Security update for rubygem-actionpack-5_1
This update for rubygem-actionpack-5_1 fixes the following issues:
Security issues fixed:
- CVE-2019-5418: Fixed a file content disclosure vulnerability in Action View which
could be exploited via specially crafted accept headers in combination with calls
to render file (bsc#1129272).
- CVE-2019-5419: Fixed a resource exhaustion issue in Action View which could make
the server unable to process requests (bsc#1129271).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Lukas Krause (krauselukas)
Fixed bugs
bnc#1129272
VUL-0: CVE-2019-5418: rubygem-actionpack-4_2,rubygem-actionpack-5_1: possible file content disclosure
bnc#1129271
VUL-0: CVE-2019-5419: rubygem-actionpack-4_2,rubygem-actionpack-5_1: potential denial of service vulnerability