Red Hat Local Security Checks : RedHat Update for rubygem-bundler and rubygem-thor RHSA-2015:2180-07

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.871495

Categoría: Red Hat Local Security Checks

Título: RedHat Update for rubygem-bundler and rubygem-thor RHSA-2015:2180-07

Resumen: The remote host is missing an update for the 'rubygem-bundler and rubygem-thor'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'rubygem-bundler and rubygem-thor'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Bundler manages an application's
dependencies through its entire life, across many machines, systematically and
repeatably. Thor is a toolkit for building powerful command-line interfaces.

A flaw was found in the way Bundler handled gems available from multiple
sources. An attacker with access to one of the sources could create a
malicious gem with the same name, which they could then use to trick a user
into installing, potentially resulting in execution of code from the
attacker-supplied malicious gem. (CVE-2013-0334)

Bundler has been upgraded to upstream version 1.7.8 and Thor has been
upgraded to upstream version 1.19.1, both of which provide a number of bug
fixes and enhancements over the previous versions. (BZ#1194243, BZ#1209921)

All rubygem-bundler and rubygem-thor users are advised to upgrade to these
updated packages, which correct these issues and add these enhancements.

Affected Software/OS:
rubygem-bundler and rubygem-thor on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-0334
BugTraq ID: 70099
http://www.securityfocus.com/bid/70099
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140654.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140609.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140655.html
https://security.gentoo.org/glsa/201609-02
SuSE Security Announcement: openSUSE-SU-2015:0628 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-03/msg00092.html

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.871495
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for rubygem-bundler and rubygem-thor RHSA-2015:2180-07
Resumen:	The remote host is missing an update for the 'rubygem-bundler and rubygem-thor'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'rubygem-bundler and rubygem-thor' package(s) announced via the referenced advisory. Vulnerability Insight: Bundler manages an application's dependencies through its entire life, across many machines, systematically and repeatably. Thor is a toolkit for building powerful command-line interfaces. A flaw was found in the way Bundler handled gems available from multiple sources. An attacker with access to one of the sources could create a malicious gem with the same name, which they could then use to trick a user into installing, potentially resulting in execution of code from the attacker-supplied malicious gem. (CVE-2013-0334) Bundler has been upgraded to upstream version 1.7.8 and Thor has been upgraded to upstream version 1.19.1, both of which provide a number of bug fixes and enhancements over the previous versions. (BZ#1194243, BZ#1209921) All rubygem-bundler and rubygem-thor users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. Affected Software/OS: rubygem-bundler and rubygem-thor on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0334 BugTraq ID: 70099 http://www.securityfocus.com/bid/70099 http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140654.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140609.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140655.html https://security.gentoo.org/glsa/201609-02 SuSE Security Announcement: openSUSE-SU-2015:0628 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-03/msg00092.html
Copyright	Copyright (C) 2015 Greenbone AG