Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 11: 2010-1234 Critical: Rubygem-Actionpack XSS Vulnerability

fedora
Calendar Grey September 24, 2009
Dist Fedora Esm H88
A critical CSRF vulnerability in rubygem-rails has been resolved in Fedora 10 to safeguard against unauthorized actions.
A vulnerability is found on Ruby on Rails in the escaping code for the form helpers, which also affects the rpms shipped in Fedora Project

Summary

Utility library which carries commonly used classes and

goodies from the Rails framework

Update Information:

A vulnerability is found on Ruby on Rails in the escaping code for the form helpers, which also affects the rpms shipped in Fedora Project. Attackers who can inject deliberately malformed unicode strings into the form helpers can defeat the escaping checks and inject arbitrary HTML. This issue has been tagged as CVE-2009-3009. These new rpms will fix this issue.

Topics%20covered

Topics Covered

security advisory moderate fedora xss html injection rubygem-activesupport

Change Log

* Mon Sep 21 2009 Mamoru Tasaka - 2.1.1-2 - Patch for CVE-2009-3009 (bug 520843)

References


[ 1 ] Bug #520843 - CVE-2009-3009 ruby-activesupport: XSS vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=520843

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update rubygem-activesupport' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: rubygem-activesupport
Product: Fedora 10
Version: 2.1.1
Release: 2.fc10
URL: https://rubyonrails.org/
Summary: Support and utility classes used by the Rails framework

Topics%20covered

Topics Covered

security advisory moderate fedora xss html injection rubygem-activesupport

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here