An update for rubygem-actionpack is now available for openEuler-22.03-LTS-SP3
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2024-1709
Final
1.0
1.0
2024-06-14
Initial
2024-06-14
2024-06-14
openEuler SA Tool V1.0
2024-06-14
rubygem-actionpack security update
An update for rubygem-actionpack is now available for openEuler-22.03-LTS-SP3.
Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser.
Security Fix(es):
Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.(CVE-2024-28103)
An update for rubygem-actionpack is now available for openEuler-22.03-LTS-SP3.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Medium
rubygem-actionpack
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1709
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-28103
https://nvd.nist.gov/vuln/detail/CVE-2024-28103
openEuler-22.03-LTS-SP3
rubygem-actionpack-6.1.4.1-5.oe2203sp3.noarch.rpm
rubygem-actionpack-doc-6.1.4.1-5.oe2203sp3.noarch.rpm
rubygem-actionpack-6.1.4.1-5.oe2203sp3.src.rpm
Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.
2024-06-14
CVE-2024-28103
openEuler-22.03-LTS-SP3
Medium
5.4
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
rubygem-actionpack security update
2024-06-14
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1709