Stay Secure with the Latest Linux Advisories

security advisorycriticalsoftware update

Fedora 30: FEDORA-2019-1cfe24db5c Critical: Rubygem-Actionpack Fix

Update Ruby on Rails to 5.2.3. Fixes CVE-2019-5418 CVE-2019-5419 CVE-2019-5420.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-1cfe24db5c 2019-05-10 00:46:38.157347 --------------------------------------------------------------------------------Name : rubygem-actionpack Product : Fedora 30 Version : 5.2.3 Release : 2.fc30 URL : https://rubyonrails.org/ Summary : Web-flow and rendering framework putting the VC in MVC (part of Rails) Description : Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. --------------------------------------------------------------------------------Update Information: Update Ruby on Rails to 5.2.3. Fixes CVE-2019-5418 CVE-2019-5419 CVE-2019-5420. --------------------------------------------------------------------------------ChangeLog: * Thu Mar 28 2019 Pavel Valena - 1:5.2.3-2 - Enable tests. * Thu Mar 28 2019 Pavel Valena - 1:5.2.3-1 - Update to Action Pack 5.2.3. * Mon Mar 18 2019 Pavel Valena - 1:5.2.2.1-2 - Enable tests. * Thu Mar 14 2019 Pavel Valena - 1:5.2.2.1-1 - Update to Action Pack 5.2.2.1. --------------------------------------------------------------------------------References: [ 1 ] Bug #1689161 - CVE-2019-5418 CVE-2019-5419 rubygem-actionview: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1689161 [ 2 ] Bug #1689155 - CVE-2019-5420 rubygem-rails: Weak secret token leading to possible code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1689155 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-1cfe24db5c' at the command line. For more information, refer to the dnfdocumentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Enhance security on Fedora 30 by upgrading Ruby on Rails due to vulnerabilities in Action Pack. Follow simple steps to ensure your system is secure and updated. Ruby on Rails, Fedora 30 update, security patch, Action Pack, software vulnerabilities. . Severity: Critical. LinuxSecurity.com Team

May 09, 2019 •Critical Fedora