Gentoo Security Advisory GLSA 200912-02 (rails) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200912-02.

Solution

All Ruby on Rails 2.3.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-ruby/rails-2.3.5' All Ruby on Rails 2.2.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '=dev-ruby/rails-2.2.3-r1' NOTE: All applications using Ruby on Rails should also be configured to use the latest version available by running 'rake rails:update' inside the application directory. http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200912-02 http://bugs.gentoo.org/show_bug.cgi?id=200159 http://bugs.gentoo.org/show_bug.cgi?id=237385 http://bugs.gentoo.org/show_bug.cgi?id=247549 http://bugs.gentoo.org/show_bug.cgi?id=276279 http://bugs.gentoo.org/show_bug.cgi?id=283396 http://bugs.gentoo.org/show_bug.cgi?id=294797 http://www.gentoo.org/security/en/glsa/glsa-200711-17.xml

Insight

Multiple vulnerabilities have been discovered in Rails, the worst of which leading to the execution of arbitrary SQL statements.

Severity

Classification

CVE CVE-2007-5380, CVE-2007-6077, CVE-2008-4094, CVE-2008-7248, CVE-2009-2422, CVE-2009-3009, CVE-2009-3086, CVE-2009-4214

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Take action and discover your vulnerabilities