CVE-2009-4214

Common Vulnerabilities and Exposures

Upstream information

CVE-2009-4214 at MITRE

Description

Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/action_controller/vendor/html-scanner/html/node.rb.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Novell/SUSE information

Novell Bugzilla entry: 558879

SUSE Security Advisories:

SUSE-SR:2010:005, published Tue, 23 Feb 2010 14:00:00 +0000
SUSE-SR:2010:006, published Mon, 15 Mar 2010 11:11:00 +0000
openSUSE-SU-2010:0186-1, published Fri, 16 Apr 2010 16:11:59 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise SDK 11 GA	`rubygem-actionpack-2_1 >= 2.1.2-1.4.1`	sle11-sdk.ia64 sle11-sdk.x86-64 sle11-sdk.s390x sle11-sdk.x86 sle11-sdk.ppc SAT Patch Nr: 1936
openSUSE 11.0	`rubygem-actionpack >= 1.13.5-71.4`
openSUSE 11.1	`rubygem-actionpack >= 2.1.1-2.6.1` `rubygem-actionpack-2_1 >= 2.1.1-2.25.1`
openSUSE 11.2	`rubygem-actionpack >= 2.3.2-2.2.1`
SUSE Linux Enterprise SDK 10 SP2	`rubygem-actionpack-2_0 >= 2.0.2-0.8.2`	sle10-sp2-sdk.x86 sle10-sp2-sdk.s390x sle10-sp2-sdk.ia64 sle10-sp2-sdk.x86-64 sle10-sp2-sdk.ppc ZYPP Patch Nr: 6872
SUSE Lifecycle Management Server SUSE Studio Onsite SUSE Webyast	`rubygem-actionpack-2_3 >= 2.3.4-0.5.1`	slms1.x86-64 SAT Patch Nr: 2001
SUSE Linux Enterprise SDK 10 SP3	`rubygem-actionpack-2_0 >= 2.0.2-0.9.1`	sle10-sp3-sdk.ia64 sle10-sp3-sdk.ppc sle10-sp3-sdk.x86 sle10-sp3-sdk.s390x sle10-sp3-sdk.x86-64 ZYPP Patch Nr: 6874
SUSE Linux Enterprise SDK 10 SP2	`rubygem-actionpack-1_12 >= 1.12.5-0.8.1`	sle10-sp2-sdk.x86-64 sle10-sp2-sdk.x86 sle10-sp2-sdk.ppc sle10-sp2-sdk.s390x sle10-sp2-sdk.ia64 ZYPP Patch Nr: 6877
openSUSE 11.2	`rubygem-actionpack-2_3 >= 2.3.2-4.4.1`
SUSE Linux Enterprise SDK 10 SP3	`rubygem-actionpack-1_12 >= 1.12.5-0.8.1`	sle10-sp3-sdk.x86 sle10-sp3-sdk.ppc sle10-sp3-sdk.ia64 sle10-sp3-sdk.s390x sle10-sp3-sdk.x86-64 ZYPP Patch Nr: 6878

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy