SUSE: 2013:0486-1 Important: Ruby On Rails Security Fix
suse
March 19, 2013
An update that solves 5 vulnerabilities and has one errata An update that solves 5 vulnerabilities and has one errata An update that solves 5 vulnerabilities and has one errata is ...
Summary
The Ruby on Rails stack has been updated to 2.3.17 to fix
various security issues and bugs.
The rails gems have been updated to fix:
* Unsafe Query Generation Risk in Ruby on Rails
(CVE-2013-0155)
* Multiple vulnerabilities in parameter parsing in
Action Pack (CVE-2013-0156)
* activerecord: SQL Injection (CVE-2012-5664)
* rails: Vulnerability in JSON Parser in Ruby on Rails
3.0 and 2.3 (CVE-2013-0333)
* activerecord: Circumvention of attr_protected
(CVE-2013-0276)
* activerecord: Serialized Attributes YAML
Vulnerability with Rails 2.3 and 3.0 (CVE-2013-0277)
Security Issue references:
* CVE-2012-5664
Topics Covered
References
#796712 #797449 #797452 #800320 #803336 #803339
Cross- CVE-2012-5664 CVE-2013-0155 CVE-2013-0156
CVE-2013-0276 CVE-2013-0277
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP2
SUSE Cloud 1.0
https://www.suse.com/security/cve/CVE-2012-5664.html
https://www.suse.com/security/cve/CVE-2013-0155.html
https://www.suse.com/security/cve/CVE-2013-0156.html
https://www.suse.com/security/cve/CVE-2013-0276.html
https://www.suse.com/security/cve/CVE-2013-0277.html
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2013:0486-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!