Security update for rubygem-merb-core

SUSE Security Update: Security update for rubygem-merb-core
Announcement ID: SUSE-SU-2013:0508-1
Rating: important
References: #805759
Affected Products:
  • SUSE Cloud 1.0

  • An update that fixes 7 vulnerabilities is now available.

    Description:


    rubygem-merb-core has been updated to change the rack
    version dependency. Now any rack 1.1 version is accepted.

    This update needs to be installed in parallel with the
    2.3.17 rails update.

    Security Issue references:

    * CVE-2013-0184
    >
    * CVE-2012-6109
    >
    * CVE-2013-0183
    >
    * CVE-2012-5664
    >
    * CVE-2012-2695
    >
    * CVE-2013-0155
    >
    * CVE-2013-0156
    >

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Cloud 1.0:
      zypper in -t patch sleclo10sp2-rubygem-merb-core-7405

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Cloud 1.0 (x86_64):
    • rubygem-merb-core-1.1.3-0.9.1

    References:

    • http://support.novell.com/security/cve/CVE-2012-2695.html
    • http://support.novell.com/security/cve/CVE-2012-5664.html
    • http://support.novell.com/security/cve/CVE-2012-6109.html
    • http://support.novell.com/security/cve/CVE-2013-0155.html
    • http://support.novell.com/security/cve/CVE-2013-0156.html
    • http://support.novell.com/security/cve/CVE-2013-0183.html
    • http://support.novell.com/security/cve/CVE-2013-0184.html
    • https://bugzilla.novell.com/805759
    • http://download.suse.com/patch/finder/?keywords=fe3baf16da4284805596caf983f71fcc