CVE-2013-0263

Related Files

Gentoo Linux Security Advisory 201405-10

Posted May 19, 2014

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-10 - Multiple vulnerabilities have been found in Rack, the worst of which allow execution of arbitrary code. Versions less than 1.4.5 are affected.

tags | advisory, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2012-6109, CVE-2013-0183, CVE-2013-0184, CVE-2013-0262, CVE-2013-0263

SHA-256 | 8eb7b04a7ff4141bc295620249608014b58fc83e4fff415b3d7a5d1f8a316361

Download | Favorite | View

Debian Security Advisory 2783-2

Posted Oct 24, 2013

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2783-2 - The update of librack-ruby in DSA-2783-1 also addressed CVE-2013-0183. The patch applied breaks rails applications like redmine (see Debian Bug #727187). Updated packages are available to address this problem.

tags | advisory, ruby

systems | linux, debian

advisories | CVE-2011-5036, CVE-2013-0183, CVE-2013-0184, CVE-2013-0263

SHA-256 | 7166a2e1c6865221cfe34af826a8c7a766cf04432e78842feb087c02e0f3fe25

Download | Favorite | View

Debian Security Advisory 2783-1

Posted Oct 21, 2013

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2783-1 - Several vulnerabilities were discovered in Rack, a modular Ruby webserver interface.

tags | advisory, vulnerability, ruby

systems | linux, debian

advisories | CVE-2011-5036, CVE-2013-0184, CVE-2013-0263

SHA-256 | 3c392a1375e3aa987daddb2c193f9928f448bd6e8ece3459581735e59e24c6f5

Download | Favorite | View

Red Hat Security Advisory 2013-0686-01

Posted Mar 26, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0686-01 - Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. The latest packages for Subscription Asset Manager include a number of security fixes: When a Subscription Asset Manager instance is created, its configuration script automatically creates an RPM of the internal subscription service CA certificate. However, this RPM incorrectly created the CA certificate with file permissions of 0666. This allowed other users on a client system to modify the CA certificate used to trust the remote subscription server. All administrators are advised to update and deploy the subscription service certificate on all systems which use Subscription Asset Manager as their subscription service.

tags | advisory, remote

systems | linux, redhat

advisories | CVE-2012-6116, CVE-2012-6119, CVE-2013-0256, CVE-2013-0263, CVE-2013-0269, CVE-2013-0276, CVE-2013-1823

SHA-256 | 0963c8e1d61d8ac6df642de01a0698f0b64aa8bfa0d30d87859ee165ddb3111b

Download | Favorite | View

Red Hat Security Advisory 2013-0638-01

Posted Mar 12, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0638-01 - OpenShift Enterprise is a cloud computing Platform-as-a-Service solution from Red Hat, and is designed for on-premise or private cloud deployments. A flaw was found in the handling of paths provided to ruby193-rubygem-rack. A remote attacker could use this flaw to conduct a directory traversal attack by passing malformed requests. A timing attack flaw was found in the way rubygem-rack and ruby193-rubygem-rack processed HMAC digests in cookies. This flaw could aid an attacker using forged digital signatures to bypass authentication checks.

tags | advisory, remote

systems | linux, redhat

advisories | CVE-2013-0262, CVE-2013-0263, CVE-2013-0327, CVE-2013-0328, CVE-2013-0329, CVE-2013-0330, CVE-2013-0331

SHA-256 | 9e045bd47adb6a86f07fa92b8a517a7d9b9f762d12aa827a569c54656f19000b

Download | Favorite | View