Security update for rubygem-sprockets-2_12

SUSE Security Update: Security update for rubygem-sprockets-2_12
Announcement ID: SUSE-SU-2018:2176-1
Rating: moderate
References: #1098369
Affected Products:
  • SUSE OpenStack Cloud Crowbar 8

  • An update that fixes one vulnerability is now available.


    This update for rubygem-sprockets-2_12 fixes the following issues:

    Security issue fixed:

    - CVE-2018-3760: Fix path traversal in
    sprockets/server.rb:forbidden_request?() that can allow remote attackers
    to read arbitrary files (bsc#1098369).

    Patch Instructions:

    To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
    Alternatively you can run the command listed for your product:

    • SUSE OpenStack Cloud Crowbar 8:
      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-1326=1

    Package List:

    • SUSE OpenStack Cloud Crowbar 8 (x86_64):
      • ruby2.1-rubygem-sprockets-2_12-2.12.5-1.4.1