Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 530
Alerts This Week
Warning Icon 1 530

Fedora 33 FEDORA-2020-4dd34860a3 Critical XSS in rubygem-activesupport

fedora
Calendar Grey October 4, 2020
Dist Fedora Esm H88
Fortify Fedora 33 security utilizing rubygem-activesupport 6.0.3.3 to address critical vulnerabilities efficiently.
Upgrade to Ruby on Rails 6.0.3.3

Summary

A toolkit of support libraries and Ruby core extensions extracted from the

Rails framework. Rich support for multibyte strings, internationalization,

time zones, and testing.

Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381

* Fri Sep 18 2020 Pavel Valena - 1:6.0.3.3-1

- Update to activesupport 6.0.3.3.

Resolves: rhbz#1877502

- Fix evaluator test from web-console.

- Properly fix flaky `FileStoreTest#test_filename_max_size` test case.

[ 1 ] Bug #1831529 - CVE-2020-5267 rubygem-actionview: views that use the `j` or `escape_javascript` methods are susceptible to XSS attacks [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1831529

[ 2 ] Bug #1852381 - CVE-2020-8185 rubygem-rails: untrusted users able to run pending migrations in production [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1852381

[ 3 ] Bug #1877568 - CVE-2020-15169 rubygem-actionview: rubygem-activeview: Cross-site scripting in translation helpers [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1877568

su -c 'dnf upgrade --advisory FEDORA-2020-4dd34860a3' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 33
Version: 6.0.3.3
Release: 1.fc33
Summary: A support libraries and Ruby core extensions extracted from the Rails framework

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.