentional file creation caused by inserting an illegal NUL character
875236 - CVE-2012-5371 ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)
887353 - [Cartridge] Removing a cartridge leaves its info directory in place
889426 - The "scale your application" page for scalable app displayed not well
892806 - CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage
892866 - CVE-2013-0155 rubygem-actionpack, rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails
895347 - Should delete all the mongodb cartridge pages and the links about mongodb
895355 - Lack of a dot in domain create and update page
902412 - Warning message is seen when update rubygem-openshift-origin-auth-remote-user package.
902630 - Failed to reload openshift-broker service
903526 - Display overlaps when adding sshkey using long name in IE 9
903546 - Links to ruby-lang.org redirects to wrong url
905021 - Can not get environment variables from scalable php local gear.
905656 - [broker-util] oo-accept-broker doesn't summarize errors and set return code
906227 - The "Follow these steps to install the client" link on get started page of application will redirect to a page which has no expected content.
906845 - create default resource settings for AS/EAP/EWS carts


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/