Fedora 10: rubygem-actionpack Security Update

    Date09 Dec 2009
    CategoryFedora
    92
    Posted ByLinuxSecurity Advisories
    Two security issues are found on activepack shipped on Fedora 10. One bug is that there is a weakness in the strip_tags function in ruby on rails (bug 542786, CVE-2009-4214). Another one is a possibility to circumvent protection against cross-site request forgery (CSRF) attacks (bug 544329). This new rpm will fix these issues.
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2009-12966
    2009-12-10 03:28:55
    --------------------------------------------------------------------------------
    
    Name        : rubygem-actionpack
    Product     : Fedora 10
    Version     : 2.1.1
    Release     : 5.fc10
    URL         : http://www.rubyonrails.org
    Summary     : Web-flow and rendering framework putting the VC in MVC
    Description :
    Eases web-request routing, handling, and response as a half-way front,
    half-way page controller. Implemented with specific emphasis on enabling easy
    unit/integration testing that doesn't require a browser.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    Two security issues are found on activepack shipped on Fedora 10.  One bug is
    that there is a weakness in the strip_tags function in ruby on rails (bug
    542786, CVE-2009-4214). Another one is a possibility to circumvent protection
    against cross-site request forgery (CSRF) attacks (bug 544329).    This new rpm
    will fix these issues.
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Mon Dec  7 2009 Mamoru Tasaka  - 2.1.1-5
    - Fix for potential CSRF protection circumvention (bug 544329)
    - Fix for XSS weakness in strip_tags (bug 542786)
    * Mon Sep 21 2009 Mamoru Tasaka  - 2.1.1-3
    - Patch for CVE-2009-3009 (bug 520843)
    * Thu Feb 26 2009 Jeroen van Meeuwen  - 2.1.1-2
    - Fix CVE-2008-5189
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #542786 - rubygem-actionpack: XSS weakness in strip_tags
            https://bugzilla.redhat.com/show_bug.cgi?id=542786
      [ 2 ] Bug #544329 - rubygem-actionpack: Potential CSRF protection circumvention
            https://bugzilla.redhat.com/show_bug.cgi?id=544329
    --------------------------------------------------------------------------------
    
    This update can be installed with the "yum" update program.  Use 
    su -c 'yum update rubygem-actionpack' at the command line.
    For more information, refer to "Managing Software with yum",
    available at http://docs.fedoraproject.org/yum/.
    
    All packages are signed with the Fedora Project GPG key.  More details on the
    GPG keys used by the Fedora Project can be found at
    http://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    
    _______________________________________________
    Fedora-package-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.redhat.com/mailman/listinfo/fedora-package-announce
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"14","type":"x","order":"1","pct":53.85,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":15.38,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"8","type":"x","order":"3","pct":30.77,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.