SUSE-SU-2013:0355-2: moderate: Security update for rubygem-rack

sle-updates at sle-updates at
Tue Mar 19 10:04:34 MDT 2013

   SUSE Security Update: Security update for rubygem-rack

Announcement ID:    SUSE-SU-2013:0355-2
Rating:             moderate
References:         #798452 #802794 
Cross-References:   CVE-2012-6109 CVE-2013-0183 CVE-2013-0184
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP2
                    SUSE Cloud 1.0

   An update that fixes three vulnerabilities is now
   available. It includes one version update.


   Denial of service conditions in the Rack 1.1 rubygem have
   been fixed.

   Rack has been updated to 1.1.6:

   * Fix CVE-2013-0263, timing attack against

   Rack has been updated to 1.1.5:

   * Rack::Auth::AbstractRequest no longer symbolizes
   arbitrary strings (CVE-2013-0184)
   * Add warnings when users do not provide a session
   * Security fix. Further
   information here:

   Security Issue references:

   * CVE-2013-0184
   * CVE-2013-0183
   * CVE-2012-6109

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP2:

      zypper in -t patch sdksp2-rack-201302-7388

   - SUSE Cloud 1.0:

      zypper in -t patch sleclo10sp2-rack-201302-7388

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.1.6]:


   - SUSE Cloud 1.0 (x86_64) [New Version: 1.1.6]:



More information about the sle-updates mailing list