Important Security Patch - Ruby on Rails Vulnerability - CVE-2013-0333 - CVE-2013-0156

 

 

Dear Aspera Customer,

Recently, CVE and other Internet security sources disclosed a critical vulnerability in the Ruby on Rails framework popular for web application development. Aspera uses affected versions of Ruby on Rails in our Console, faspex, and Shares applications. Please note that Connect Server does not use Ruby on Rails and thus is not vulnerable.

The vulnerability is described by the CVE at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0333/

The vulnerability CVE-2013-0156 is addressed in this patch as well
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156/

Aspera has made available a patch for each application that closes these vulnerabilities. We strongly advise that all customers running these applications apply the appropriate patch.

The patch application is simple, and instructions are provided within the downloadable zip file. If you have any questions, or would like assistance, please feel free to contact Aspera Support atsupport@asperasoft.com.

You may download the patch from the following URLs:

Faspex

http://download.asperasoft.com/download/patches/faspex/faspex_fix_rails_vulnerabilities_2013_02_10.zip

Console
Shares


md5sum:

87d7c293a1b884775e92de416731c967          faspex_fix_rails_vulnerabilities_2013_02_10.zip

cc53bbd0e900b9c153e93de2e83b13ea          console_16_security_fix_2013_01_31.zip

65a497895d20b588e9ab321ca455db58          AsperaShares-1.0-security-patch-5.zip


The patches are compatible with the following General Release versions of these Aspera products:

Shares 1.0+
faspex 3.0+
Console 1.7+

While the patch may work with earlier application versions, Aspera cannot guarantee it. Therefore, we request that all customers upgrade to these minimum general release versions before applying the patch.

Thank you for your attention to this matter.

Best regards,

Aspera, Inc.



Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk