Bug 750621 - VUL-0: CVE-2012-1098: rubygem-rails: string class XSS vulnerability
VUL-0: CVE-2012-1098: rubygem-rails: string class XSS vulnerability
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
. maint:running:48141:moderate
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-06 08:50 UTC by Matthias Weckbecker
Modified: 2015-03-05 08:35 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Weckbecker 2012-03-06 08:50:13 UTC
A cross-site scripting (XSS) flaw was found in the way the String class, used
in Ruby on Rails, performed HTML escaping of SafeBuffer objects, when such
objects were manipulated directly via '[]' method or other methods, also
returning new instances of SafeBuffer object. By using these methods, such
newly returned SafeBuffer instances would be inadvertently marked as HTML safe.
If a Ruby on Rails application used SafeBuffer objects this way, a remote
attacker could provide a specially-crafted input, which once processed by such
SafeBuffer instance would pass the HTML escaping test without further
filtering, possibly leading to arbitrary HTML or webscript execution.

http://groups.google.com/group/rubyonrails-security/browse_thread/thread/edd28f1e3d04e913
Comment 4 Swamp Workflow Management 2012-03-14 15:03:36 UTC
The SWAMPID for this issue is 46071.
This issue was rated as moderate.
Please submit fixed packages until 2012-03-28.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 5 Marcus Rückert 2012-03-28 13:56:00 UTC
Submitted the following packages to SP2
rubygem-actionmailer-3_1
rubygem-actionpack-3_1
rubygem-activemodel-3_1
rubygem-activerecord-3_1
rubygem-activeresource-3_1
rubygem-activesupport-3_1
rubygem-rails-3_1
rubygem-railties-3_1

Additionally those 2 packages have to be updated aswell:
rubygem-arel-2_2
rubygem-rack-1_3
Comment 6 Marcus Rückert 2012-03-28 13:57:29 UTC
Requests created:  18327 18328 18329 18330 18331 18332 18333 18334 18335 18336
Successfully finished
Comment 9 Sebastian Krahmer 2012-07-04 10:51:43 UTC
therefore done