SUSE: 2013:0606-1 Important: Ruby on Rails SQL Injection Threat
suse
April 3, 2013
An update that solves 5 vulnerabilities and has one errata An update that solves 5 vulnerabilities and has one errata An update that solves 5 vulnerabilities and has one errata is ...
Summary
The Ruby on Rails stack has been updated to 2.3.17 to fix
various security issues and bugs.
The rails gems were updated to fix:
* Unsafe Query Generation Risk in Ruby on Rails
(CVE-2013-0155)
* Multiple vulnerabilities in parameter parsing in
Action Pack (CVE-2013-0156)
* SQL Injection Vulnerability in Active Record
(CVE-2012-5664)
* rails: Vulnerability in JSON Parser in Ruby on Rails
3.0 and 2.3 (CVE-2013-0333)
* activerecord: Circumvention of attr_protected
(CVE-2013-0276)
* activerecord: Serialized Attributes YAML
Vulnerability with Rails 2.3 and 3.0 (CVE-2013-0277)
Security Issue references:
* CVE-2012-5664
References
#796712 #797449 #797452 #800320 #803336 #803339
Cross- CVE-2012-5664 CVE-2013-0155 CVE-2013-0156
CVE-2013-0276 CVE-2013-0333
Affected Products:
WebYaST 1.2
SUSE Studio Standard Edition 1.2
SUSE Studio Onsite 1.2
SUSE Studio Extension for System z 1.2
https://www.suse.com/security/cve/CVE-2012-5664.html
https://www.suse.com/security/cve/CVE-2013-0155.html
https://www.suse.com/security/cve/CVE-2013-0156.html
https://www.suse.com/security/cve/CVE-2013-0276.html
https://www.suse.com/security/cve/CVE-2013-0333.html
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2013:0606-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!