Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Moderate: Red Hat OpenShift Enterprise 1.1.1 update

Related Vulnerabilities: CVE-2012-2660   CVE-2012-2661   CVE-2012-2695   CVE-2012-2661   CVE-2012-2694   CVE-2012-2660   CVE-2012-3424   CVE-2012-3463   CVE-2012-3464   CVE-2012-3465   CVE-2012-4464   CVE-2012-4466   CVE-2012-4522   CVE-2012-5371   CVE-2013-0162   CVE-2013-0155   CVE-2012-2660   CVE-2012-3463   CVE-2012-3465   CVE-2012-3424   CVE-2012-2661   CVE-2012-2694   CVE-2012-2695   CVE-2012-3464   CVE-2012-4522   CVE-2013-0155   CVE-2012-4464   CVE-2012-5371   CVE-2012-4466   CVE-2013-0162   CVE-2013-0276  

Source

Synopsis

Moderate: Red Hat OpenShift Enterprise 1.1.1 update

Type/Severity

Security Advisory: Moderate

Topic

Red Hat OpenShift Enterprise 1.1.1 is now available.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

OpenShift Enterprise is a cloud computing Platform-as-a-Service (PaaS)
solution from Red Hat, and is designed for on-premise or private cloud
deployments.

Installing the updated packages and restarting the OpenShift services are
the only requirements for this update. However, if you are updating your
system to Red Hat Enterprise Linux 6.4 while applying OpenShift Enterprise
1.1.1 updates, it is recommended that you restart your system.

For further information about this release, refer to the OpenShift
Enterprise 1.1.1 Technical Notes, available shortly from
https://access.redhat.com/knowledge/docs/

This update also fixes the following security issues:

Multiple cross-site scripting (XSS) flaws were found in rubygem-actionpack.
A remote attacker could use these flaws to conduct XSS attacks against
users of an application using rubygem-actionpack. (CVE-2012-3463,
CVE-2012-3464, CVE-2012-3465)

It was found that certain methods did not sanitize file names before
passing them to lower layer routines in Ruby. If a Ruby application created
files with names based on untrusted input, it could result in the creation
of files with different names than expected. (CVE-2012-4522)

A denial of service flaw was found in the implementation of associative
arrays (hashes) in Ruby. An attacker able to supply a large number of
inputs to a Ruby application (such as HTTP POST request parameters sent to
a web application) that are used as keys when inserting data into an array
could trigger multiple hash function collisions, making array operations
take an excessive amount of CPU time. To mitigate this issue, a new, more
collision resistant algorithm has been used to reduce the chance of an
attacker successfully causing intentional collisions. (CVE-2012-5371)

Input validation vulnerabilities were discovered in rubygem-activerecord.
A remote attacker could possibly use these flaws to perform an SQL
injection attack against an application using rubygem-activerecord.
(CVE-2012-2661, CVE-2012-2695, CVE-2013-0155)

Input validation vulnerabilities were discovered in rubygem-actionpack. A
remote attacker could possibly use these flaws to perform an SQL injection
attack against an application using rubygem-actionpack and
rubygem-activerecord. (CVE-2012-2660, CVE-2012-2694)

A flaw was found in the HTTP digest authentication implementation in
rubygem-actionpack. A remote attacker could use this flaw to cause a
denial of service of an application using rubygem-actionpack and digest
authentication. (CVE-2012-3424)

A flaw was found in the handling of strings in Ruby safe level 4. A remote
attacker can use Exception#to_s to destructively modify an untainted string
so that it is tainted, the string can then be arbitrarily modified.
(CVE-2012-4466)

A flaw was found in the method for translating an exception message into a
string in the Ruby Exception class. A remote attacker could use this flaw
to bypass safe level 4 restrictions, allowing untrusted (tainted) code to
modify arbitrary, trusted (untainted) strings, which safe level 4
restrictions would otherwise prevent. (CVE-2012-4464)

It was found that ruby_parser from rubygem-ruby_parser created a temporary
file in an insecure way. A local attacker could use this flaw to perform a
symbolic link attack, overwriting arbitrary files accessible to the
application using ruby_parser. (CVE-2013-0162)

The CVE-2013-0162 issue was discovered by Michael Scherer of the Red Hat
Regional IT team.

Users are advised to upgrade to Red Hat OpenShift Enterprise 1.1.1.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

  • Red Hat OpenShift Enterprise Infrastructure 1 x86_64
  • Red Hat OpenShift Enterprise Application Node 1 x86_64
  • Red Hat OpenShift Enterprise JBoss EAP add-on 1 x86_64

Fixes

  • BZ - 827353 - CVE-2012-2660 rubygem-actionpack: Unsafe query generation
  • BZ - 827363 - CVE-2012-2661 rubygem-activerecord: SQL injection when processing nested query paramaters
  • BZ - 831573 - CVE-2012-2695 rubygem-activerecord: SQL injection when processing nested query paramaters (a different flaw than CVE-2012-2661)
  • BZ - 831581 - CVE-2012-2694 rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660)
  • BZ - 843711 - CVE-2012-3424 rubygem-actionpack: DoS vulnerability in authenticate_or_request_with_http_digest
  • BZ - 847196 - CVE-2012-3463 rubygem-actionpack: potential XSS vulnerability in select_tag prompt
  • BZ - 847199 - CVE-2012-3464 rubygem-actionpack: potential XSS vulnerability
  • BZ - 847200 - CVE-2012-3465 rubygem-actionpack: XSS Vulnerability in strip_tags
  • BZ - 862598 - CVE-2012-4464 ruby 1.9.3: Possibility to bypass Ruby's $SAFE (level 4) semantics
  • BZ - 862614 - CVE-2012-4466 ruby: safe level bypass via name_err_mesg_to_str()
  • BZ - 865940 - CVE-2012-4522 ruby: unintentional file creation caused by inserting an illegal NUL character
  • BZ - 875236 - CVE-2012-5371 ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)
  • BZ - 887353 - [Cartridge] Removing a cartridge leaves its info directory in place
  • BZ - 889426 - The "scale your application" page for scalable app displayed not well
  • BZ - 892806 - CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage
  • BZ - 892866 - CVE-2013-0155 rubygem-actionpack, rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails
  • BZ - 895347 - Should delete all the mongodb cartridge pages and the links about mongodb
  • BZ - 895355 - Lack of a dot in domain create and update page
  • BZ - 902412 - Warning message is seen when update rubygem-openshift-origin-auth-remote-user package.
  • BZ - 902630 - Failed to reload openshift-broker service
  • BZ - 903526 - Display overlaps when adding sshkey using long name in IE 9
  • BZ - 903546 - Links to ruby-lang.org redirects to wrong url
  • BZ - 905021 - Can not get environment variables from scalable php local gear.
  • BZ - 905656 - [broker-util] oo-accept-broker doesn't summarize errors and set return code
  • BZ - 906227 - The "Follow these steps to install the client" link on get started page of application will redirect to a page which has no expected content.
  • BZ - 906845 - create default resource settings for AS/EAP/EWS carts

CVEs

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started