Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Fedora 22 Security Update: Activerecord Critical Input Issue

fedora
Calendar Grey February 28, 2016
Dist Fedora Esm H88
Essential Fedora 22 patch for rubygem-activerecord resolving input validation vulnerabilities. Ensure installation without delay.
Security fix for CVE-2015-7577 CVE-2016-0753

Summary

Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties database

tables and classes together for business objects, like Customer or

Subscription, that can find, save, and destroy themselves without resorting to

manual SQL.

Update Information:

Security fix for CVE-2015-7577 CVE-2016-0753

Change Log

References


[ 1 ] Bug #1301973 - CVE-2016-0753 rubygem-activemodel, rubygem-activerecord: possible input validation circumvention in Active Model https://bugzilla.redhat.com/show_bug.cgi?id=1301973 [ 2 ] Bug #1301957 - CVE-2015-7577 rubygem-activerecord: Nested attributes rejection proc bypass in Active Record https://bugzilla.redhat.com/show_bug.cgi?id=1301957

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update rubygem-activerecord' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: rubygem-activerecord
Product: Fedora 22
Version: 4.2.0
Release: 2.fc22
Summary: Implements the ActiveRecord pattern for ORM

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.