Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves one vulnerability can now be installed.. # ruby3.4-rubygem-jquery-rails-4.6.0-1.7 on GA media Announcement ID: openSUSE-SU-2025:15117-1 Rating: moderate Cross-References: * CVE-2015-1840 Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the ruby3.4-rubygem-jquery-rails-4.6.0-1.7 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * ruby3.4-rubygem-jquery-rails 4.6.0-1.7 ## References: * https://www.suse.com/security/cve/CVE-2015-1840.html . The latest OpenSUSE Tumbleweed includes an update for ruby3.4-rubygem-jquery-rails that addresses a significant security vulnerability. Read more for full details.. openSUSE Tumbleweed, ruby3.4-rubygem, jquery-rails, moderate security update. . LinuxSecurity.com Team
Multiple security issues were discovered in the Rails web framework which could result cross-site scripting, information disclosure, denial of service or bypass of content security policies. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5881-1
Several security issues were fixed in Rails.. ========================================================================== Ubuntu Security Notice USN-7290-1 February 25, 2025 rails vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Rails. Software Description: - rails: MVC ruby based framework geared for web application development ( Details: It was discovered that Rails did not correctly handle parsing block formats in email service layers. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-47889) It was discovered that Rails did not correctly handle parsing block quotes in rich text content. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2024-47888) It was discovered that Rails did not correctly handle parsing HTTP token authentication headers. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-47887) It was discovered that Rails did not correctly handle parsing query parameters in web requests. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-41128) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS rails 2:6.1.4.1+dfsg-8ubuntu2+esm1 Available with Ubuntu Pro ruby-actionmailer 2:6.1.4.1+dfsg-8ubuntu2+esm1 Available with Ubuntu Pro ruby-actionpack 2:6.1.4.1+dfsg-8ubuntu2+esm1 Available with Ubuntu Pro ruby-actiontext 2:6.1.4.1+dfsg-8ubuntu2+esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS rails 2:5.2.3+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro ruby-actionmailer 2:5.2.3+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro ruby-actionpack 2:5.2.3+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS rails 2:4.2.10-0ubuntu4+esm1 Available with Ubuntu Pro ruby-actionmailer 2:4.2.10-0ubuntu4+esm1 Available with Ubuntu Pro ruby-actionpack 2:4.2.10-0ubuntu4+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS rails 2:4.2.6-1ubuntu0.1~esm1 Available with Ubuntu Pro ruby-actionpack 2:4.2.6-1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7290-1 CVE-2024-41128, CVE-2024-47887, CVE-2024-47888, CVE-2024-47889 . Critical Rails vulnerabilities in Ubuntu 16.04-22.04 pose a DoS threat. Update your system and upgrade Rails to protect against potential attacks. Rails Security Advisory, Ubuntu Updates, Denial of Service, Software Vulnerability. . LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # ruby3.4-rubygem-rails-8.0-8.0.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:14679-1 Rating: moderate Cross-References: * CVE-2024-54133 Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the ruby3.4-rubygem-rails-8.0-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * ruby3.4-rubygem-rails-8.0 8.0.1-1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-54133.html . Cautious security bulletin for ruby3.4-rubygem-rails-8.0-8.0.2-1.1 on openSUSE Tumbleweed targeting an urgent vulnerability.. openSUSE Tumbleweed,ruby3.4,security update,moderate. . LinuxSecurity.com Team
Brief introduction Two vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could lead to XSS and DOM based . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5389-1
Multiple vunerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could result in XSS, data disclosure and open redirect. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5372-1
The security update announced as DLA 3093-1 which included fix for CVE-2022-32224 caused a regression due to incompatibility with ruby 2.5 version. We have dropped aforementioned fix. Updated rails packages are now available. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3093-2
The following vulnerabilities have been discovered in rails, a ruby based MVC frame work for web development. CVE-2022-21831 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3093-1
Get the latest Linux and open source security news straight to your inbox.