Mailinglist Archive: opensuse-updates (119 mails)

< Previous Next >
openSUSE-SU-2013:0376-1: moderate: ruby19 to 1.9.3 p385
openSUSE Security Update: ruby19 to 1.9.3 p385

Announcement ID: openSUSE-SU-2013:0376-1
Rating: moderate
References: #783511 #789983 #791199 #802406
Cross-References: CVE-2012-4464 CVE-2012-4466 CVE-2012-4522
CVE-2012-5371 CVE-2013-0256
Affected Products:
openSUSE 12.2

An update that fixes 5 vulnerabilities is now available.


ruby19 was updated to fix various bugs and security issues:

Update to 1.9.3 p385 (bnc#802406)
- XSS exploit of RDoc documentation generated by rdoc
- for other changes see

Update to 1.9.3 p327 (bnc#789983)
- CVE-2012-5371 and plenty of other fixes

Update to 1.9.3 p286 (bnc#783511, bnc#791199)
- This release includes some security fixes, and many other
bug fixes. $SAFE escaping vulnerability about
Exception#to_s / NameError#to_s (CVE-2012-4464,
- Unintentional file creation caused by inserting an
illegal NUL character many other bug fixes.

Also following bugfixes and packaging fixes were done:
- make sure the rdoc output is more stable for
build-compare (new patch ruby-sort-rdoc-output.patch)
- readd the private header *atomic.h
- remove build depencency on ca certificates - only causing
- one more header needed for rubygem-ruby-debug-base19
- install vm_core.h and its dependencies as ruby-devel-extra
- move the provides to the ruby package instead
- add provides for the internal gems
- restore the old ruby macros and the gem wrapper script
- gem_install_wrapper no longer necessary

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-167

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 12.2 (i586 x86_64):


- openSUSE 12.2 (noarch):



< Previous Next >
This Thread
  • No further messages