Oval Definition:oval:com.redhat.rhsa:def:20152180
Revision Date:2015-11-19Version:636
Title:RHSA-2015:2180: rubygem-bundler and rubygem-thor security, bug fix, and enhancement update (Moderate)
Description:Bundler manages an application's dependencies through its entire life, across many machines, systematically and repeatably. Thor is a toolkit for building powerful command-line interfaces.

  • A flaw was found in the way Bundler handled gems available from multiple sources. An attacker with access to one of the sources could create a malicious gem with the same name, which they could then use to trick a user into installing, potentially resulting in execution of code from the attacker-supplied malicious gem. (CVE-2013-0334)

  • Bundler has been upgraded to upstream version 1.7.8 and Thor has been upgraded to upstream version 1.19.1, both of which provide a number of bug fixes and enhancements over the previous versions. (BZ#1194243, BZ#1209921)

    All rubygem-bundler and rubygem-thor users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2013-0334
    RHSA-2015:2180
    RHSA-2015:2180-00
    RHSA-2015:2180-07
    Platform(s):Red Hat Enterprise Linux 7
    Red Hat Enterprise Linux 7 (please do not use for >= RHEL-7.5)
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • rubygem-thor is earlier than 0:0.19.1-1.el7
  • AND rubygem-thor is signed with Red Hat redhatrelease2 key
  • rubygem-thor-doc is earlier than 0:0.19.1-1.el7
  • AND rubygem-thor-doc is signed with Red Hat redhatrelease2 key
  • rubygem-bundler is earlier than 0:1.7.8-3.el7
  • AND rubygem-bundler is signed with Red Hat redhatrelease2 key
  • rubygem-bundler-doc is earlier than 0:1.7.8-3.el7
  • AND rubygem-bundler-doc is signed with Red Hat redhatrelease2 key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 7 Client is installed
  • OR Red Hat Enterprise Linux 7 Server is installed
  • OR Red Hat Enterprise Linux 7 Workstation is installed
  • OR Red Hat Enterprise Linux 7 ComputeNode is installed
  • AND Package Information
  • rubygem-thor-doc is earlier than 0:0.19.1-1.el7
  • AND rubygem-thor-doc is signed with Red Hat redhatrelease2 key
  • OR
  • rubygem-thor is earlier than 0:0.19.1-1.el7
  • AND rubygem-thor is signed with Red Hat redhatrelease2 key
  • OR
  • rubygem-bundler-doc is earlier than 0:1.7.8-3.el7
  • AND rubygem-bundler-doc is signed with Red Hat redhatrelease2 key
  • OR
  • rubygem-bundler is earlier than 0:1.7.8-3.el7
  • AND rubygem-bundler is signed with Red Hat redhatrelease2 key
    • BACK