SuSE Update For Ruby OpenSUSE-SU-2013:0278-1 (ruby) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

This update updates the RubyOnRails 2.3 stack to 2.3.16, also this update updates the RubyOnRails 3.2 stack to 3.2.11. Security and bugfixes were done, foremost: CVE-2013-0333: A JSON sql/code injection problem was fixed. CVE-2012-5664: A SQL Injection Vulnerability in Active Record was fixed. CVE-2012-2695: A SQL injection via nested hashes in conditions was fixed. CVE-2013-0155: Unsafe Query Generation Risk in Ruby on Rails was fixed. CVE-2013-0156: Multiple vulnerabilities in parameter parsing in Action Pack were fixed.

Affected

ruby on openSUSE 12.1

References

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00003.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2695, CVE-2012-5664, CVE-2013-0155, CVE-2013-0156, CVE-2013-0333

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

SLES10: Security update for Kerberos
SLES10: Security update for libsoup
SLES10: Security update for IBM Java 5
SLES10: Security update for GnuTLS
SLES10: Security update for id3lib

SuSE Update for ruby openSUSE-SU-2013:0278-1 (ruby)

Take action and discover your vulnerabilities