Alerts This Week
Warning Icon 1 541
Alerts This Week
Warning Icon 1 541

openSUSE 12.2: 2013:0278-1 Important: Ruby On Rails SQL Injection Fix

opensuse
Calendar Grey February 12, 2013
Dist Opensuse Esm H88
Bolster your openSUSE Ruby on Rails setup by integrating essential security updates and remedies for significant vulnerabilities.
An update that solves 5 vulnerabilities and has four fixes An update that solves 5 vulnerabilities and has four fixes An update that solves 5 vulnerabilities and has four fixes is ...

Description

This update updates the RubyOnRails 2.3 stack to 2.3.16,

also this update updates the RubyOnRails 3.2 stack to

3.2.11.

Security and bugfixes were done, foremost: CVE-2013-0333: A

JSON sql/code injection problem was fixed. CVE-2012-5664: A

SQL Injection Vulnerability in Active Record was fixed.

CVE-2012-2695: A SQL injection via nested hashes in

conditions was fixed. CVE-2013-0155: Unsafe Query

Generation Risk in Ruby on Rails was fixed. CVE-2013-0156:

Multiple vulnerabilities in parameter parsing in Action

Pack were fixed.

Topics%20covered

Topics Covered

security advisory update SQL injection important fix openSUSE ruby on rails

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-106

- openSUSE 12.1:

zypper in -t patch openSUSE-2013-106

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 12.2 (i586 x86_64):

rubygem-actionmailer-2_3-2.3.16-2.5.3

rubygem-actionmailer-2_3-doc-2.3.16-2.5.3

rubygem-actionmailer-2_3-testsuite-2.3.16-2.5.3

rubygem-actionmailer-3_2-3.2.11-2.9.5

rubygem-actionmailer-3_2-doc-3.2.11-2.9.5

rubygem-actionpack-2_3-2.3.16-2.13.3

rubygem-actionpack-2_3-doc-2.3.16-2.13.3

rubygem-actionpack-2_3-testsuite-2.3.16-2.13.3

rubygem-actionpack-3_2-3.2.11-3.9.4

rubygem-actionpack-3_2-doc-3.2.11-3.9.4

rubygem-activemodel-3_2-3.2.11-2.9.2

rubygem-activemodel-3_2-doc-3.2.11-2.9.2

rubygem-activerecord-2_3-2.3.16-2.9.2

rubygem-activerecord-2_3-doc-2.3.16-2.9.2

rubygem-activerecord-2_3-testsuite-2.3.16-2.9.2

rubygem-activerecord-3_2-3.2.11-2.9.1

rubygem-activerecord-3_2-doc-3.2.11-2.9.1

rubygem-activeresource-2_3-2.3.16-2.5.2

rubygem-activeresource-2_3-doc-2.3.16-2.5.2

rubygem-activeresource-2_3-testsuite-2.3.16-2.5.2

rubygem-activeresource-3_2-3.2.11-2.9.1

rubygem-activeresource-3_2-doc-3.2.11-2.9.1

rubygem-activesupport-2_3-2.3.16-3.9.1

rubygem-activesupport-2_3-doc-2.3.16-3.9....

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2012-2695.html

https://www.suse.com/security/cve/CVE-2012-5664.html

https://www.suse.com/security/cve/CVE-2013-0155.html

https://www.suse.com/security/cve/CVE-2013-0156.html

https://www.suse.com/security/cve/CVE-2013-0333.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2013:0278-1
Rating: important
Affected Products: openSUSE 12.2 openSUSE 12.1

Topics%20covered

Topics Covered

security advisory update SQL injection important fix openSUSE ruby on rails

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here