Novell Home

CVE-2013-1855

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-1855 at MITRE

Description

The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Novell/SUSE information

Novell Bugzilla entry: 809935

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Studio Onsite 1.3
  • susestudio >= 1.3.1.0-0.5.2
  • susestudio-bundled-packages >= 1.3.1.0-0.5.2
  • susestudio-common >= 1.3.1.0-0.5.2
  • susestudio-runner >= 1.3.1.0-0.5.2
  • susestudio-sid >= 1.3.1.0-0.5.2
  • susestudio-ui-server >= 1.3.1.0-0.5.2
Builds
SAT Patch Nr: 7721
BDK 11 SP2
  • rubygem-actionmailer-3_2 >= 3.2.12-0.5.9
  • rubygem-actionpack-3_2 >= 3.2.12-0.7.1
  • rubygem-activemodel-3_2 >= 3.2.12-0.5.8
  • rubygem-activerecord-3_2 >= 3.2.12-0.7.1
  • rubygem-activeresource-3_2 >= 3.2.12-0.5.8
  • rubygem-rails-3_2 >= 3.2.12-0.5.10
  • rubygem-railties-3_2 >= 3.2.12-0.7.9
Builds
SAT Patch Nr: 7617
SUSE Linux Enterprise Software Development Kit 11 SP2
  • rubygem-activesupport-3_2 >= 3.2.12-0.5.8
  • rubygem-rack-1_4 >= 1.4.5-0.5.8
Builds
SAT Patch Nr: 7617
SUSE Lifecycle Management Server 1.3
SUSE Studio Onsite 1.3
WebYaST 1.3
  • rubygem-actionmailer-3_2 >= 3.2.12-0.5.9
  • rubygem-actionpack-3_2 >= 3.2.12-0.7.1
  • rubygem-activemodel-3_2 >= 3.2.12-0.5.8
  • rubygem-activerecord-3_2 >= 3.2.12-0.7.1
  • rubygem-activeresource-3_2 >= 3.2.12-0.5.8
  • rubygem-activesupport-3_2 >= 3.2.12-0.5.8
  • rubygem-rack-1_4 >= 1.4.5-0.5.8
  • rubygem-rails-3_2 >= 3.2.12-0.5.10
  • rubygem-railties-3_2 >= 3.2.12-0.7.9
Builds
SAT Patch Nr: 7617

© 2014 Novell