Security Advisory Critical: cfme security, bug fix, and enhancement update

Advisory: RHSA-2014:0215-1
Type: Security Advisory
Severity: Critical
Issued on: 2014-03-11
Last updated on: 2014-03-11
Affected Products: Red Hat CloudForms 3.0
CVEs (cve.mitre.org): CVE-2013-0186
CVE-2013-4164
CVE-2014-0057
CVE-2014-0081
CVE-2014-0082

Details

Updated cfme packages that fix multiple security issues, several bugs, and
add various enhancements are now available for Red Hat CloudForms 3.0.

The Red Hat Security Response Team has rated this update as having Critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Red Hat CloudForms Management Engine delivers the insight, control, and
automation enterprises need to address the challenges of managing virtual
environments, which are far more complex than physical ones. This
technology enables enterprises with existing virtual infrastructures
to improve visibility and control, and those just starting virtualization
deployments to build and operate a well-managed virtual infrastructure.

A buffer overflow flaw was found in the way Ruby parsed floating point
numbers from their text representation. If an application using Ruby
accepted untrusted input strings and converted them to floating point
numbers, an attacker able to provide such input could cause the application
to crash or, possibly, execute arbitrary code with the privileges of the
application. (CVE-2013-4164)

It was found that Red Hat CloudForms Management Engine did not properly
sanitize user-supplied values in the ServiceController. A remote attacker
could invoke arbitrary method calls in the application controller that, due
to a lack of sanitization, could allow access to private methods that could
possibly allow the attacker to execute arbitrary code on the host system.
(CVE-2014-0057)

It was found that several number conversion helpers in Action View did not
properly escape all their parameters. An attacker could use these flaws to
perform a cross-site scripting (XSS) attack on an application that uses
data submitted by a user as parameters to the affected helpers.
(CVE-2014-0081)

A memory consumption issue was discovered in the text rendering component
of Action View. A remote attacker could use this flaw to perform a denial
of service attack by sending specially crafted queries that would result in
the creation of Ruby symbols that were never garbage collected.
(CVE-2014-0082)

Red Hat would like to thank the Ruby on Rails Project for reporting
CVE-2014-0081 and CVE-2014-0082. Upstream acknowledges Kevin Reintjes as
the original reporter of CVE-2014-0081, and Toby Hsieh of SlideShare as the
original reporter of CVE-2014-0082. The CVE-2014-0057 issue was discovered
by Jan Rusnacko of the Red Hat Product Security Team.

This update fixes several bugs and adds multiple enhancements.
Documentation for these changes will be available shortly from the Red Hat
CloudForms 3.0 Management Engine 5.2 Technical Notes linked to in the
References section.

All users of Red Hat CloudForms are advised to upgrade to these updated
packages, which contain backported patches to correct these issues and add
these enhancements.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat CloudForms 3.0

SRPMS:
ruby193-ruby-1.9.3.448-40.1.el6.src.rpm     MD5: d86952d9250c56b8268eedb18d6319be
SHA-256: 7b3e951d58225c7ccd26d19969e7b0a9a21462d8336ce6ac0b42e25458abbdc4
ruby193-rubygem-amq-protocol-1.9.2-3.el6cf.src.rpm     MD5: a1c13d78db66618cb2b5755d42080cc2
SHA-256: 3a2f307cc0924c515f067645ac1a195cb0070e100e3be63470f52138d320cf82
ruby193-rubygem-bunny-1.0.7-1.el6cf.src.rpm     MD5: add0a8cd1c5d29b1abd86d41cea782dd
SHA-256: 67e16fe0d3b3486b0499d501c78c92362cc18486c63d70cc5902710195dc677d
ruby193-rubygem-excon-0.31.0-1.el6cf.src.rpm     MD5: ac9eccaa39c2da01b87b58b04b884bf0
SHA-256: 038d45a9a3260e97d8dde83a5cb46be2bb784e868e36bf8d72b71f6d24e31b16
ruby193-rubygem-fog-1.19.0-1.el6cf.src.rpm     MD5: c17e122c06fd8e55057ac8239489f955
SHA-256: bceeeb0690e4e5a15d1e4ed2e0ad82373e88b313a2e8f0d5762392525cfa07cb
ruby193-rubygem-nokogiri-1.5.6-3.el6cf.src.rpm     MD5: 59c237feb797b6f2a4d0724ce1619516
SHA-256: d1bb5b053f061a5d1474c23da1bf2fe290ab4caad96c0c277eead429e552ada2
 
x86_64:
cfme-5.2.2.3-1.el6cf.x86_64.rpm
File outdated by:  RHSA-2014:1037
    MD5: 64c2470296ce441be1853621ff1b2302
SHA-256: e30a428c6880617d7de16b93faf7f1a0e56e310618c391d24ad69c2a733372f1
cfme-appliance-5.2.2.3-1.el6cf.x86_64.rpm
File outdated by:  RHSA-2014:1037
    MD5: 6a648c81c1bd7c8bb76fa244a4c36341
SHA-256: e489bffa4fc68cc7879d7b148929771d0f964ef6455a74e38c345a14f66aa468
cfme-lib-5.2.2.3-1.el6cf.x86_64.rpm
File outdated by:  RHSA-2014:1037
    MD5: 309986d791d7a47276c1617c1f6d4a78
SHA-256: bf478844f54b49b20c45d10e831e21f224996d634961f8ec6dfcd491226b552a
mingw32-cfme-host-5.2.2.3-1.el6cf.x86_64.rpm
File outdated by:  RHSA-2014:1037
    MD5: fa8e13373413f9b53849e76c1d6c3498
SHA-256: e4b973eee2d8e36df3f5dfeda480175cbb682df9caedc1c4e03dd42f3b7bca6a
ruby193-ruby-1.9.3.448-40.1.el6.x86_64.rpm     MD5: de58044ee00cfd0861d06354fc6336da
SHA-256: f938ea64d932262df0d684e50aa3293fd0faef4631c8099b98e29b605d95b895
ruby193-ruby-devel-1.9.3.448-40.1.el6.x86_64.rpm     MD5: 9b7b0ac70d8c20a608cee1d55c940208
SHA-256: ca93a2ccd6a271ebb4588e6d45943f574896daaf3a5fe22dc9a6776859a5356a
ruby193-ruby-irb-1.9.3.448-40.1.el6.noarch.rpm     MD5: 52234609fb10065e357d9ef992f4bdd6
SHA-256: 6b0c7ac9cd2fd4a18e5296f93abbe0536b77aefe715bc1ee53981fa21e0e851f
ruby193-ruby-libs-1.9.3.448-40.1.el6.x86_64.rpm     MD5: 57e4e2be633975347953f035e93cae80
SHA-256: 5e211abd18121bfd02b03822c5f4d405aeb5b3d35e8d7df1b0830043171fbc73
ruby193-ruby-tcltk-1.9.3.448-40.1.el6.x86_64.rpm     MD5: 00376ad59a6822bb03c558d1c01b33dc
SHA-256: 21af1c2ee8aa8256927eb987590b9b4d50e413d0db6b4c428e3924b389b3d464
ruby193-rubygem-actionpack-3.2.13-5.el6cf.noarch.rpm
File outdated by:  RHSA-2014:0816
    MD5: 792d12b2c98868114c637a3e900b1d7f
SHA-256: 7fd49bd87ea990f43f4b607fa05b862aa2b6aac895892b2b8f7f1e773a5f140a
ruby193-rubygem-amq-protocol-1.9.2-3.el6cf.noarch.rpm     MD5: 7f72ad76925c0e88624ccdd3827fc755
SHA-256: 6d282191af6dd8a77c57e4eae00d3b7d0712572b1bd549ebc0380b0e7acb0ffe
ruby193-rubygem-amq-protocol-doc-1.9.2-3.el6cf.noarch.rpm     MD5: a0f3042e9e8046bb7676e42ef22d4b59
SHA-256: 15fd6f189969abed7347a179d00a34ea9ba90a6f29b21e1babc562eb87c98f85
ruby193-rubygem-bigdecimal-1.1.0-40.1.el6.x86_64.rpm     MD5: c566ba53995e59cc736c1f69d100ac96
SHA-256: 7790f6b672765b289c6d36bf38abf6b09b3fe00bc05b6b5d05184ca371b76c0d
ruby193-rubygem-bunny-1.0.7-1.el6cf.noarch.rpm     MD5: ba5fbcd992ec80c90dd00e28cc11e9f5
SHA-256: 595dc2cd6721abccc88554e54b72c95fe184d48fc5b4e3e7beed2cdafdcec200
ruby193-rubygem-bunny-doc-1.0.7-1.el6cf.noarch.rpm     MD5: 4f79c4dfde7588abc668ac093f9f3f3b
SHA-256: 75deed2b1bbbd1f94b1166ca2e26ab11340906fe3ef724b269a4f27bfe4c9c4c
ruby193-rubygem-excon-0.31.0-1.el6cf.noarch.rpm     MD5: 3c88f5811f7b84331c1fa72b5e433c01
SHA-256: 75145c91f06757619ea4d8366d56e7081b78d9a1e63717bcfa4be5f052e54b83
ruby193-rubygem-fog-1.19.0-1.el6cf.noarch.rpm     MD5: 9e2f204000b1354a2e530df4579319fd
SHA-256: 9eee3bf3e40697f01d4567433b4c768e25d9f1b2502dd339515e32091cde5cd6
ruby193-rubygem-io-console-0.3-40.1.el6.x86_64.rpm     MD5: c99d496b07b3daf3048998babb595474
SHA-256: 87a0276bdd7ff1e05f3a6349369a836cb19fac67d69c4afab5fd100bc0fd7270
ruby193-rubygem-linux_admin-0.7.0-1.el6cf.noarch.rpm     MD5: 8ce12ac63bf698e67c7c6916079084ab
SHA-256: f08279a864465deb70b202163025f2468ddcbda05a110faf6ff30a460ab9560c
ruby193-rubygem-more_core_extensions-1.1.2-1.el6cf.noarch.rpm     MD5: 69c8b8ab462f76944ada63da77b05591
SHA-256: 045531d2a7a6289c8f66fa88e92c82169457d91c7a84ac254084818570dcedaa
ruby193-rubygem-nokogiri-1.5.6-3.el6cf.x86_64.rpm     MD5: baa23669501736ad71d4ad8a99c1937b
SHA-256: 913617a7c7d03b2df74695d69089a12478f4eb8409fc12b37d12a7fa35230921
ruby193-rubygems-1.8.23-40.1.el6.noarch.rpm     MD5: 030185bd8b3c3cd6f84e5982e500d6cc
SHA-256: 7b25b3af1a41d7f94ff1056e245d1c18df90323a80f7f507c9894a9bf2b5b445
ruby193-rubygems-devel-1.8.23-40.1.el6.noarch.rpm     MD5: 50faacdfe5bfa4a9cf780324b5ce996e
SHA-256: a0bc37555ccf72b8055b14d55e714941673fa5ac1333dd0329baffb5afcc005b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1033460 - CVE-2013-4164 ruby: heap overflow in floating point parsing
1064140 - CVE-2014-0057 CFME: Dangerous send in ServiceController
1065520 - CVE-2014-0081 rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability
1065538 - CVE-2014-0082 rubygem-actionpack: Action View string handling denial of service


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/