Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora: 2009-10484 Critical: Rubygem-Actionpack XSS Fix

fedora
Calendar Grey October 13, 2009
Dist Fedora Esm H88
The latest release of rubygem-actionpack resolves the Cross-Site Scripting vulnerability described in CVE-2009-3009 and provides guidelines for downgrading if necessary.
- Fixes CVE-2009-3009 - Downgrade to Rails 2.3.2 to avoid update issues for existing applications

Summary

Eases web-request routing, handling, and response as a half-way front,

half-way page controller. Implemented with specific emphasis on enabling easy

unit/integration testing that doesn't require a browser.

Update Information:

- Fixes CVE-2009-3009 - Downgrade to Rails 2.3.2 to avoid update issues for existing applications

Topics%20covered

Topics Covered

security advisory Fedora XSS software patch Ruby web framework actionpack

Change Log

* Wed Oct 7 2009 David Lutterkort - 1:2.3.2-2 - Bump epoch; rails is not updatable across versions (bz 520843) * Wed Sep 23 2009 Mamoru Tasaka - 2.3.3-2 - Patch for CVE-2009-3009 (bug 520843) * Tue Jul 28 2009 Jeroen van Meeuwen - 2.3.3-1 - New upstream version

References


[ 1 ] Bug #520843 - CVE-2009-3009 ruby-activesupport: XSS vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=520843

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update rubygem-actionpack' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: rubygem-actionpack
Product: Fedora 11
Version: 2.3.2
Release: 2.fc11
URL: https://rubyonrails.org/
Summary: Web-flow and rendering framework putting the VC in MVC

Topics%20covered

Topics Covered

security advisory Fedora XSS software patch Ruby web framework actionpack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here