Novell Home

CVE-2008-5189

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2008-5189 at MITRE

Description

CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.

Novell/SUSE information

Novell Bugzilla entry: 436934, 447441

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 10.2
  • rubygem-actionpack >= 1.12.5-21
openSUSE 10.3
  • rubygem-actionpack >= 1.13.3-20.5
SLE SDK 10 SP1 for IBM iSeries and IBM pSeries
SLE SDK 10 SP1 for IBM zSeries
SLE SDK 10 SP1 for IPF
SLE SDK 10 SP1 for X86-64
SLE SDK 10 SP1 for x86
  • rubygem-actionpack >= 1.12.3-1.14
 sle10-sp1-sdk.ia64
sle10-sp2-sdk.x86
sle10-sp1-sdk.x86
sle10-sp2-sdk.ia64
sle10-sp1-sdk.s390x
sle10-sp2-sdk.ppc
sle10-sp2-sdk.s390x
sle10-sp1-sdk.ppc
sle10-sp1-sdk.x86-64
sle10-sp2-sdk.x86-64
ZYPP Patch Nr: 5821

© 2012 Novell