Important Security Patch - Ruby on Rails Vulnerability

 

 

Dear Aspera Customer,

Recently, CVE and other Internet security sources disclosed a critical vulnerability in the Ruby on Rails framework popular for web application development. Aspera uses affected versions of Ruby on Rails in our Console, faspex, and Shares applications. Please note that Connect Server does not use Ruby on Rails and thus is not vulnerable.

The vulnerability is described by the CVE at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156/

Aspera has made available a patch for each application that closes the vulnerability. We strongly advise that all customers running these applications apply the appropriate patch.

The patch application is simple, and instructions are provided within the downloadable zip file. If you have any questions, or would like assistance, please feel free to contact Aspera Support atsupport@asperasoft.com.

You may download the patch from the following URLs:

http://download.asperasoft.com/download/patches/shares/1.0.1/AsperaShares-1.0-xml-patch-3.zip

http://download.asperasoft.com/download/patches/faspex/faspex-xml-patch-2.zip

http://download.asperasoft.com/download/patches/console/console-1.6-security-fix-patch-2.zip


md5sum:

8666e13e474ce6d8483145864533bac3          AsperaShares-1.0-xml-patch-3.zip

cb87900708be33bfa8ea2e253749c10d           faspex-xml-patch-2.zip

7ac9dc9d53e0fd5e3beec404b3e4356d           console-1.6-security-fix-patch-2.zip


The patches are compatible with the following General Release versions of these Aspera products:

Shares 1.0+
faspex 2.6+ and faspex 3.0+

Console 1.6+ and Console 1.7+

While the patch may work with earlier application versions, Aspera cannot guarantee it. Therefore, we request that all customers upgrade to these minimum general release versions before applying the patch.

Thank you for your attention to this matter.

Best regards,

Aspera, Inc.

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk