SUSE-SU-2013:0384-1: moderate: Security update for rubygem-rdoc

sle-updates at sle-updates at
Fri Mar 1 15:04:45 MST 2013

   SUSE Security Update: Security update for rubygem-rdoc

Announcement ID:    SUSE-SU-2013:0384-1
Rating:             moderate
References:         #802406 
Cross-References:   CVE-2013-0256
Affected Products:
                    WebYaST 1.2
                    SUSE Studio Standard Edition 1.2
                    SUSE Linux Enterprise Software Development Kit 11 SP2

   An update that fixes one vulnerability is now available.


   rubygem rdoc had a incorrect piece of javascript in
   darkfish.js, which  allowed cross site scripting attacks

   This was possible only if the darkfish.js or rdoc generated
   documentation  is exposed on the webserver, which is not a
   common use case.  (CVE-2013-0256)

   Security Issue reference:

   * CVE-2013-0256

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - WebYaST 1.2:

      zypper in -t patch slewyst12-rubygem-rdoc-7394

   - SUSE Studio Standard Edition 1.2:

      zypper in -t patch sleslms12-rubygem-rdoc-7394

   - SUSE Linux Enterprise Software Development Kit 11 SP2:

      zypper in -t patch sdksp2-rubygem-rdoc-7390

   To bring your system up-to-date, use "zypper patch".

Package List:

   - WebYaST 1.2 (i586 ia64 ppc64 s390x x86_64):


   - SUSE Studio Standard Edition 1.2 (x86_64):


   - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64):



More information about the sle-updates mailing list