Test ID:	1.3.6.1.4.1.25623.1.0.69466
Category:	Fedora Local Security Checks
Title:	Fedora Core 15 FEDORA-2011-4358 (rubygem-activesupport)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to rubygem-activesupport announced via advisory FEDORA-2011-4358. Update Information: Update to the Rails 3.0.5 References: [ 1 ] Bug #679351 - CVE-2011-0449 rubygem-actionpack: Intended access restriction bypass via crafted action name, when case-insensitive filesystem is used https://bugzilla.redhat.com/show_bug.cgi?id=679351 [ 2 ] Bug #679343 - CVE-2011-0448 rubygem-activerecord: SQL injection attacks via a non-numeric arguments https://bugzilla.redhat.com/show_bug.cgi?id=679343 [ 3 ] Bug #677631 - CVE-2011-0447 rubygem-actionpack: CSRF flaws due improper validation of HTTP headers containing X-Requested-With header https://bugzilla.redhat.com/show_bug.cgi?id=677631 [ 4 ] Bug #677626 - CVE-2011-0446 rubygem-actionpack: Multiple XSS flaws via crafted name or email value in the mail_to_helper https://bugzilla.redhat.com/show_bug.cgi?id=677626 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update rubygem-activesupport' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2011-4358 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0449 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain http://securitytracker.com/id?1025061 http://secunia.com/advisories/43278 http://www.vupen.com/english/advisories/2011/0877 Common Vulnerability Exposure (CVE) ID: CVE-2011-0448 https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474 http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain http://securitytracker.com/id?1025063 Common Vulnerability Exposure (CVE) ID: CVE-2011-0447 BugTraq ID: 46291 http://www.securityfocus.com/bid/46291 Debian Security Information: DSA-2247 (Google Search) http://www.debian.org/security/2011/dsa-2247 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain http://www.securitytracker.com/id?1025060 http://secunia.com/advisories/43274 http://secunia.com/advisories/43666 http://www.vupen.com/english/advisories/2011/0587 Common Vulnerability Exposure (CVE) ID: CVE-2011-0446 http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain http://www.securitytracker.com/id?1025064
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.