Mailinglist Archive: opensuse-updates (130 mails)
| < Previous | Next > |
openSUSE-SU-2013:1907-1: moderate: update for rubygem-actionpack-3_2
- From: opensuse-security@xxxxxxxxxxxx
- Date: Wed, 18 Dec 2013 14:05:53 +0100 (CET)
- Message-id: <20131218130553.8FBB232138@maintenance.suse.de>
openSUSE Security Update: update for rubygem-actionpack-3_2
______________________________________________________________________________
Announcement ID: openSUSE-SU-2013:1907-1
Rating: moderate
References: #853625 #853627 #853632 #853633
Cross-References: CVE-2013-0155 CVE-2013-4491 CVE-2013-6414
CVE-2013-6415 CVE-2013-6417
Affected Products:
openSUSE 12.2
______________________________________________________________________________
An update that fixes 5 vulnerabilities is now available.
Description:
- fix CVE-2013-4491: rubygem-actionpack: i18n missing
translation XSS (bnc#853625). File CVE-2013-4491.patch
contains the patch
- fix CVE-2013-6414: rubygem-actionpack: Action View DoS
(bnc#853633). File CVE-2013-6414.patch contains the patch.
- fix CVE-2013-6415: rubygem-actionpack: number_to_currency
XSS (bnc#853632). File CVE-2013-6415.patch contains the
patch.
- fix CVE-2013-6417: rubygem-actionpack: unsafe query
generation risk (incomplete fix for CVE-2013-0155)
(bnc#853627). File CVE-2013-6417.patch contains the
patch.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.2:
zypper in -t patch openSUSE-2013-988
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.2 (i586 x86_64):
rubygem-actionpack-3_2-3.2.12-3.21.1
rubygem-actionpack-3_2-doc-3.2.12-3.21.1
References:
http://support.novell.com/security/cve/CVE-2013-0155.html
http://support.novell.com/security/cve/CVE-2013-4491.html
http://support.novell.com/security/cve/CVE-2013-6414.html
http://support.novell.com/security/cve/CVE-2013-6415.html
http://support.novell.com/security/cve/CVE-2013-6417.html
https://bugzilla.novell.com/853625
https://bugzilla.novell.com/853627
https://bugzilla.novell.com/853632
https://bugzilla.novell.com/853633
______________________________________________________________________________
Announcement ID: openSUSE-SU-2013:1907-1
Rating: moderate
References: #853625 #853627 #853632 #853633
Cross-References: CVE-2013-0155 CVE-2013-4491 CVE-2013-6414
CVE-2013-6415 CVE-2013-6417
Affected Products:
openSUSE 12.2
______________________________________________________________________________
An update that fixes 5 vulnerabilities is now available.
Description:
- fix CVE-2013-4491: rubygem-actionpack: i18n missing
translation XSS (bnc#853625). File CVE-2013-4491.patch
contains the patch
- fix CVE-2013-6414: rubygem-actionpack: Action View DoS
(bnc#853633). File CVE-2013-6414.patch contains the patch.
- fix CVE-2013-6415: rubygem-actionpack: number_to_currency
XSS (bnc#853632). File CVE-2013-6415.patch contains the
patch.
- fix CVE-2013-6417: rubygem-actionpack: unsafe query
generation risk (incomplete fix for CVE-2013-0155)
(bnc#853627). File CVE-2013-6417.patch contains the
patch.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.2:
zypper in -t patch openSUSE-2013-988
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.2 (i586 x86_64):
rubygem-actionpack-3_2-3.2.12-3.21.1
rubygem-actionpack-3_2-doc-3.2.12-3.21.1
References:
http://support.novell.com/security/cve/CVE-2013-0155.html
http://support.novell.com/security/cve/CVE-2013-4491.html
http://support.novell.com/security/cve/CVE-2013-6414.html
http://support.novell.com/security/cve/CVE-2013-6415.html
http://support.novell.com/security/cve/CVE-2013-6417.html
https://bugzilla.novell.com/853625
https://bugzilla.novell.com/853627
https://bugzilla.novell.com/853632
https://bugzilla.novell.com/853633
| < Previous | Next > |