You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa rubygem

Sigurnosni nedostaci programskog paketa rubygem

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2013-12-20 00:29:04

Name : rubygem-actionpack
Product : Fedora 20
Version : 4.0.0
Release : 2.fc20
Summary : Web-flow and rendering framework putting the VC in MVC
Description :
Eases web-request routing, handling, and response as a half-way front,
half-way page controller. Implemented with specific emphasis on enabling easy
unit/integration testing that doesn’t require a browser.

Update Information:

Includes security patches for:

– CVE-2013-6417 – Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)
– CVE-2013-4491 – Reflective XSS Vulnerability in Ruby on Rails
– CVE-2013-6415 – XSS Vulnerability in number_to_currency
– CVE-2013-6414 – Denial of Service Vulnerability in Action View
– CVE-2013-6416 – XSS Vulnerability in simple_format helper


* Mon Dec 16 2013 Josef Stribny <> – 1:4.0.0-2
– Fixes for CVE-2013-6414, CVE-2013-6415, CVE-2013-6416, CVE-2013-6417, CVE-2013-4491

This update can be installed with the “yum” update program. Use
su -c ‘yum update rubygem-actionpack’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorMarko Stanec
Cert idNCERT-REF-2014-03-0027-ADV
More in Preporuke
Sigurnosni propusti programskih paketa tomcat6 i tomcat7

Otkrivena su četiri sigurnosna propusta kod paketa tomcat6 i tomcat7. Propusti su uzrokovani neispravnim upravljanjem određenim neusklađenim HTTP zaglavljima, većom...