Skip to navigation

Security Advisory Low: ruby193-v8 security update

Advisory: RHSA-2013:1201-1
Type: Security Advisory
Severity: Low
Issued on: 2013-09-03
Last updated on: 2013-09-03
Affected Products: Red Hat OpenStack 3.0
CVEs (cve.mitre.org): CVE-2013-2882

Details

Updated ruby193-v8 packages that fix one security issue are now available
for Red Hat OpenStack 3.0.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

V8 is Google's open source JavaScript engine.

A type confusion issue was found in the V8 JavaScript engine. An attacker
could use this flaw to cause a denial of service or, potentially, execute
arbitrary code. (CVE-2013-2882)

Note: Exploitation of this issue requires, at the least, execution of
malicious JavaScript. In the standard use case of ruby193-v8 in Red Hat
OpenStack it is unlikely that a scenario exists where this would occur.

Users of ruby193-v8 are advised to upgrade to these updated packages,
which correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat OpenStack 3.0

SRPMS:
ruby193-v8-3.14.5.10-2.el6.src.rpm     MD5: 006484e49fd92e85499c839ea0f771fc
SHA-256: 46cc02a928c8ed47b7572bd6d9d8153fd0e22866c73bd480adb5ea3b8f13467e
 
x86_64:
ruby193-v8-3.14.5.10-2.el6.x86_64.rpm     MD5: 4bc597179329092024bcfa0505fca31a
SHA-256: e4c9496346ab2d44da087cac1c43902ed3b99789a109107ae82d106c18850270
ruby193-v8-debuginfo-3.14.5.10-2.el6.x86_64.rpm     MD5: 765e4a07f0abd0ebaa68a1b8815ff488
SHA-256: 589f164410d94b3a4f4f16a839bca19914b8f58eb36cafe11f9c260ce56266d6
ruby193-v8-devel-3.14.5.10-2.el6.x86_64.rpm     MD5: 079e6db4fd2ad9c4b5a151ed76d0cbc6
SHA-256: 907aeeb6c157991ad3b7b4e2ef68d3690eb7926c8edd4d4e2ffe4b7e4925f48e
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

991116 - CVE-2013-2882 v8: remote DoS or unspecified other impact via type confusion


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/