Security Advisory Critical: ruby193-ruby security update

Advisory: RHSA-2014:0011-1
Type: Security Advisory
Severity: Critical
Issued on: 2014-01-07
Last updated on: 2014-01-07
Affected Products: Red Hat OpenStack 3.0
CVEs ( CVE-2013-4164


Updated ruby193-ruby packages that fix one security issue are now available
for Red Hat OpenStack 3.0.

The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Ruby is an extensible, interpreted, object-oriented, scripting language.
It has features to process text files and to perform system management

A buffer overflow flaw was found in the way Ruby parsed floating point
numbers from their text representation. If an application using Ruby
accepted untrusted input strings and converted them to floating point
numbers, an attacker able to provide such input could cause the application
to crash or, possibly, execute arbitrary code with the privileges of the
application. (CVE-2013-4164)

Users of Red Hat OpenStack 3.0 are advised to upgrade to these updated
packages, which correct this issue.


Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at

Updated packages

Red Hat OpenStack 3.0

ruby193-ruby-     MD5: d86952d9250c56b8268eedb18d6319be
SHA-256: 7b3e951d58225c7ccd26d19969e7b0a9a21462d8336ce6ac0b42e25458abbdc4
ruby193-ruby-     MD5: de58044ee00cfd0861d06354fc6336da
SHA-256: f938ea64d932262df0d684e50aa3293fd0faef4631c8099b98e29b605d95b895
ruby193-ruby-debuginfo-     MD5: 4f7c4ffa0b793979d39f0cea4544ea0a
SHA-256: 4edf30107e5af4cc13b763e27ab21495dde793646cb8d97552d68d45d7648a73
ruby193-ruby-devel-     MD5: 9b7b0ac70d8c20a608cee1d55c940208
SHA-256: ca93a2ccd6a271ebb4588e6d45943f574896daaf3a5fe22dc9a6776859a5356a
ruby193-ruby-doc-     MD5: d1c04b9de6d027468112ff7fc799cb10
SHA-256: 10d83ec200263084a2137b22ae6614fd24921d7b68dce90b0b68c0b069083e7c
ruby193-ruby-irb-     MD5: 52234609fb10065e357d9ef992f4bdd6
SHA-256: 6b0c7ac9cd2fd4a18e5296f93abbe0536b77aefe715bc1ee53981fa21e0e851f
ruby193-ruby-libs-     MD5: 57e4e2be633975347953f035e93cae80
SHA-256: 5e211abd18121bfd02b03822c5f4d405aeb5b3d35e8d7df1b0830043171fbc73
ruby193-ruby-tcltk-     MD5: 00376ad59a6822bb03c558d1c01b33dc
SHA-256: 21af1c2ee8aa8256927eb987590b9b4d50e413d0db6b4c428e3924b389b3d464
ruby193-rubygem-bigdecimal-1.1.0-40.1.el6.x86_64.rpm     MD5: c566ba53995e59cc736c1f69d100ac96
SHA-256: 7790f6b672765b289c6d36bf38abf6b09b3fe00bc05b6b5d05184ca371b76c0d
ruby193-rubygem-io-console-0.3-40.1.el6.x86_64.rpm     MD5: c99d496b07b3daf3048998babb595474
SHA-256: 87a0276bdd7ff1e05f3a6349369a836cb19fac67d69c4afab5fd100bc0fd7270
ruby193-rubygem-json-1.5.5-40.1.el6.x86_64.rpm     MD5: 5384387cd8d0573811d4095da87da36f
SHA-256: 968d3d6a781e0a971b891a153a928d085724491ca6fdbd48eb4aae49be7c391e
ruby193-rubygem-minitest-2.5.1-40.1.el6.noarch.rpm     MD5: 6c476ceefc4bb1c76936ef3f99d44ec8
SHA-256: e8cfc79954df4a551771f601c3944a3a79f6c2f491eff881942d2168c6553749
ruby193-rubygem-rake-     MD5: a89288509e524b7be051aa1a12a80aa2
SHA-256: 0f4904ec95905ab20b30add04a957cc1862cab7bac106ad97a85969b466f9388
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1033460 - CVE-2013-4164 ruby: heap overflow in floating point parsing


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

The Red Hat security contact is More contact details at