Scientific Linux Security Update : rubygem-bundler and rubygem-thor on SL7.x (noarch)
Medium Nessus Plugin ID 87573
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionA flaw was found in the way Bundler handled gems available from multiple sources. An attacker with access to one of the sources could create a malicious gem with the same name, which they could then use to trick a user into installing, potentially resulting in execution of code from the attacker-supplied malicious gem. (CVE-2013-0334)
Bundler has been upgraded to upstream version 1.7.8 and Thor has been upgraded to upstream version 1.19.1, both of which provide a number of bug fixes and enhancements over the previous versions.
SolutionUpdate the affected packages.