openSUSE Security Update : rubygem-actionpack (rubygem-actionpack-1946)
Medium Nessus Plugin ID 44980
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update of rubygems fixes two vulnerabilities :
- CVE-2008-7248: CVSS v2 Base Score: 4.3 Rails CSRF protection can be bypassed by using special content-types for a HTTP request.
- CVE-2009-4214: CVSS v2 Base Score: 4.3 The method strip_tags does not completely protect against XSS attacks.
SolutionUpdate the affected rubygem-actionpack packages.