suse-su-2015:0795-1
Vulnerability from csaf_suse
Published
2015-03-11 16:15
Modified
2015-03-11 16:15
Summary
Security update for rubygem-bundler
Notes
Title of the patch
Security update for rubygem-bundler
Description of the patch
The Rubygem Bundler was updated to version 1.7.0.
Bundler 1.7 is a security-only release to address CVE-2013-0334, a
vulnerability where a gem might be installed from an unintended source
server, particularly while using both rubygems.org and gems.github.com.
Upstream changes entry with more explanations:
Any Gemfile with multiple top-level source lines cannot reliably control
the gem server that a particular gem is fetched from. As a result, Bundler
might install the wrong gem if more than one source provides a gem with the
same name.
This is especially possible in the case of Github's legacy gem server,
hosted at gems.github.com. An attacker might create a malicious gem on
Rubygems.org with the same name as a commonly-used Github gem. From that
point forward, running bundle install might result in the malicious gem
being used instead of the expected gem.
To mitigate this, the Bundler and Rubygems.org teams worked together to
copy almost every gem hosted on gems.github.com to rubygems.org, reducing
the number of gems that can be used for such an attack.
Resolution:
To resolve this issue, upgrade to Bundler 1.7 by running gem install
bundler. The next time you run bundle install for any Gemfile that contains
multiple sources, each gem available from multiple sources will print a
warning.
For every warning printed, edit the Gemfile to either specify a :source
option for that gem, or move the gem line into a block that is passed to a
source method call.
For detailed information about the changes to how sources are handled in
Bundler version 1.7, see the release announcement.
Security Issues:
* CVE-2013-0334
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0334>
Patchnames
sdksp3-rubygem-bundler,sleclo40sp3-rubygem-bundler,slehasp3-rubygem-bundler,sleslms13-rubygem-bundler,slestso13-rubygem-bundler,slestso13-rubygem-bundler19,slewyst13-rubygem-bundler
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rubygem-bundler",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe Rubygem Bundler was updated to version 1.7.0.\n\nBundler 1.7 is a security-only release to address CVE-2013-0334, a \nvulnerability where a gem might be installed from an unintended source \nserver, particularly while using both rubygems.org and gems.github.com.\n\nUpstream changes entry with more explanations:\n\nAny Gemfile with multiple top-level source lines cannot reliably control \nthe gem server that a particular gem is fetched from. As a result, Bundler \nmight install the wrong gem if more than one source provides a gem with the \nsame name.\n\nThis is especially possible in the case of Github\u0027s legacy gem server, \nhosted at gems.github.com. An attacker might create a malicious gem on \nRubygems.org with the same name as a commonly-used Github gem. From that \npoint forward, running bundle install might result in the malicious gem \nbeing used instead of the expected gem.\n\nTo mitigate this, the Bundler and Rubygems.org teams worked together to \ncopy almost every gem hosted on gems.github.com to rubygems.org, reducing \nthe number of gems that can be used for such an attack.\n\nResolution:\n\nTo resolve this issue, upgrade to Bundler 1.7 by running gem install \nbundler. The next time you run bundle install for any Gemfile that contains \nmultiple sources, each gem available from multiple sources will print a \nwarning.\n\nFor every warning printed, edit the Gemfile to either specify a :source \noption for that gem, or move the gem line into a block that is passed to a \nsource method call.\n\nFor detailed information about the changes to how sources are handled in \nBundler version 1.7, see the release announcement.\n\nSecurity Issues:\n\n * CVE-2013-0334\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0334\u003e\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp3-rubygem-bundler,sleclo40sp3-rubygem-bundler,slehasp3-rubygem-bundler,sleslms13-rubygem-bundler,slestso13-rubygem-bundler,slestso13-rubygem-bundler19,slewyst13-rubygem-bundler",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_0795-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:0795-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20150795-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:0795-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-April/001365.html"
},
{
"category": "self",
"summary": "SUSE Bug 898205",
"url": "https://bugzilla.suse.com/898205"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0334 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0334/"
}
],
"title": "Security update for rubygem-bundler",
"tracking": {
"current_release_date": "2015-03-11T16:15:22Z",
"generator": {
"date": "2015-03-11T16:15:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:0795-1",
"initial_release_date": "2015-03-11T16:15:22Z",
"revision_history": [
{
"date": "2015-03-11T16:15:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rubygem-bundler-1.7.0-0.7.1.i586",
"product": {
"name": "rubygem-bundler-1.7.0-0.7.1.i586",
"product_id": "rubygem-bundler-1.7.0-0.7.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-bundler-1.7.0-0.7.1.ia64",
"product": {
"name": "rubygem-bundler-1.7.0-0.7.1.ia64",
"product_id": "rubygem-bundler-1.7.0-0.7.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-bundler-1.7.0-0.7.1.ppc64",
"product": {
"name": "rubygem-bundler-1.7.0-0.7.1.ppc64",
"product_id": "rubygem-bundler-1.7.0-0.7.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-bundler-1.7.0-0.7.1.s390x",
"product": {
"name": "rubygem-bundler-1.7.0-0.7.1.s390x",
"product_id": "rubygem-bundler-1.7.0-0.7.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-bundler-1.7.0-0.7.1.x86_64",
"product": {
"name": "rubygem-bundler-1.7.0-0.7.1.x86_64",
"product_id": "rubygem-bundler-1.7.0-0.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "rubygem-bundler19-1.7.0-0.12.1.x86_64",
"product": {
"name": "rubygem-bundler19-1.7.0-0.12.1.x86_64",
"product_id": "rubygem-bundler19-1.7.0-0.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 4",
"product": {
"name": "SUSE OpenStack Cloud 4",
"product_id": "SUSE OpenStack Cloud 4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:cloud:4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 11 SP3",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 11 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-hae:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Lifecycle Management Server 1.3",
"product": {
"name": "SUSE Lifecycle Management Server 1.3",
"product_id": "SUSE Lifecycle Management Server 1.3",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-slms:1.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Studio Onsite 1.3",
"product": {
"name": "SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-studioonsite:1.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Studio Onsite 1.3",
"product": {
"name": "SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-studioonsite:1.3"
}
}
},
{
"category": "product_name",
"name": "SUSE WebYast 1.3",
"product": {
"name": "SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:webyast:1.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bundler-1.7.0-0.7.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-bundler-1.7.0-0.7.1.i586"
},
"product_reference": "rubygem-bundler-1.7.0-0.7.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bundler-1.7.0-0.7.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-bundler-1.7.0-0.7.1.ia64"
},
"product_reference": "rubygem-bundler-1.7.0-0.7.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bundler-1.7.0-0.7.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-bundler-1.7.0-0.7.1.ppc64"
},
"product_reference": "rubygem-bundler-1.7.0-0.7.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bundler-1.7.0-0.7.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-bundler-1.7.0-0.7.1.s390x"
},
"product_reference": "rubygem-bundler-1.7.0-0.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bundler-1.7.0-0.7.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-bundler-1.7.0-0.7.1.x86_64"
},
"product_reference": "rubygem-bundler-1.7.0-0.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bundler-1.7.0-0.7.1.x86_64 as component of SUSE OpenStack Cloud 4",
"product_id": "SUSE OpenStack Cloud 4:rubygem-bundler-1.7.0-0.7.1.x86_64"
},
"product_reference": "rubygem-bundler-1.7.0-0.7.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bundler-1.7.0-0.7.1.i586 as component of SUSE Linux Enterprise High Availability Extension 11 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP3:rubygem-bundler-1.7.0-0.7.1.i586"
},
"product_reference": "rubygem-bundler-1.7.0-0.7.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bundler-1.7.0-0.7.1.ia64 as component of SUSE Linux Enterprise High Availability Extension 11 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP3:rubygem-bundler-1.7.0-0.7.1.ia64"
},
"product_reference": "rubygem-bundler-1.7.0-0.7.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bundler-1.7.0-0.7.1.ppc64 as component of SUSE Linux Enterprise High Availability Extension 11 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP3:rubygem-bundler-1.7.0-0.7.1.ppc64"
},
"product_reference": "rubygem-bundler-1.7.0-0.7.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bundler-1.7.0-0.7.1.s390x as component of SUSE Linux Enterprise High Availability Extension 11 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP3:rubygem-bundler-1.7.0-0.7.1.s390x"
},
"product_reference": "rubygem-bundler-1.7.0-0.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bundler-1.7.0-0.7.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 11 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP3:rubygem-bundler-1.7.0-0.7.1.x86_64"
},
"product_reference": "rubygem-bundler-1.7.0-0.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bundler-1.7.0-0.7.1.x86_64 as component of SUSE Lifecycle Management Server 1.3",
"product_id": "SUSE Lifecycle Management Server 1.3:rubygem-bundler-1.7.0-0.7.1.x86_64"
},
"product_reference": "rubygem-bundler-1.7.0-0.7.1.x86_64",
"relates_to_product_reference": "SUSE Lifecycle Management Server 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bundler-1.7.0-0.7.1.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:rubygem-bundler-1.7.0-0.7.1.x86_64"
},
"product_reference": "rubygem-bundler-1.7.0-0.7.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bundler19-1.7.0-0.12.1.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.12.1.x86_64"
},
"product_reference": "rubygem-bundler19-1.7.0-0.12.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bundler-1.7.0-0.7.1.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:rubygem-bundler-1.7.0-0.7.1.x86_64"
},
"product_reference": "rubygem-bundler-1.7.0-0.7.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bundler19-1.7.0-0.12.1.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.12.1.x86_64"
},
"product_reference": "rubygem-bundler19-1.7.0-0.12.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bundler-1.7.0-0.7.1.i586 as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:rubygem-bundler-1.7.0-0.7.1.i586"
},
"product_reference": "rubygem-bundler-1.7.0-0.7.1.i586",
"relates_to_product_reference": "SUSE WebYast 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bundler-1.7.0-0.7.1.ia64 as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:rubygem-bundler-1.7.0-0.7.1.ia64"
},
"product_reference": "rubygem-bundler-1.7.0-0.7.1.ia64",
"relates_to_product_reference": "SUSE WebYast 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bundler-1.7.0-0.7.1.ppc64 as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:rubygem-bundler-1.7.0-0.7.1.ppc64"
},
"product_reference": "rubygem-bundler-1.7.0-0.7.1.ppc64",
"relates_to_product_reference": "SUSE WebYast 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bundler-1.7.0-0.7.1.s390x as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:rubygem-bundler-1.7.0-0.7.1.s390x"
},
"product_reference": "rubygem-bundler-1.7.0-0.7.1.s390x",
"relates_to_product_reference": "SUSE WebYast 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bundler-1.7.0-0.7.1.x86_64 as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:rubygem-bundler-1.7.0-0.7.1.x86_64"
},
"product_reference": "rubygem-bundler-1.7.0-0.7.1.x86_64",
"relates_to_product_reference": "SUSE WebYast 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0334",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0334"
}
],
"notes": [
{
"category": "general",
"text": "Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Lifecycle Management Server 1.3:rubygem-bundler-1.7.0-0.7.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP3:rubygem-bundler-1.7.0-0.7.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP3:rubygem-bundler-1.7.0-0.7.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP3:rubygem-bundler-1.7.0-0.7.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP3:rubygem-bundler-1.7.0-0.7.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP3:rubygem-bundler-1.7.0-0.7.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-bundler-1.7.0-0.7.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-bundler-1.7.0-0.7.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-bundler-1.7.0-0.7.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-bundler-1.7.0-0.7.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-bundler-1.7.0-0.7.1.x86_64",
"SUSE OpenStack Cloud 4:rubygem-bundler-1.7.0-0.7.1.x86_64",
"SUSE Studio Onsite 1.3:rubygem-bundler-1.7.0-0.7.1.x86_64",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.12.1.x86_64",
"SUSE WebYast 1.3:rubygem-bundler-1.7.0-0.7.1.i586",
"SUSE WebYast 1.3:rubygem-bundler-1.7.0-0.7.1.ia64",
"SUSE WebYast 1.3:rubygem-bundler-1.7.0-0.7.1.ppc64",
"SUSE WebYast 1.3:rubygem-bundler-1.7.0-0.7.1.s390x",
"SUSE WebYast 1.3:rubygem-bundler-1.7.0-0.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0334",
"url": "https://www.suse.com/security/cve/CVE-2013-0334"
},
{
"category": "external",
"summary": "SUSE Bug 898205 for CVE-2013-0334",
"url": "https://bugzilla.suse.com/898205"
},
{
"category": "external",
"summary": "SUSE Bug 922719 for CVE-2013-0334",
"url": "https://bugzilla.suse.com/922719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Lifecycle Management Server 1.3:rubygem-bundler-1.7.0-0.7.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP3:rubygem-bundler-1.7.0-0.7.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP3:rubygem-bundler-1.7.0-0.7.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP3:rubygem-bundler-1.7.0-0.7.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP3:rubygem-bundler-1.7.0-0.7.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP3:rubygem-bundler-1.7.0-0.7.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-bundler-1.7.0-0.7.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-bundler-1.7.0-0.7.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-bundler-1.7.0-0.7.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-bundler-1.7.0-0.7.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-bundler-1.7.0-0.7.1.x86_64",
"SUSE OpenStack Cloud 4:rubygem-bundler-1.7.0-0.7.1.x86_64",
"SUSE Studio Onsite 1.3:rubygem-bundler-1.7.0-0.7.1.x86_64",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.12.1.x86_64",
"SUSE WebYast 1.3:rubygem-bundler-1.7.0-0.7.1.i586",
"SUSE WebYast 1.3:rubygem-bundler-1.7.0-0.7.1.ia64",
"SUSE WebYast 1.3:rubygem-bundler-1.7.0-0.7.1.ppc64",
"SUSE WebYast 1.3:rubygem-bundler-1.7.0-0.7.1.s390x",
"SUSE WebYast 1.3:rubygem-bundler-1.7.0-0.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-03-11T16:15:22Z",
"details": "moderate"
}
],
"title": "CVE-2013-0334"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…