Security update for rubygem-activesupport-3_2 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:0047-1 Final 1 1 2016-01-07T12:54:36Z current 2016-01-07T12:54:36Z 2016-01-07T12:54:36Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for rubygem-activesupport-3_2 rubygem-activesupport-3_2 was updated to fix one security issue. This security issue was fixed: - CVE-2015-3227: Possible Denial of Service attack in Active Support (bsc#934800). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp3-rubygem-activesupport-3_2-12304,sdksp4-rubygem-activesupport-3_2-12304,sleslms13-rubygem-activesupport-3_2-12304,slestso13-rubygem-activesupport-3_2-12304,slewyst13-rubygem-activesupport-3_2-12304 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20160047-1/ Link for SUSE-SU-2016:0047-1 https://lists.suse.com/pipermail/sle-security-updates/2016-January/001787.html E-Mail link for SUSE-SU-2016:0047-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/934800 SUSE Bug 934800 https://www.suse.com/security/cve/CVE-2015-3227/ SUSE CVE CVE-2015-3227 page SUSE Lifecycle Management Server 1.3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Studio Onsite 1.3 SUSE WebYast 1.3 rubygem-activesupport-3_2-3.2.12-0.14.3 rubygem-activesupport-3_2-3.2.12-0.14.3 as a component of SUSE Lifecycle Management Server 1.3 rubygem-activesupport-3_2-3.2.12-0.14.3 as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 rubygem-activesupport-3_2-3.2.12-0.14.3 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 rubygem-activesupport-3_2-3.2.12-0.14.3 as a component of SUSE Studio Onsite 1.3 rubygem-activesupport-3_2-3.2.12-0.14.3 as a component of SUSE WebYast 1.3 The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth. CVE-2015-3227 SUSE Lifecycle Management Server 1.3:rubygem-activesupport-3_2-3.2.12-0.14.3 SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-activesupport-3_2-3.2.12-0.14.3 SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-activesupport-3_2-3.2.12-0.14.3 SUSE Studio Onsite 1.3:rubygem-activesupport-3_2-3.2.12-0.14.3 SUSE WebYast 1.3:rubygem-activesupport-3_2-3.2.12-0.14.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20160047-1/ https://www.suse.com/security/cve/CVE-2015-3227.html CVE-2015-3227 https://bugzilla.suse.com/934800 SUSE Bug 934800