Fedora 10 Security Update: rubygem-actionpack-2.1.1-5.fc10

Article Source Fedora 10 Security Updates
December 9, 2009, 7:28 pm

Resolved Bugs
542786 - rubygem-actionpack: XSS weakness in strip_tags
544329 - rubygem-actionpack: Potential CSRF protection circumvention

Two security issues are found on activepack shipped on Fedora 10. One bug is that there is a weakness in the strip_tags function in ruby on rails (bug 542786, CVE-2009-4214). Another one is a possibility to circumvent protection against cross-site request forgery (CSRF) attacks (bug 544329). This new rpm will fix these issues...

Read More 



Subscribe to Comments Feed

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board