Security update for rubygem-activesupport-3_2 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1279-1 Final 1 1 2015-07-15T06:44:06Z current 2015-07-15T06:44:06Z 2015-07-15T06:44:06Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for rubygem-activesupport-3_2 rubygem-activesupport-3_2 was updated to fix one security issue. This security issue was fixed: - CVE-2015-3227: Possible Denial of Service attack in Active Support (bsc#934800). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-07/msg00050.html E-Mail link for openSUSE-SU-2015:1279-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings rubygem-activesupport-3_2-3.2.13-3.17.1 rubygem-activesupport-3_2-doc-3.2.13-3.17.1 The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth. CVE-2015-3227 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-07/msg00050.html https://www.suse.com/security/cve/CVE-2015-3227.html CVE-2015-3227 https://bugzilla.suse.com/934800 SUSE Bug 934800