Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Fedora 11: 2009-10484 Moderate: ActiveResource XSS Mitigation

fedora
Calendar Grey October 13, 2009
Dist Fedora Esm H88
Fedora has released an update alert regarding problems associated with rubygem-activeresource, specifically tackling CVE-2009-3009 vulnerability impacting Rails apps.
- Fixes CVE-2009-3009 - Downgrade to Rails 2.3.2 to avoid update issues for existing applications

Summary

Wraps web resources in model classes that can be manipulated through XML over

REST.

Update Information:

- Fixes CVE-2009-3009 - Downgrade to Rails 2.3.2 to avoid update issues for existing applications

Topics%20covered

Topics Covered

security advisory moderate update Fedora XSS activeresource

Change Log

* Wed Oct 7 2009 David Lutterkort - 1:2.3.2-2 - Bump epoch; rails is not updatable across versions (bz 520843) * Sun Sep 27 2009 Mamoru Tasaka - 2.3.3-2 - Force rebuild * Sun Jul 26 2009 Jeroen van Meeuwen - 2.3.3-1 - New upstream version

References


[ 1 ] Bug #520843 - CVE-2009-3009 ruby-activesupport: XSS vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=520843

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update rubygem-activeresource' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: rubygem-activeresource
Product: Fedora 11
Version: 2.3.2
Release: 2.fc11
URL: https://rubyonrails.org/
Summary: Active Record for web resources

Topics%20covered

Topics Covered

security advisory moderate update Fedora XSS activeresource

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here