Fedora 10: 2009-12966 Moderate: Rubygem-Actionpack CSRF and XSS Fix
fedora
December 10, 2009
Two security issues are found on activepack shipped on Fedora 10
Summary
Eases web-request routing, handling, and response as a half-way front,
half-way page controller. Implemented with specific emphasis on enabling easy
unit/integration testing that doesn't require a browser.
Update Information:
Two security issues are found on activepack shipped on Fedora 10. One bug is that there is a weakness in the strip_tags function in ruby on rails (bug 542786, CVE-2009-4214). Another one is a possibility to circumvent protection against cross-site request forgery (CSRF) attacks (bug 544329). This new rpm will fix these issues.
Topics Covered
Change Log
* Mon Dec 7 2009 Mamoru Tasaka
References
[ 1 ] Bug #542786 - rubygem-actionpack: XSS weakness in strip_tags
https://bugzilla.redhat.com/show_bug.cgi?id=542786
[ 2 ] Bug #544329 - rubygem-actionpack: Potential CSRF protection circumvention
https://bugzilla.redhat.com/show_bug.cgi?id=544329
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update rubygem-actionpack' at the command line. For more information, refer to "Managing Software with yum", available at .
PREVIOUS
NEXT
Name: rubygem-actionpack
Product: Fedora 10
Version: 2.1.1
Release: 5.fc10
Summary: Web-flow and rendering framework putting the VC in MVC
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!