RedHatRHSA-2013:0698(RHSA-2013:0698) Moderate: rubygem-actionpack and ruby193-rubygem-actionpack security update
0.004 Low
EPSS
Percentile
73.9%
Ruby on Rails is a model–view–controller (MVC) framework for web
application development. Action Pack implements the controller and the view
components.
Two cross-site scripting (XSS) flaws were found in rubygem-actionpack and
ruby193-rubygem-actionpack. A remote attacker could use these flaws to
conduct XSS attacks against users of an application using
rubygem-actionpack or ruby193-rubygem-actionpack. (CVE-2013-1855,
CVE-2013-1857)
Red Hat would like to thank Ruby on Rails upstream for reporting these
issues. Upstream acknowledges Charlie Somerville as the original reporter
of CVE-2013-1855, and Alan Jenkins as the original reporter of
CVE-2013-1857.
Users of Red Hat OpenShift Enterprise 1.1.3 are advised to upgrade to these
updated packages, which correct these issues.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 6 | src | rubygem-actionpack | < 3.0.13-8.el6op | rubygem-actionpack-3.0.13-8.el6op.src.rpm |
| RedHat | 6 | noarch | ruby193-rubygem-actionpack | < 3.2.8-5.el6 | ruby193-rubygem-actionpack-3.2.8-5.el6.noarch.rpm |
| RedHat | 6 | noarch | ruby193-rubygem-actionpack-doc | < 3.2.8-5.el6 | ruby193-rubygem-actionpack-doc-3.2.8-5.el6.noarch.rpm |
| RedHat | 6 | noarch | rubygem-actionpack | < 3.0.13-8.el6op | rubygem-actionpack-3.0.13-8.el6op.noarch.rpm |
| RedHat | 6 | src | ruby193-rubygem-actionpack | < 3.2.8-5.el6 | ruby193-rubygem-actionpack-3.2.8-5.el6.src.rpm |
Related
