SUSE-SU-2014:0756-1: moderate: Security update for rubygem-actionpack-3_2

sle-updates at sle-updates at
Wed Jun 4 18:04:12 MDT 2014

   SUSE Security Update: Security update for rubygem-actionpack-3_2

Announcement ID:    SUSE-SU-2014:0756-1
Rating:             moderate
References:         #864431 #864433 #864873 #876714 
Cross-References:   CVE-2014-0081 CVE-2014-0082 CVE-2014-0130
Affected Products:
                    WebYaST 1.3
                    SUSE Studio Onsite 1.3
                    SUSE Lifecycle Management Server 1.3

   An update that solves three vulnerabilities and has one
   errata is now available. It includes one version update.


   Rubygem Actionpack has been updated to fix several security

       * XSS Vulnerability in number_to_currency, number_to_percentage and
         number_to_human (CVE-2014-0081).
       * Denial of Service Vulnerability in Action View when using render
         :text (CVE-2014-0082).
       * Directory traversal issue (CVE-2014-0130).

   Security Issue references:

       * CVE-2014-0082
       * CVE-2014-0081
       * CVE-2014-0130

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - WebYaST 1.3:

      zypper in -t patch slewyst13-rubygem-actionpack-3_2-9292

   - SUSE Studio Onsite 1.3:

      zypper in -t patch slestso13-rubygem-actionpack-3_2-9292

   - SUSE Lifecycle Management Server 1.3:

      zypper in -t patch sleslms13-rubygem-actionpack-3_2-9292

   To bring your system up-to-date, use "zypper patch".

Package List:

   - WebYaST 1.3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.2.12]:


   - SUSE Studio Onsite 1.3 (x86_64) [New Version: 3.2.12]:


   - SUSE Lifecycle Management Server 1.3 (x86_64) [New Version: 3.2.12]:



More information about the sle-updates mailing list