Mailinglist Archive: opensuse-updates (119 mails)

< Previous Next >
openSUSE-SU-2013:0462-1: moderate: RubyOnRails: security version update to 2.3.17
openSUSE Security Update: RubyOnRails: security version update to 2.3.17
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:0462-1
Rating: moderate
References: #798452 #803336 #803339
Cross-References: CVE-2013-0183 CVE-2013-0184 CVE-2013-0262
CVE-2013-0263 CVE-2013-0276 CVE-2013-0277

Affected Products:
openSUSE 11.4
______________________________________________________________________________

An update that fixes 6 vulnerabilities is now available.

Description:

The Ruby on Rails 2.3 stack was updated to 2.3.17.

The Ruby Rack was updated to 1.1.6.

The updates fix various security issues and bugs.

- update to version 2.3.17 (bnc#803336, bnc#803339)
CVE-2013-0276 CVE-2013-0277:

- update to version 2.3.17 (bnc#803336, bnc#803339)
CVE-2013-0276 CVE-2013-0277:
- Fix issue with attr_protected where malformed input
could circumvent protection
- Fix Serialized Attributes YAML Vulnerability

- update to version 2.3.17 (bnc#803336, bnc#803339)
CVE-2013-0276 CVE-2013-0277:
- Fix issue with attr_protected where malformed input
could circumvent protection
- Fix Serialized Attributes YAML Vulnerability

- update to 1.1.6 (bnc#802794)
* Fix CVE-2013-0263, timing attack against
Rack::Session::Cookie


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch 2013-42

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.4 (i586 x86_64):

rubygem-actionmailer-2_3-2.3.17-0.24.1
rubygem-actionmailer-2_3-doc-2.3.17-0.24.1
rubygem-actionmailer-2_3-testsuite-2.3.17-0.24.1
rubygem-actionpack-2_3-2.3.17-31.1
rubygem-actionpack-2_3-doc-2.3.17-31.1
rubygem-actionpack-2_3-testsuite-2.3.17-31.1
rubygem-activerecord-2_3-2.3.17-27.1
rubygem-activerecord-2_3-doc-2.3.17-27.1
rubygem-activerecord-2_3-testsuite-2.3.17-27.1
rubygem-activeresource-2_3-2.3.17-24.1
rubygem-activeresource-2_3-doc-2.3.17-24.1
rubygem-activeresource-2_3-testsuite-2.3.17-24.1
rubygem-activesupport-2_3-2.3.17-24.1
rubygem-activesupport-2_3-doc-2.3.17-24.1
rubygem-rack-1.1.6-16.1
rubygem-rails-2_3-2.3.17-20.1
rubygem-rails-2_3-doc-2.3.17-20.1

- openSUSE 11.4 (noarch):

rubygem-actionmailer-2.3.17-14.1
rubygem-actionpack-2.3.17-14.1
rubygem-activerecord-2.3.17-14.1
rubygem-activeresource-2.3.17-14.1
rubygem-activesupport-2.3.17-14.1
rubygem-rails-2.3.17-14.1


References:

http://support.novell.com/security/cve/CVE-2013-0183.html
http://support.novell.com/security/cve/CVE-2013-0184.html
http://support.novell.com/security/cve/CVE-2013-0262.html
http://support.novell.com/security/cve/CVE-2013-0263.html
http://support.novell.com/security/cve/CVE-2013-0276.html
http://support.novell.com/security/cve/CVE-2013-0277.html
https://bugzilla.novell.com/798452
https://bugzilla.novell.com/803336
https://bugzilla.novell.com/803339


< Previous Next >
This Thread
  • No further messages