Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

SUSE: 2012:1012-2 Critical: rubygem-actionview XSS Vulnerability

suse
Calendar Grey August 21, 2012
Dist Suse Esm H88
SUSE Security Update for rubygem-rails addresses critical vulnerability regarding remote code execution with high severity rating and detailed patch guidelines.
An update that fixes one vulnerability is now available

Summary

This update to rubygem-activerecord fixes a SQL injection caused by mishandling nested parameters . ( CVE-2012-2695 ) Indications: Everyone using rubygem-activerecord should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST [Appliance - Tools]: zypper in -t patch slewystsp1-rubygem-activerecord-2_3-6620 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-rubygem-activerecord-2_3-6620 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST [Appliance - Tools] (i586 ia64 ppc64 s390x x86_64) [New Version: 2.3.14]: rubygem-activerecord-2_3-2.3.14-0.7.6.1

Topics%20covered

Topics Covered

security advisory SQL injection SUSE important update rubygem-activerecord

References

#766792

Cross- CVE-2012-2695

Affected Products:

WebYaST [Appliance - Tools]

SUSE Linux Enterprise Software Development Kit 11 SP1

https://www.suse.com/security/cve/CVE-2012-2695.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2012:1011-1
Rating: important

Topics%20covered

Topics Covered

security advisory SQL injection SUSE important update rubygem-activerecord

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here