Name : rubygem-activesupport Product : Fedora 15 Version : 3.0.5 Release : 1.fc15 URL : http://www.rubyonrails.org Summary : Support and utility classes used by the Rails framework Description : Utility library which carries commonly used classes and goodies from the Rails framework
Update to the Rails 3.0.5 ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #679351 - CVE-2011-0449 rubygem-actionpack: Intended access restriction bypass via crafted action name, when case-insensitive filesystem is used https://bugzilla.redhat.com/show_bug.cgi?id=679351 [ 2 ] Bug #679343 - CVE-2011-0448 rubygem-activerecord: SQL injection attacks via a non-numeric arguments https://bugzilla.redhat.com/show_bug.cgi?id=679343 [ 3 ] Bug #677631 - CVE-2011-0447 rubygem-actionpack: CSRF flaws due improper validation of HTTP headers containing X-Requested-With header https://bugzilla.redhat.com/show_bug.cgi?id=677631 [ 4 ] Bug #677626 - CVE-2011-0446 rubygem-actionpack: Multiple XSS flaws via crafted name or email value in the mail_to_helper https://bugzilla.redhat.com/show_bug.cgi?id=677626 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update rubygem-activesupport' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.