rubygem-bundler-1.7.8-3.el7, rubygem-thor-0.19.1-1.el7

エラータID: AXSA:2015-789:01

Release date: 
Thursday, November 26, 2015 - 16:33
Subject: 
rubygem-bundler-1.7.8-3.el7, rubygem-thor-0.19.1-1.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

rubygem-bundler
Bundler manages an application's dependencies through its entire life, across
many machines, systematically and repeatably

rubygem-thor
Thor is a scripting framework that replaces rake, sake and rubigen.

Security issues fixed with this release:

CVE-2013-0334
Bundler before 1.7, when multiple top-level source lines are used,
allows remote attackers to install arbitrary gems by creating a gem
with the same name as another gem in a different source.

* Fixed bugs:

Bundler has been upgraded to upstream version 1.7.8 and Thor has been
upgraded to upstream version 1.19.1, both of which provide a number of bug
fixes and enhancements over the previous versions.

Solution: 

Update packages.

CVEs: 
CVE-2013-0334
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.
Additional Info: 

N/A

Download: 

SRPMS
  1. rubygem-bundler-1.7.8-3.el7.src.rpm
    MD5: d574a303efebe8a7900fb271ca657ab8
    SHA-256: 50884e2184c54ac98465a5215521b867638b5ae9e32ef520c36222919e382797
    Size: 303.44 kB
  2. rubygem-thor-0.19.1-1.el7.src.rpm
    MD5: ea41e540327a9c25f9d40e2d0a3df77a
    SHA-256: d3ddfe50365019dee97af9891f139c1341e5dd5fd3449f056315a36b35dbd3f2
    Size: 92.96 kB

Asianux Server 7 for x86_64
  1. rubygem-bundler-1.7.8-3.el7.noarch.rpm
    MD5: ecfc157153a14343ac37cfaef104c023
    SHA-256: becb13c7ff30a91cf95046f181b0dca720942fe06122a4a9b593122e9dbc29f3
    Size: 145.79 kB
  2. rubygem-thor-0.19.1-1.el7.noarch.rpm
    MD5: 188ae2e5dab4ae1148f2ff6445841801
    SHA-256: 43b426cf78879de10bf56a3881688512c7a50055449472b9f23ecaa57fe4d2a4
    Size: 51.11 kB