SUSE-SU-2013:0384-1: moderate: Security update for rubygem-rdoc

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Mar 1 15:04:45 MST 2013 

   SUSE Security Update: Security update for rubygem-rdoc
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:0384-1
Rating:             moderate
References:         #802406 
Cross-References:   CVE-2013-0256
Affected Products:
                    WebYaST 1.2
                    SUSE Studio Standard Edition 1.2
                    SUSE Linux Enterprise Software Development Kit 11 SP2
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:


   rubygem rdoc had a incorrect piece of javascript in
   darkfish.js, which  allowed cross site scripting attacks
   (XSS).

   This was possible only if the darkfish.js or rdoc generated
   documentation  is exposed on the webserver, which is not a
   common use case.  (CVE-2013-0256)

   Security Issue reference:

   * CVE-2013-0256
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0256
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - WebYaST 1.2:

      zypper in -t patch slewyst12-rubygem-rdoc-7394

   - SUSE Studio Standard Edition 1.2:

      zypper in -t patch sleslms12-rubygem-rdoc-7394

   - SUSE Linux Enterprise Software Development Kit 11 SP2:

      zypper in -t patch sdksp2-rubygem-rdoc-7390

   To bring your system up-to-date, use "zypper patch".


Package List:

   - WebYaST 1.2 (i586 ia64 ppc64 s390x x86_64):

      rubygem-rdoc-2.5.11-0.7.3

   - SUSE Studio Standard Edition 1.2 (x86_64):

      rubygem-rdoc-2.5.11-0.7.3

   - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64):

      rubygem-rdoc-3.9.1-0.8.3


References:

   http://support.novell.com/security/cve/CVE-2013-0256.html
   https://bugzilla.novell.com/802406
   http://download.novell.com/patch/finder/?keywords=28614c91632c04e3da98e369501199a9
   http://download.novell.com/patch/finder/?keywords=7107cb53f74618fbe8991eaabc4121c6

More information about the sle-security-updates mailing list