SUSE-SU-2013:0384-1: moderate: Security update for rubygem-rdoc
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Mar 1 15:04:45 MST 2013
SUSE Security Update: Security update for rubygem-rdoc
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:0384-1
Rating: moderate
References: #802406
Cross-References: CVE-2013-0256
Affected Products:
WebYaST 1.2
SUSE Studio Standard Edition 1.2
SUSE Linux Enterprise Software Development Kit 11 SP2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
rubygem rdoc had a incorrect piece of javascript in
darkfish.js, which allowed cross site scripting attacks
(XSS).
This was possible only if the darkfish.js or rdoc generated
documentation is exposed on the webserver, which is not a
common use case. (CVE-2013-0256)
Security Issue reference:
* CVE-2013-0256
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0256
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- WebYaST 1.2:
zypper in -t patch slewyst12-rubygem-rdoc-7394
- SUSE Studio Standard Edition 1.2:
zypper in -t patch sleslms12-rubygem-rdoc-7394
- SUSE Linux Enterprise Software Development Kit 11 SP2:
zypper in -t patch sdksp2-rubygem-rdoc-7390
To bring your system up-to-date, use "zypper patch".
Package List:
- WebYaST 1.2 (i586 ia64 ppc64 s390x x86_64):
rubygem-rdoc-2.5.11-0.7.3
- SUSE Studio Standard Edition 1.2 (x86_64):
rubygem-rdoc-2.5.11-0.7.3
- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64):
rubygem-rdoc-3.9.1-0.8.3
References:
http://support.novell.com/security/cve/CVE-2013-0256.html
https://bugzilla.novell.com/802406
http://download.novell.com/patch/finder/?keywords=28614c91632c04e3da98e369501199a9
http://download.novell.com/patch/finder/?keywords=7107cb53f74618fbe8991eaabc4121c6
More information about the sle-security-updates
mailing list