Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 523
Alerts This Week
Warning Icon 1 523

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 17 articles for you...
202

openSUSE Tumbleweed 2025:15117-1 moderate Ruby3.4 Update for JQuery-Rails

An update that solves one vulnerability can now be installed.. # ruby3.4-rubygem-jquery-rails-4.6.0-1.7 on GA media Announcement ID: openSUSE-SU-2025:15117-1 Rating: moderate Cross-References: * CVE-2015-1840 Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the ruby3.4-rubygem-jquery-rails-4.6.0-1.7 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * ruby3.4-rubygem-jquery-rails 4.6.0-1.7 ## References: * https://www.suse.com/security/cve/CVE-2015-1840.html . The latest OpenSUSE Tumbleweed includes an update for ruby3.4-rubygem-jquery-rails that addresses a significant security vulnerability. Read more for full details.. openSUSE Tumbleweed, ruby3.4-rubygem, jquery-rails, moderate security update. . LinuxSecurity.com Team

Calendar%202 May 18, 2025 OpenSUSE
87

Debian: DSA-5881-1: rails Security Advisory Updates

Multiple security issues were discovered in the Rails web framework which could result cross-site scripting, information disclosure, denial of service or bypass of content security policies. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5881-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff March 17, 2025 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : rails CVE ID : CVE-2023-28362 CVE-2023-38037 CVE-2024-26144 CVE-2024-28103 CVE-2024-41128 CVE-2024-47887 CVE-2024-47888 CVE-2024-47889 CVE-2024-54133 Multiple security issues were discovered in the Rails web framework which could result cross-site scripting, information disclosure, denial of service or bypass of content security policies. For the stable distribution (bookworm), these problems have been fixed in version 2:6.1.7.10+dfsg-1~deb12u1. We recommend that you upgrade your rails packages. For the detailed security status of rails please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/rails Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Multiple issues in the Rails framework lead to XSS, information leaks, and service disruptions. Update recommended.. security, rails, framework, which, cross-site. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Mar 17, 2025 Important Debian
172

Ubuntu 22.04 LTS USN-7290-1 High: Rails DoS Issues and Fix Instructions

Several security issues were fixed in Rails.. ========================================================================== Ubuntu Security Notice USN-7290-1 February 25, 2025 rails vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Rails. Software Description: - rails: MVC ruby based framework geared for web application development ( Details: It was discovered that Rails did not correctly handle parsing block formats in email service layers. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-47889) It was discovered that Rails did not correctly handle parsing block quotes in rich text content. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2024-47888) It was discovered that Rails did not correctly handle parsing HTTP token authentication headers. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-47887) It was discovered that Rails did not correctly handle parsing query parameters in web requests. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-41128) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS rails 2:6.1.4.1+dfsg-8ubuntu2+esm1 Available with Ubuntu Pro ruby-actionmailer 2:6.1.4.1+dfsg-8ubuntu2+esm1 Available with Ubuntu Pro ruby-actionpack 2:6.1.4.1+dfsg-8ubuntu2+esm1 Available with Ubuntu Pro ruby-actiontext 2:6.1.4.1+dfsg-8ubuntu2+esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS rails 2:5.2.3+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro ruby-actionmailer 2:5.2.3+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro ruby-actionpack 2:5.2.3+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS rails 2:4.2.10-0ubuntu4+esm1 Available with Ubuntu Pro ruby-actionmailer 2:4.2.10-0ubuntu4+esm1 Available with Ubuntu Pro ruby-actionpack 2:4.2.10-0ubuntu4+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS rails 2:4.2.6-1ubuntu0.1~esm1 Available with Ubuntu Pro ruby-actionpack 2:4.2.6-1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7290-1 CVE-2024-41128, CVE-2024-47887, CVE-2024-47888, CVE-2024-47889 . Critical Rails vulnerabilities in Ubuntu 16.04-22.04 pose a DoS threat. Update your system and upgrade Rails to protect against potential attacks. Rails Security Advisory, Ubuntu Updates, Denial of Service, Software Vulnerability. . LinuxSecurity.com Team

Calendar%202 Feb 25, 2025 Ubuntu
202

openSUSE Tumbleweed: 2025:14679-1 moderate: ruby3.4-rubygem-rails update

An update that solves one vulnerability can now be installed.. # ruby3.4-rubygem-rails-8.0-8.0.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:14679-1 Rating: moderate Cross-References: * CVE-2024-54133 Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the ruby3.4-rubygem-rails-8.0-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * ruby3.4-rubygem-rails-8.0 8.0.1-1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-54133.html . Cautious security bulletin for ruby3.4-rubygem-rails-8.0-8.0.2-1.1 on openSUSE Tumbleweed targeting an urgent vulnerability.. openSUSE Tumbleweed,ruby3.4,security update,moderate. . LinuxSecurity.com Team

Calendar%202 Jan 22, 2025 OpenSUSE
87

Debian Security Advisory DSA-5389-1 Addresses Critical XSS in Rails

Brief introduction Two vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could lead to XSS and DOM based . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5389-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Aron Xu April 14, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : rails CVE ID : CVE-2023-23913 CVE-2023-28120 Debian Bug : 1033262 1033263 Brief introduction Two vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could lead to XSS and DOM based cross-site scripting (CRS). This update also fixes a regression introduced in previous update that may block certain access for apps using development environment. For the stable distribution (bullseye), these problems have been fixed in version 2:6.0.3.7+dfsg-2+deb11u2. We recommend that you upgrade your rails packages. For the detailed security status of rails please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/rails Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Enhance your Debian system's security against XSS and DOM vulnerabilities by upgrading Rails following these steps for patch DSA-5389-1, issued April 14, 2023. Debian Rails Security, XSS Exploits, Server-side Framework Threats, DOM Risks, Rails Updates. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Apr 14, 2023 Critical Debian
87

Debian DSA-5372-1 Urgent Security Advisory: Rails XSS and Data Threats

Multiple vunerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could result in XSS, data disclosure and open redirect. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5372-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Aron Xu March 13, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : rails CVE ID : CVE-2021-22942 CVE-2021-44528 CVE-2022-21831 CVE-2022-22577 CVE-2022-23633 CVE-2022-27777 CVE-2023-22792 CVE-2023-22794 CVE-2023-22795 CVE-2023-22796 Debian Bug : 992586 1001817 1011940 1011941 1005389 1016982 1030050 Multiple vunerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could result in XSS, data disclosure and open redirect. For the stable distribution (bullseye), these problems have been fixed in version 2:6.0.3.7+dfsg-2+deb11u1. We recommend that you upgrade your rails packages. For the detailed security status of rails please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/rails Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . The Debian Advisory DSA-5372-1 highlights various security flaws within rails that could compromise both integrity and performance.. Debian Rails Update, Web Application Security, Ruby Framework Security. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Mar 13, 2023 Critical Debian
197

Debian 10 Buster DLA-3093-2 Critical: Rails Regression Issue

The security update announced as DLA 3093-1 which included fix for CVE-2022-32224 caused a regression due to incompatibility with ruby 2.5 version. We have dropped aforementioned fix. Updated rails packages are now available. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3093-2 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Abhijith PA September 15, 2022 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : rails Version : 2:5.2.2.1+dfsg-1+deb10u5 The security update announced as DLA 3093-1 which included fix for CVE-2022-32224 caused a regression due to incompatibility with ruby 2.5 version. We have dropped aforementioned fix. Updated rails packages are now available. For Debian 10 buster, this problem has been fixed in version 2:5.2.2.1+dfsg-1+deb10u5. We recommend that you upgrade your rails packages. For the detailed security status of rails please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/rails Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS DLA-3100-1 resolves a security flaw related to the apache2 package, caused by improper configuration settings.. Debian LTS Advisory,Rails Update,Ruby Compatibility,Security Update. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Sep 15, 2022 Critical Debian LTS
197

Debian 10 Buster: DLA-3093-1 Moderate Rails Code Injection and XSS

The following vulnerabilities have been discovered in rails, a ruby based MVC frame work for web development. CVE-2022-21831 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3093-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Abhijith PA September 03, 2022 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : rails Version : 2:5.2.2.1+dfsg-1+deb10u4 CVE ID : CVE-2022-21831 CVE-2022-22577 CVE-2022-23633 CVE-2022-27777 CVE-2022-32224 The following vulnerabilities have been discovered in rails, a ruby based MVC frame work for web development. CVE-2022-21831 A code injection vulnerability exists in the Active Storage that could allow an attacker to execute code via image_processing arguments. CVE-2022-22577 An XSS Vulnerability in Action Pack that could allow an attacker to bypass CSP for non HTML like responses. CVE-2022-23633 Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests. CVE-2022-27777 A XSS Vulnerability in Action View tag helpers which would allow an attacker to inject content if able to control input into specific attributes. CVE-2022-32224 When serialized columns that use YAML (the default) are deserialized, Rails uses YAML.unsafe_load to convert the YAML data in to Ruby objects. If an attacker can manipulate data in the database (via means like SQL injection), then it may be possible for the attacker to escalate to an RCE. For Debian 10 buster, these problems have been fixed inversion 2:5.2.2.1+dfsg-1+deb10u4. We recommend that you upgrade your rails packages. For the detailed security status of rails please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/rails Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Advisory DLA-3094-1 tackles significant vulnerabilities in OpenSSL, focusing on potential denial of service and memory corruption risks.. Debian LTS, Rails Security Update, Code Injection Fix, XSS Attack Mitigation. . LinuxSecurity.com Team

Calendar%202 Sep 03, 2022 Debian LTS
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200