Security update for rubygem-activesupport-4_1

Announcement ID:	SUSE-SU-2016:0857-1
Rating:	moderate
References:	bsc#970715
Cross-References:	CVE-2015-7576
CVSS scores:	CVE-2015-7576 ( NVD ): 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products:	SUSE Cloud 5

An update that solves one vulnerability can now be installed.

Description:

This update for rubygem-activesupport-4_1 fixes the following issues:

The previous security patch for CVE-2015-7576 was adding a new file but this file was not being added in the gemspec, thus the resulting gem didn't have it. This update includes the patch in the gem file too.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Cloud 5
  zypper in -t patch sleclo50sp3-rubygem-activesupport-4_1-12469=1

Package List:

• SUSE Cloud 5 (x86_64)
  • ruby2.1-rubygem-activesupport-4_1-4.1.9-15.1

References:

• https://www.suse.com/security/cve/CVE-2015-7576.html
• https://bugzilla.suse.com/show_bug.cgi?id=970715