Pardus: 2010-90: Ruby: Cross Site Scripting
Posted by Benjamin D. Thomas   
An XSS vulnerability has been fixed in WEBrick module.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-90            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-06-30
  Severity: 3
      Type: Local
------------------------------------------------------------------------

Summary
======
An XSS vulnerability has been fixed in WEBrick module.


Description
==========
CVE-2010-0541:

Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server  in
Ruby in Apple Mac OS X 10.5.8, and 10.6 before  10.6.4,  allows  remote
attackers to inject arbitrary web script or HTML via a crafted URI that
triggers a UTF-7 error page.


Affected packages:

  Pardus 2009:
    ruby, all before 1.8.7_p249-23-6


Resolution
=========
There are update(s) for ruby. You can update them via Package Manager or
with a single command from console:

    pisi up ruby

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id577

------------------------------------------------------------------------