Security update for rubygem-rdoc

SUSE Security Update: Security update for rubygem-rdoc
Announcement ID: SUSE-SU-2013:0384-1
Rating: moderate
References: #802406
Affected Products:
  • WebYaST 1.2
  • SUSE Studio Standard Edition 1.2
  • SUSE Linux Enterprise Software Development Kit 11 SP2

  • An update that fixes one vulnerability is now available.

    Description:


    rubygem rdoc had a incorrect piece of javascript in
    darkfish.js, which allowed cross site scripting attacks
    (XSS).

    This was possible only if the darkfish.js or rdoc generated
    documentation is exposed on the webserver, which is not a
    common use case. (CVE-2013-0256)

    Security Issue reference:

    * CVE-2013-0256
    >

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • WebYaST 1.2:
      zypper in -t patch slewyst12-rubygem-rdoc-7394
    • SUSE Studio Standard Edition 1.2:
      zypper in -t patch sleslms12-rubygem-rdoc-7394
    • SUSE Linux Enterprise Software Development Kit 11 SP2:
      zypper in -t patch sdksp2-rubygem-rdoc-7390

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • WebYaST 1.2 (i586 ia64 ppc64 s390x x86_64):
    • rubygem-rdoc-2.5.11-0.7.3
    • SUSE Studio Standard Edition 1.2 (x86_64):
    • rubygem-rdoc-2.5.11-0.7.3
    • SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64):
    • rubygem-rdoc-3.9.1-0.8.3

    References:

    • http://support.novell.com/security/cve/CVE-2013-0256.html
    • https://bugzilla.novell.com/802406
    • http://download.suse.com/patch/finder/?keywords=28614c91632c04e3da98e369501199a9
    • http://download.suse.com/patch/finder/?keywords=7107cb53f74618fbe8991eaabc4121c6