Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

SUSE: 2012:1012-1 Important: Rubygem-Actionpack Query Issues

suse
Calendar Grey August 21, 2012
Dist Suse Esm H88
SUSE has released an update for rubygem-actionview that remedies critical security concerns. Mitigate risks with efficient query handling.
An update that fixes four vulnerabilities is now available

Summary

This update to rubygem-actionpack fixes two unsafe query generations with "IS NULL" in the WHERE clause. (CVE-2012-2660 , CVE-2012-2694 ) Indications: Everyone using rubygem-actionpack should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-rubygem-actionpack-2_3-6630 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): rubygem-actionpack-2_3-2.3.14-0.10.1

Topics%20covered

Topics Covered

security advisory software update important SUSE Linux query issue rubygem-actionpack patch instructions

References

#765097 #766791

Cross- CVE-2012-2660 CVE-2012-2661 CVE-2012-2694

CVE-2012-2695

Affected Products:

SUSE Linux Enterprise Software Development Kit 11 SP2

https://www.suse.com/security/cve/CVE-2012-2660.html

https://www.suse.com/security/cve/CVE-2012-2661.html

https://www.suse.com/security/cve/CVE-2012-2694.html

https://www.suse.com/security/cve/CVE-2012-2695.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2012:1012-1
Rating: important

Topics%20covered

Topics Covered

security advisory software update important SUSE Linux query issue rubygem-actionpack patch instructions

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here