Fedora 10: rubygem-actionpack Security Update

    Date 09 Dec 2009
    139
    Posted By LinuxSecurity Advisories
    Two security issues are found on activepack shipped on Fedora 10. One bug is that there is a weakness in the strip_tags function in ruby on rails (bug 542786, CVE-2009-4214). Another one is a possibility to circumvent protection against cross-site request forgery (CSRF) attacks (bug 544329). This new rpm will fix these issues.
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2009-12966
    2009-12-10 03:28:55
    --------------------------------------------------------------------------------
    
    Name        : rubygem-actionpack
    Product     : Fedora 10
    Version     : 2.1.1
    Release     : 5.fc10
    URL         : https://www.rubyonrails.org
    Summary     : Web-flow and rendering framework putting the VC in MVC
    Description :
    Eases web-request routing, handling, and response as a half-way front,
    half-way page controller. Implemented with specific emphasis on enabling easy
    unit/integration testing that doesn't require a browser.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    Two security issues are found on activepack shipped on Fedora 10.  One bug is
    that there is a weakness in the strip_tags function in ruby on rails (bug
    542786, CVE-2009-4214). Another one is a possibility to circumvent protection
    against cross-site request forgery (CSRF) attacks (bug 544329).    This new rpm
    will fix these issues.
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Mon Dec  7 2009 Mamoru Tasaka  - 2.1.1-5
    - Fix for potential CSRF protection circumvention (bug 544329)
    - Fix for XSS weakness in strip_tags (bug 542786)
    * Mon Sep 21 2009 Mamoru Tasaka  - 2.1.1-3
    - Patch for CVE-2009-3009 (bug 520843)
    * Thu Feb 26 2009 Jeroen van Meeuwen  - 2.1.1-2
    - Fix CVE-2008-5189
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #542786 - rubygem-actionpack: XSS weakness in strip_tags
            https://bugzilla.redhat.com/show_bug.cgi?id=542786
      [ 2 ] Bug #544329 - rubygem-actionpack: Potential CSRF protection circumvention
            https://bugzilla.redhat.com/show_bug.cgi?id=544329
    --------------------------------------------------------------------------------
    
    This update can be installed with the "yum" update program.  Use 
    su -c 'yum update rubygem-actionpack' at the command line.
    For more information, refer to "Managing Software with yum",
    available at https://docs.fedoraproject.org/yum/.
    
    All packages are signed with the Fedora Project GPG key.  More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    
    _______________________________________________
    Fedora-package-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/fedora-package-announce
    

    LinuxSecurity Poll

    Do you feel that the Lawful Access to Encrypted Data Act, which aims to force encryption backdoors, is a threat to US citizens' privacy?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/30-do-you-feel-that-the-lawful-access-to-encrypted-data-act-which-aims-to-force-encryption-backdoors-is-a-threat-to-privacy?task=poll.vote&format=json
    30
    radio
    [{"id":"106","title":"Yes - I am a privacy advocate and I am strongly opposed to this bill.","votes":"19","type":"x","order":"1","pct":95,"resources":[]},{"id":"107","title":"I'm undecided - it has its pros and cons.","votes":"1","type":"x","order":"2","pct":5,"resources":[]},{"id":"108","title":"No - I support this bill and feel that it will help protect against crime and threats to our national security. ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.