Описание
Security update for rubygem-activesupport-3_2
rubygem-activesupport-3_2 was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-3227: Possible Denial of Service attack in Active Support (bsc#934800).
Список пакетов
SUSE Lifecycle Management Server 1.3
rubygem-activesupport-3_2-3.2.12-0.14.3
SUSE Linux Enterprise Software Development Kit 11 SP3
rubygem-activesupport-3_2-3.2.12-0.14.3
SUSE Linux Enterprise Software Development Kit 11 SP4
rubygem-activesupport-3_2-3.2.12-0.14.3
SUSE Studio Onsite 1.3
rubygem-activesupport-3_2-3.2.12-0.14.3
SUSE WebYast 1.3
rubygem-activesupport-3_2-3.2.12-0.14.3
Ссылки
- Link for SUSE-SU-2016:0047-1
- E-Mail link for SUSE-SU-2016:0047-1
- SUSE Security Ratings
- SUSE Bug 934800
- SUSE CVE CVE-2015-3227 page
Описание
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.
Затронутые продукты
SUSE Lifecycle Management Server 1.3:rubygem-activesupport-3_2-3.2.12-0.14.3
SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-activesupport-3_2-3.2.12-0.14.3
SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-activesupport-3_2-3.2.12-0.14.3
SUSE Studio Onsite 1.3:rubygem-activesupport-3_2-3.2.12-0.14.3
Ссылки
- CVE-2015-3227
- SUSE Bug 934800