Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 2 articles for you...
202
security advisorymoderate severityruby updateopenSUSE Tumbleweed: 2025:15112-1 moderate: security for ruby3.4-active
An update that solves 4 vulnerabilities can now be installed.. # ruby3.4-rubygem-activerecord-7.0-7.0.8.6-1.3 on GA media Announcement ID: openSUSE-SU-2025:15112-1 Rating: moderate Cross-References: * CVE-2022-32224 * CVE-2022-44566 * CVE-2023-22794 * CVE-2023-38037 CVSS scores: * CVE-2022-32224 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-44566 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Tumbleweed An update that solves 4 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the ruby3.4-rubygem-activerecord-7.0-7.0.8.6-1.3 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * ruby3.4-rubygem-activerecord-7.0 7.0.8.6-1.3 ## References: * https://www.suse.com/security/cve/CVE-2022-32224.html * https://www.suse.com/security/cve/CVE-2022-44566.html * https://www.suse.com/security/cve/CVE-2023-22794.html * https://www.suse.com/security/cve/CVE-2023-38037.html . Four vulnerabilities addressed in ruby3.4-rubygem-activerecord within openSUSE Tumbleweed, contributing to improved system security.. openSUSE Tumbleweed, ruby3.4, activerecord, security issues, moderate severity. . LinuxSecurity.com Team
May 18, 2025
OpenSUSE
89
security advisoryFedoraXSSFedora 38: 2023-d6157bb1e2 Moderate: rubygem-activerecord XSS Issue
Update to 7.0.4.3. https://rubyonrails.org/2023/3/13/Rails-7-0-4-3-and-6-1-7-3-have-been-released. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-d6157bb1e2 2023-04-01 00:15:35.161368 --------------------------------------------------------------------------------Name : rubygem-activerecord Product : Fedora 38 Version : 7.0.4.3 Release : 1.fc38 URL : https://rubyonrails.org/ Summary : Object-relational mapper framework (part of Rails) Description : Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. --------------------------------------------------------------------------------Update Information: Update to 7.0.4.3. https://rubyonrails.org/2023/3/13/Rails-7-0-4-3-and-6-1-7-3-have-been-released --------------------------------------------------------------------------------ChangeLog: * Tue Mar 14 2023 Pavel Valena - 1:7.0.4.3-1 - Update to activerecord 7.0.4.3. --------------------------------------------------------------------------------References: [ 1 ] Bug #2179637 - CVE-2023-28120 rubygem-activesupport: Possible XSS in SafeBuffer#bytesplice https://bugzilla.redhat.com/show_bug.cgi?id=2179637 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-d6157bb1e2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 01, 2023
Fedora
100
security advisoryupdateDoSSUSE OpenStack Cloud Crowbar 9 High: CVE-2021-22880 Moderate DoS Fix
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for rubygem-activerecord-4_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3267-1 Rating: moderate References: #1182169 Cross-References: CVE-2021-22880 CVSS scores: CVE-2021-22880 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-22880 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-activerecord-4_2 fixes the following issues: - CVE-2021-22880: Fixed possible DoS vector in PostgreSQL money type (bsc#1182169). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3267=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3267=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ruby2.1-rubygem-activerecord-4_2-4.2.9-6.6.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-activerecord-4_2-4.2.9-6.6.1 References: https://www.suse.com/security/cve/CVE-2021-22880.html https://bugzilla.suse.com/1182169 . SUSE Patch Update: Enhancement for rubygem-activerecord-4_2 addressing CVE-2021-22880. Further information provided.. SUSE Updates, Rubygem Fixes, Cloud Crowbar Security, DoS Patch, Security Improvements. . LinuxSecurity.com Team
Sep 30, 2021
SuSE
98
security advisoryred hatrubyCentOS: CSA-2021:1123-01 Critical: php72 Service Disruption
Updated ruby193-rubygem-actionpack and ruby193-rubygem-activerecord packages that fix multiple security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Important security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: ruby193 security update Advisory ID: RHSA-2016:0455-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:0455.html Issue date: 2016-03-15 CVE Names: CVE-2015-7576 CVE-2015-7577 CVE-2016-0751 CVE-2016-0752 CVE-2016-2097 CVE-2016-2098 ==================================================================== 1. Summary: Updated ruby193-rubygem-actionpack and ruby193-rubygem-activerecord packages that fix multiple security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: The ruby193 collection providesRuby version 1.9.3 and Ruby on Rails version 3.2. Ruby on Rails is a model-view-controller (MVC) framework for web application development. The following issues were corrected in rubygem-actionpack: Multiple directory traversal flaws were found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use these flaws to render unexpected files and, possibly, execute arbitrary code. (CVE-2016-0752, CVE-2016-2097) A code injection flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to execute arbitrary code. (CVE-2016-2098) A flaw was found in the way the Action Pack component performed MIME type lookups. Since queries were cached in a global cache of MIME types, an attacker could use this flaw to grow the cache indefinitely, potentially resulting in a denial of service. (CVE-2016-0751) A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing attack. (CVE-2015-7576) The following issue was corrected in rubygem-activerecord: A flaw was found in the Active Record component's handling of nested attributes in combination with the destroy flag. An attacker could possibly use this flaw to set attributes to invalid values or clear all attributes. (CVE-2015-7577) Red Hat would like to thank the Ruby on Rails project for reporting these issues. Upstream acknowledges John Poulin as the original reporter of CVE-2016-0752, Jyoti Singh and Tobias Kraze (makandra) as original reporters of CVE-2016-2097, Tobias Kraze (makandra) and joernchen (Phenoelit) as original reporters of CVE-2016-2098, Aaron Patterson(Red Hat) as the original reporter of CVE-2016-0751, Daniel Waterworth as the original reporter of CVE-2015-7576, and Justin Coyne as the original reporter of CVE-2015-7577. All ruby193 collection rubygem-actionpack and rubygem-activerecord packages users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using the ruby193 collection must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1301933 - CVE-2015-7576 rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller 1301946 - CVE-2016-0751 rubygem-actionpack: possible object leak and denial of service attack in Action Pack 1301957 - CVE-2015-7577 rubygem-activerecord: Nested attributes rejection proc bypass in Active Record 1301963 - CVE-2016-0752 rubygem-actionview, rubygem-actionpack: directory traversal flaw in Action View 1310043 - CVE-2016-2097 rubygem-actionview, rubygem-actionpack: directory traversal in Action View, incomplete CVE-2016-0752 fix 1310054 - CVE-2016-2098 rubygem-actionview, rubygem-actionpack: code injection vulnerability in Action View 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: ruby193-rubygem-actionpack-3.2.8-16.el6.src.rpm ruby193-rubygem-activerecord-3.2.8-11.el6.src.rpm ruby193-rubygem-activesupport-3.2.8-6.el6.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-16.el6.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-16.el6.noarch.rpm ruby193-rubygem-activerecord-3.2.8-11.el6.noarch.rpm ruby193-rubygem-activerecord-doc-3.2.8-11.el6.noarch.rpm ruby193-rubygem-activesupport-3.2.8-6.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v.6.6): Source: ruby193-rubygem-actionpack-3.2.8-16.el6.src.rpm ruby193-rubygem-activerecord-3.2.8-11.el6.src.rpm ruby193-rubygem-activesupport-3.2.8-6.el6.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-16.el6.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-16.el6.noarch.rpm ruby193-rubygem-activerecord-3.2.8-11.el6.noarch.rpm ruby193-rubygem-activerecord-doc-3.2.8-11.el6.noarch.rpm ruby193-rubygem-activesupport-3.2.8-6.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: ruby193-rubygem-actionpack-3.2.8-16.el6.src.rpm ruby193-rubygem-activerecord-3.2.8-11.el6.src.rpm ruby193-rubygem-activesupport-3.2.8-6.el6.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-16.el6.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-16.el6.noarch.rpm ruby193-rubygem-activerecord-3.2.8-11.el6.noarch.rpm ruby193-rubygem-activerecord-doc-3.2.8-11.el6.noarch.rpm ruby193-rubygem-activesupport-3.2.8-6.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: ruby193-rubygem-actionpack-3.2.8-16.el6.src.rpm ruby193-rubygem-activerecord-3.2.8-11.el6.src.rpm ruby193-rubygem-activesupport-3.2.8-6.el6.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-16.el6.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-16.el6.noarch.rpm ruby193-rubygem-activerecord-3.2.8-11.el6.noarch.rpm ruby193-rubygem-activerecord-doc-3.2.8-11.el6.noarch.rpm ruby193-rubygem-activesupport-3.2.8-6.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: ruby193-rubygem-actionpack-3.2.8-16.el7.src.rpm ruby193-rubygem-activerecord-3.2.8-11.el7.src.rpm ruby193-rubygem-activesupport-3.2.8-6.el7.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-16.el7.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-16.el7.noarch.rpm ruby193-rubygem-activerecord-3.2.8-11.el7.noarch.rpm ruby193-rubygem-activerecord-doc-3.2.8-11.el7.noarch.rpm ruby193-rubygem-activesupport-3.2.8-6.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux ServerEUS (v. 7.1): Source: ruby193-rubygem-actionpack-3.2.8-16.el7.src.rpm ruby193-rubygem-activerecord-3.2.8-11.el7.src.rpm ruby193-rubygem-activesupport-3.2.8-6.el7.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-16.el7.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-16.el7.noarch.rpm ruby193-rubygem-activerecord-3.2.8-11.el7.noarch.rpm ruby193-rubygem-activerecord-doc-3.2.8-11.el7.noarch.rpm ruby193-rubygem-activesupport-3.2.8-6.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: ruby193-rubygem-actionpack-3.2.8-16.el7.src.rpm ruby193-rubygem-activerecord-3.2.8-11.el7.src.rpm ruby193-rubygem-activesupport-3.2.8-6.el7.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-16.el7.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-16.el7.noarch.rpm ruby193-rubygem-activerecord-3.2.8-11.el7.noarch.rpm ruby193-rubygem-activerecord-doc-3.2.8-11.el7.noarch.rpm ruby193-rubygem-activesupport-3.2.8-6.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: ruby193-rubygem-actionpack-3.2.8-16.el7.src.rpm ruby193-rubygem-activerecord-3.2.8-11.el7.src.rpm ruby193-rubygem-activesupport-3.2.8-6.el7.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-16.el7.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-16.el7.noarch.rpm ruby193-rubygem-activerecord-3.2.8-11.el7.noarch.rpm ruby193-rubygem-activerecord-doc-3.2.8-11.el7.noarch.rpm ruby193-rubygem-activesupport-3.2.8-6.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2015-7576 https://access.redhat.com/security/cve/CVE-2015-7577 https://access.redhat.com/security/cve/CVE-2016-0751 https://access.redhat.com/security/cve/CVE-2016-0752 https://access.redhat.com/security/cve/CVE-2016-2097 https://access.redhat.com/security/cve/CVE-2016-2098 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW6HmzXlSAg2UNWIIRAlodAJ4xsvfnvT+4dXQg6k8tXlybsUKMewCdHQ5U VaJQwkO55rBB9+BqLsW72aU=l7E9 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Mar 15, 2016
•Important
Red Hat
98
security advisorysecurity updatered hatRed Hat: RHSA-2016-0454 Important ActionPack & ActiveRecord Update Critical
Updated ror40-rubygem-actionpack and ror40-rubygem-activerecord packages that fix multiple security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Important security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: ror40 security update Advisory ID: RHSA-2016:0454-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:0454.html Issue date: 2016-03-15 CVE Names: CVE-2015-7576 CVE-2015-7577 CVE-2015-7581 CVE-2016-0751 CVE-2016-0752 CVE-2016-2097 CVE-2016-2098 ==================================================================== 1. Summary: Updated ror40-rubygem-actionpack and ror40-rubygem-activerecord packages that fix multiple security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: The ror40collection provides Ruby on Rails version 4.0. Ruby on Rails is a model-view-controller (MVC) framework for web application development. The following issues were corrected in rubygem-actionpack: Multiple directory traversal flaws were found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use these flaws to render unexpected files and, possibly, execute arbitrary code. (CVE-2016-0752, CVE-2016-2097) A code injection flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to execute arbitrary code. (CVE-2016-2098) A flaw was found in the way the Action Pack component performed MIME type lookups. Since queries were cached in a global cache of MIME types, an attacker could use this flaw to grow the cache indefinitely, potentially resulting in a denial of service. (CVE-2016-0751) A flaw was found in the Action Pack component's caching of controller references. An attacker could use this flaw to cause unbounded memory growth, potentially resulting in a denial of service. (CVE-2015-7581) A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing attack. (CVE-2015-7576) The following issue was corrected in rubygem-activerecord: A flaw was found in the Active Record component's handling of nested attributes in combination with the destroy flag. An attacker could possibly use this flaw to set attributes to invalid values or clear all attributes. (CVE-2015-7577) Red Hat would like to thank the Ruby on Rails project for reporting these issues. Upstream acknowledges John Poulin as the original reporterof CVE-2016-0752, Jyoti Singh and Tobias Kraze (makandra) as original reporters of CVE-2016-2097, Tobias Kraze (makandra) and joernchen (Phenoelit) as original reporters of CVE-2016-2098, Aaron Patterson (Red Hat) as the original reporter of CVE-2016-0751, Daniel Waterworth as the original reporter of CVE-2015-7576, and Justin Coyne as the original reporter of CVE-2015-7577. All ror40 collection rubygem-actionpack and rubygem-activerecord packages users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using the ror40 collection must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1301933 - CVE-2015-7576 rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller 1301946 - CVE-2016-0751 rubygem-actionpack: possible object leak and denial of service attack in Action Pack 1301957 - CVE-2015-7577 rubygem-activerecord: Nested attributes rejection proc bypass in Active Record 1301963 - CVE-2016-0752 rubygem-actionview, rubygem-actionpack: directory traversal flaw in Action View 1301981 - CVE-2015-7581 rubygem-actionpack: Object leak vulnerability for wildcard controller routes in Action Pack 1310043 - CVE-2016-2097 rubygem-actionview, rubygem-actionpack: directory traversal in Action View, incomplete CVE-2016-0752 fix 1310054 - CVE-2016-2098 rubygem-actionview, rubygem-actionpack: code injection vulnerability in Action View 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v.6): Source: ror40-rubygem-actionpack-4.0.2-7.el6.src.rpm ror40-rubygem-activerecord-4.0.2-6.el6.src.rpm ror40-rubygem-activesupport-4.0.2-4.el6.src.rpm noarch: ror40-rubygem-actionpack-4.0.2-7.el6.noarch.rpm ror40-rubygem-actionpack-doc-4.0.2-7.el6.noarch.rpm ror40-rubygem-activerecord-4.0.2-6.el6.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-6.el6.noarch.rpm ror40-rubygem-activesupport-4.0.2-4.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: ror40-rubygem-actionpack-4.0.2-7.el6.src.rpm ror40-rubygem-activerecord-4.0.2-6.el6.src.rpm ror40-rubygem-activesupport-4.0.2-4.el6.src.rpm noarch: ror40-rubygem-actionpack-4.0.2-7.el6.noarch.rpm ror40-rubygem-actionpack-doc-4.0.2-7.el6.noarch.rpm ror40-rubygem-activerecord-4.0.2-6.el6.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-6.el6.noarch.rpm ror40-rubygem-activesupport-4.0.2-4.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: ror40-rubygem-actionpack-4.0.2-7.el6.src.rpm ror40-rubygem-activerecord-4.0.2-6.el6.src.rpm ror40-rubygem-activesupport-4.0.2-4.el6.src.rpm noarch: ror40-rubygem-actionpack-4.0.2-7.el6.noarch.rpm ror40-rubygem-actionpack-doc-4.0.2-7.el6.noarch.rpm ror40-rubygem-activerecord-4.0.2-6.el6.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-6.el6.noarch.rpm ror40-rubygem-activesupport-4.0.2-4.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: ror40-rubygem-actionpack-4.0.2-7.el6.src.rpm ror40-rubygem-activerecord-4.0.2-6.el6.src.rpm ror40-rubygem-activesupport-4.0.2-4.el6.src.rpm noarch: ror40-rubygem-actionpack-4.0.2-7.el6.noarch.rpm ror40-rubygem-actionpack-doc-4.0.2-7.el6.noarch.rpm ror40-rubygem-activerecord-4.0.2-6.el6.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-6.el6.noarch.rpm ror40-rubygem-activesupport-4.0.2-4.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v.7): Source: ror40-rubygem-actionpack-4.0.2-7.el7.src.rpm ror40-rubygem-activerecord-4.0.2-6.el7.src.rpm ror40-rubygem-activesupport-4.0.2-4.el7.src.rpm noarch: ror40-rubygem-actionpack-4.0.2-7.el7.noarch.rpm ror40-rubygem-actionpack-doc-4.0.2-7.el7.noarch.rpm ror40-rubygem-activerecord-4.0.2-6.el7.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-6.el7.noarch.rpm ror40-rubygem-activesupport-4.0.2-4.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: ror40-rubygem-actionpack-4.0.2-7.el7.src.rpm ror40-rubygem-activerecord-4.0.2-6.el7.src.rpm ror40-rubygem-activesupport-4.0.2-4.el7.src.rpm noarch: ror40-rubygem-actionpack-4.0.2-7.el7.noarch.rpm ror40-rubygem-actionpack-doc-4.0.2-7.el7.noarch.rpm ror40-rubygem-activerecord-4.0.2-6.el7.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-6.el7.noarch.rpm ror40-rubygem-activesupport-4.0.2-4.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: ror40-rubygem-actionpack-4.0.2-7.el7.src.rpm ror40-rubygem-activerecord-4.0.2-6.el7.src.rpm ror40-rubygem-activesupport-4.0.2-4.el7.src.rpm noarch: ror40-rubygem-actionpack-4.0.2-7.el7.noarch.rpm ror40-rubygem-actionpack-doc-4.0.2-7.el7.noarch.rpm ror40-rubygem-activerecord-4.0.2-6.el7.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-6.el7.noarch.rpm ror40-rubygem-activesupport-4.0.2-4.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: ror40-rubygem-actionpack-4.0.2-7.el7.src.rpm ror40-rubygem-activerecord-4.0.2-6.el7.src.rpm ror40-rubygem-activesupport-4.0.2-4.el7.src.rpm noarch: ror40-rubygem-actionpack-4.0.2-7.el7.noarch.rpm ror40-rubygem-actionpack-doc-4.0.2-7.el7.noarch.rpm ror40-rubygem-activerecord-4.0.2-6.el7.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-6.el7.noarch.rpm ror40-rubygem-activesupport-4.0.2-4.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2015-7576 https://access.redhat.com/security/cve/CVE-2015-7577 https://access.redhat.com/security/cve/CVE-2015-7581 https://access.redhat.com/security/cve/CVE-2016-0751 https://access.redhat.com/security/cve/CVE-2016-0752 https://access.redhat.com/security/cve/CVE-2016-2097 https://access.redhat.com/security/cve/CVE-2016-2098 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW6HlkXlSAg2UNWIIRAindAJ9VP+KYtZilJA/XoZL8FzoQHZJSogCdFN71 YtlQAe+4MAMi7OozuoMEAUM=4VHy -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Mar 15, 2016
•Important
Red Hat
89
security advisoryFedoracritical updateFedora 22 Security Update: Activerecord Critical Input Issue
Security fix for CVE-2015-7577 CVE-2016-0753. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-73fe05d878 2016-02-28 04:00:02.128519 -------------------------------------------------------------------------------- Name : rubygem-activerecord Product : Fedora 22 Version : 4.2.0 Release : 2.fc22 URL : https://rubyonrails.org/ Summary : Implements the ActiveRecord pattern for ORM Description : Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-7577 CVE-2016-0753 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1301973 - CVE-2016-0753 rubygem-activemodel, rubygem-activerecord: possible input validation circumvention in Active Model https://bugzilla.redhat.com/show_bug.cgi?id=1301973 [ 2 ] Bug #1301957 - CVE-2015-7577 rubygem-activerecord: Nested attributes rejection proc bypass in Active Record https://bugzilla.redhat.com/show_bug.cgi?id=1301957 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update rubygem-activerecord' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailinglist
Feb 28, 2016
•Critical
Fedora
98
security advisorymoderatesecurity updateRed Hat Software Collections 1 RHSA-2014:0877-01 Moderate SQL Injection
Updated ror40-rubygem-activerecord packages that fix one security issue are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ror40-rubygem-activerecord security update Advisory ID: RHSA-2014:0877-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2014:0877.html Issue date: 2014-07-14 CVE Names: CVE-2014-3483 ==================================================================== 1. Summary: Updated ror40-rubygem-activerecord packages that fix one security issue are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - noarch Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: Ruby on Rails is a model-view-controller (MVC) framework for web application development. Active Record implements object-relational mapping for accessing database entries using objects. It was discovered that Active Record did not properly quote values of the range type attributes when using the PostgreSQL database adapter. A remote attacker could possibly use thisflaw to conduct an SQL injection attack against applications using Active Record. (CVE-2014-3483) Red Hat would like to thank the Ruby on Rails project for reporting this issue. Upstream acknowledges Sean Griffin of thoughtbot as the original reporter. All ror40-rubygem-activerecord users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1114427 - CVE-2014-3483 rubygem-activerecord: SQL injection vulnerability in 'range' quoting 6. Package List: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6): Source: ror40-rubygem-activerecord-4.0.2-2.2.el6.src.rpm noarch: ror40-rubygem-activerecord-4.0.2-2.2.el6.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-2.2.el6.noarch.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4): Source: ror40-rubygem-activerecord-4.0.2-2.2.el6.src.rpm noarch: ror40-rubygem-activerecord-4.0.2-2.2.el6.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-2.2.el6.noarch.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6): Source: ror40-rubygem-activerecord-4.0.2-2.2.el6.src.rpm noarch: ror40-rubygem-activerecord-4.0.2-2.2.el6.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-2.2.el6.noarch.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7): Source: ror40-rubygem-activerecord-4.0.2-2.2.el7.src.rpm noarch: ror40-rubygem-activerecord-4.0.2-2.2.el7.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-2.2.el7.noarch.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v.7): Source: ror40-rubygem-activerecord-4.0.2-2.2.el7.src.rpm noarch: ror40-rubygem-activerecord-4.0.2-2.2.el7.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-2.2.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2014-3483 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTxAfAXlSAg2UNWIIRAkQKAKCRYPh8qfp3FQfg7EtMcxqYu/4CmACffRad WUW/kliuQ1Eb1ooMESP8I1M=vjjY -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jul 14, 2014
Red Hat
98
security advisorymoderatered hatRed Hat: RHSA-2014-0923-02 Critical XSS Vulnerability Detected
Updated ruby193-rubygem-activerecord packages that fix one security issue are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby193-rubygem-activerecord security update Advisory ID: RHSA-2014:0876-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2014:0876.html Issue date: 2014-07-14 CVE Names: CVE-2014-3482 ==================================================================== 1. Summary: Updated ruby193-rubygem-activerecord packages that fix one security issue are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - noarch Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: Ruby on Rails is a model-view-controller (MVC) framework for web application development. Active Record implements object-relational mapping for accessing database entries using objects. It was discovered that Active Record did not properly quote values of the bitstring type attributes when using the PostgreSQL database adapter. A remote attacker could possiblyuse this flaw to conduct an SQL injection attack against applications using Active Record. (CVE-2014-3482) Red Hat would like to thank the Ruby on Rails project for reporting this issue. Upstream acknowledges Sean Griffin of thoughtbot as the original reporter. All ruby193-rubygem-activerecord users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1114425 - CVE-2014-3482 rubygem-activerecord: SQL injection vulnerability in 'bitstring' quoting 6. Package List: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6): Source: ruby193-rubygem-activerecord-3.2.8-8.2.el6.src.rpm noarch: ruby193-rubygem-activerecord-3.2.8-8.2.el6.noarch.rpm ruby193-rubygem-activerecord-doc-3.2.8-8.2.el6.noarch.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4): Source: ruby193-rubygem-activerecord-3.2.8-8.2.el6.src.rpm noarch: ruby193-rubygem-activerecord-3.2.8-8.2.el6.noarch.rpm ruby193-rubygem-activerecord-doc-3.2.8-8.2.el6.noarch.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6): Source: ruby193-rubygem-activerecord-3.2.8-8.2.el6.src.rpm noarch: ruby193-rubygem-activerecord-3.2.8-8.2.el6.noarch.rpm ruby193-rubygem-activerecord-doc-3.2.8-8.2.el6.noarch.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7): Source: ruby193-rubygem-activerecord-3.2.8-8.2.el7.src.rpm noarch: ruby193-rubygem-activerecord-3.2.8-8.2.el7.noarch.rpm ruby193-rubygem-activerecord-doc-3.2.8-8.2.el7.noarch.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v.7): Source: ruby193-rubygem-activerecord-3.2.8-8.2.el7.src.rpm noarch: ruby193-rubygem-activerecord-3.2.8-8.2.el7.noarch.rpm ruby193-rubygem-activerecord-doc-3.2.8-8.2.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2014-3482 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTxAVWXlSAg2UNWIIRAgqjAJ0UyJJTHsSzIdnyAH/2MhBz3CxGGwCgwK26 JvOyNv3hzxhhCbREouVzR+o=L75G -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jul 14, 2014
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!