SUSE-SU-2014:0152-1: moderate: Security update for rubygem-actionpack-3_2

sle-updates at sle-updates at
Tue Jan 28 11:04:43 MST 2014

   SUSE Security Update: Security update for rubygem-actionpack-3_2

Announcement ID:    SUSE-SU-2014:0152-1
Rating:             moderate
References:         #846239 #853625 #853627 #853632 #853633 
Cross-References:   CVE-2013-4491 CVE-2013-6414 CVE-2013-6415
Affected Products:
                    WebYaST 1.3
                    SUSE Studio Onsite 1.3
                    SUSE Lifecycle Management Server 1.3

   An update that solves four vulnerabilities and has one
   errata is now available. It includes one version update.


   This update fixes the following security issues with

   * bnc#853625: i18n missing translation XSS
   * bnc#853627: unsafe query generation risk (incomplete
   fix for CVE-2013-0155) (CVE-2013-6417)
   * bnc#853632: number_to_currency XSS (CVE-2013-6415)
   * bnc#853633: Action View DoS (CVE-2013-6414)
   * bnc#846239: fix possible DoS vulnerability in the log
   subscriber component (CVE-2013-4389)

   Security Issue references:

   * CVE-2013-4491
   * CVE-2013-6417
   * CVE-2013-6415
   * CVE-2013-6414

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - WebYaST 1.3:

      zypper in -t patch slewyst13-rubygem-actionpack-3_2-8667

   - SUSE Studio Onsite 1.3:

      zypper in -t patch slestso13-rubygem-actionpack-3_2-8667

   - SUSE Lifecycle Management Server 1.3:

      zypper in -t patch sleslms13-rubygem-actionpack-3_2-8667

   To bring your system up-to-date, use "zypper patch".

Package List:

   - WebYaST 1.3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.2.12]:


   - SUSE Studio Onsite 1.3 (x86_64) [New Version: 3.2.12]:


   - SUSE Lifecycle Management Server 1.3 (x86_64) [New Version: 3.2.12]:



More information about the sle-updates mailing list