Fedora 23: 2016-cc465a34df Critical: rubygem-activerecord Flaws
fedora
February 28, 2016
Security fix for CVE-2015-7577 Security fix for CVE-2016-0753
Summary
Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties database
tables and classes together for business objects, like Customer or
Subscription, that can find, save, and destroy themselves without resorting to
manual SQL.
Update Information:
Security fix for CVE-2015-7577 Security fix for CVE-2016-0753
Change Log
References
[ 1 ] Bug #1301973 - CVE-2016-0753 rubygem-activemodel, rubygem-activerecord: possible input validation circumvention in Active Model
https://bugzilla.redhat.com/show_bug.cgi?id=1301973
[ 2 ] Bug #1301957 - CVE-2015-7577 rubygem-activerecord: Nested attributes rejection proc bypass in Active Record
https://bugzilla.redhat.com/show_bug.cgi?id=1301957
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update rubygem-activerecord' at the command line. For more information, refer to "Managing Software with yum", available at .
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: rubygem-activerecord
Product: Fedora 23
Version: 4.2.3
Release: 2.fc23
Summary: Implements the ActiveRecord pattern for ORM
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!