Security update for hawk
|References:||#765097 #766791 #775649 #775653|
An update that solves two vulnerabilities and has two fixes is now available. It includes one version update.
hawk has been rebuilt to include updated ruby gems that
contain fixes for security issues.
rubygem-activesupport-2_3 has been updated to fix the
following security issue:
* This update also the HTML escaping code in Ruby on
Rails. CVE-2012-3464 has been assigned to this issue.
rubygem-actionpack-2_3 has been updated to fix the
following security issues:
* CVE-2012-3465: Malformed HTML is not correctly
handled when validating with the strip_tags helper which
could result in Cross-site Scripting issues.
* CVE-2012-2694, CVE-2012-2660: Unsafe query generation
was possible using NULL queries.
The included GEM archive package was also adjusted to
contain the security fixes available in the unpacked ruby
Security Issue references:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise High Availability Extension 11 SP2:
zypper in -t patch sleshasp2-hawk-7078
To bring your system up-to-date, use "zypper patch".
- SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.5.2]: