SUSE-SU-2013:0707-1: moderate: Security update for Ruby on Rails
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Apr 22 16:04:56 MDT 2013
SUSE Security Update: Security update for Ruby on Rails
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:0707-1
Rating: moderate
References: #809932 #809935 #809940
Cross-References: CVE-2013-1854
Affected Products:
WebYaST 1.2
SUSE Studio Standard Edition 1.2
SUSE Studio Onsite 1.2
SUSE Studio Extension for System z 1.2
SUSE Linux Enterprise Software Development Kit 11 SP2
SUSE Cloud 1.0
______________________________________________________________________________
An update that solves one vulnerability and has two fixes
is now available. It includes one version update.
Description:
The Ruby on Rails 2.3 stack received security fixes for
following issues:
ActionPack:
* CVE-2013-1855: A XSS vulnerability in sanitize_css in
Action Pack was fixed (bnc#809935).
* CVE-2013-1857: A XSS Vulnerability in the sanitize
helper of Ruby on Rails was fixed (bnc#809940).
ActiveRecord:
* CVE-2013-1854: A Symbol DoS vulnerability in Active
Record was fixed (bnc#809932).
ActiveSupport:
* CVE-2013-1854: A Symbol DoS vulnerability in Active
Record was fixed (bnc#809932).
Security Issue reference:
* CVE-2013-1854
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- WebYaST 1.2:
zypper in -t patch slewyst12-rubyrails-2_3-201304-7590
- SUSE Studio Standard Edition 1.2:
zypper in -t patch sleslms12-rubyrails-2_3-201304-7590
- SUSE Studio Onsite 1.2:
zypper in -t patch slestso12-rubyrails-2_3-201304-7590
- SUSE Studio Extension for System z 1.2:
zypper in -t patch slestso12-rubyrails-2_3-201304-7590
- SUSE Linux Enterprise Software Development Kit 11 SP2:
zypper in -t patch sdksp2-rubyrails-2_3-201304-7589
- SUSE Cloud 1.0:
zypper in -t patch sleclo10sp2-rubyrails-2_3-201304-7589
To bring your system up-to-date, use "zypper patch".
Package List:
- WebYaST 1.2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.3.17]:
rubygem-actionpack-2_3-2.3.17-0.8.8.1
rubygem-activerecord-2_3-2.3.17-0.8.8.1
rubygem-activesupport-2_3-2.3.17-0.8.8.1
- SUSE Studio Standard Edition 1.2 (x86_64) [New Version: 2.3.17]:
rubygem-actionpack-2_3-2.3.17-0.8.8.1
rubygem-activerecord-2_3-2.3.17-0.8.8.1
rubygem-activesupport-2_3-2.3.17-0.8.8.1
- SUSE Studio Onsite 1.2 (x86_64) [New Version: 2.3.17]:
rubygem-actionpack-2_3-2.3.17-0.8.8.1
rubygem-activerecord-2_3-2.3.17-0.8.8.1
rubygem-activesupport-2_3-2.3.17-0.8.8.1
- SUSE Studio Extension for System z 1.2 (s390x) [New Version: 2.3.17]:
rubygem-actionpack-2_3-2.3.17-0.8.8.1
rubygem-activerecord-2_3-2.3.17-0.8.8.1
rubygem-activesupport-2_3-2.3.17-0.8.8.1
- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.3.17]:
rubygem-actionpack-2_3-2.3.17-0.11.1
rubygem-activerecord-2_3-2.3.17-0.11.1
rubygem-activesupport-2_3-2.3.17-0.11.1
- SUSE Cloud 1.0 (x86_64) [New Version: 2.3.17]:
rubygem-actionpack-2_3-2.3.17-0.11.1
rubygem-activerecord-2_3-2.3.17-0.11.1
rubygem-activesupport-2_3-2.3.17-0.11.1
References:
http://support.novell.com/security/cve/CVE-2013-1854.html
https://bugzilla.novell.com/809932
https://bugzilla.novell.com/809935
https://bugzilla.novell.com/809940
http://download.novell.com/patch/finder/?keywords=087db4f44aa8af9e31e72ca7a4471ed7
http://download.novell.com/patch/finder/?keywords=e752b41dd60e41af5879ea236b7914bf
More information about the sle-security-updates
mailing list