[security-announce] openSUSE-SU-2013:0278-1: important: ruby on rails to 2.3.16

news · February 12, 2013

openSUSE Security Update: ruby on rails to 2.3.16

______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:0278-1

Rating: important

References: #766792 #775649 #775653 #796712 #797449 #797452

#798452 #798458 #800320

Cross-References: CVE-2012-2695 CVE-2012-5664 CVE-2013-0155

CVE-2013-0156 CVE-2013-0333

Affected Products:

openSUSE 12.2

openSUSE 12.1

______________________________________________________________________________

An update that solves 5 vulnerabilities and has four fixes

is now available.

Description:

This update updates the RubyOnRails 2.3 stack to 2.3.16,

also this update updates the RubyOnRails 3.2 stack to

3.2.11.

Security and bugfixes were done, foremost: CVE-2013-0333: A

JSON sql/code injection problem was fixed. CVE-2012-5664: A

SQL Injection Vulnerability in Active Record was fixed.

CVE-2012-2695: A SQL injection via nested hashes in

conditions was fixed. CVE-2013-0155: Unsafe Query

Generation Risk in Ruby on Rails was fixed. CVE-2013-0156:

Multiple vulnerabilities in parameter parsing in Action

Pack were fixed.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-106

- openSUSE 12.1:

zypper in -t patch openSUSE-2013-106

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 12.2 (i586 x86_64):

rubygem-actionmailer-2_3-2.3.16-2.5.3

rubygem-actionmailer-2_3-doc-2.3.16-2.5.3

rubygem-actionmailer-2_3-testsuite-2.3.16-2.5.3

rubygem-actionmailer-3_2-3.2.11-2.9.5

rubygem-actionmailer-3_2-doc-3.2.11-2.9.5

rubygem-actionpack-2_3-2.3.16-2.13.3

rubygem-actionpack-2_3-doc-2.3.16-2.13.3

rubygem-actionpack-2_3-testsuite-2.3.16-2.13.3

rubygem-actionpack-3_2-3.2.11-3.9.4

rubygem-actionpack-3_2-doc-3.2.11-3.9.4

rubygem-activemodel-3_2-3.2.11-2.9.2

rubygem-activemodel-3_2-doc-3.2.11-2.9.2

rubygem-activerecord-2_3-2.3.16-2.9.2

rubygem-activerecord-2_3-doc-2.3.16-2.9.2

rubygem-activerecord-2_3-testsuite-2.3.16-2.9.2

rubygem-activerecord-3_2-3.2.11-2.9.1

rubygem-activerecord-3_2-doc-3.2.11-2.9.1

rubygem-activeresource-2_3-2.3.16-2.5.2

rubygem-activeresource-2_3-doc-2.3.16-2.5.2

rubygem-activeresource-2_3-testsuite-2.3.16-2.5.2

rubygem-activeresource-3_2-3.2.11-2.9.1

rubygem-activeresource-3_2-doc-3.2.11-2.9.1

rubygem-activesupport-2_3-2.3.16-3.9.1

rubygem-activesupport-2_3-doc-2.3.16-3.9.1

rubygem-activesupport-3_2-3.2.11-2.9.1

rubygem-activesupport-3_2-doc-3.2.11-2.9.1

rubygem-rack-1_1-1.1.5-6.5.1

rubygem-rack-1_1-doc-1.1.5-6.5.1

rubygem-rack-1_1-testsuite-1.1.5-6.5.1

rubygem-rack-1_2-1.2.7-2.5.1

rubygem-rack-1_2-doc-1.2.7-2.5.1

rubygem-rack-1_2-testsuite-1.2.7-2.5.1

rubygem-rack-1_3-1.3.9-2.5.1

rubygem-rack-1_3-doc-1.3.9-2.5.1

rubygem-rack-1_3-testsuite-1.3.9-2.5.1

rubygem-rack-1_4-1.4.1-2.5.1

rubygem-rack-1_4-doc-1.4.1-2.5.1

rubygem-rack-1_4-testsuite-1.4.1-2.5.1

rubygem-rails-2_3-2.3.16-3.5.1

rubygem-rails-2_3-doc-2.3.16-3.5.1

rubygem-rails-3_2-3.2.11-2.9.1

rubygem-rails-3_2-doc-3.2.11-2.9.1

rubygem-railties-3_2-3.2.11-2.9.1

rubygem-railties-3_2-doc-3.2.11-2.9.1

rubygem-sprockets-2_2-2.2.2-2.2

rubygem-sprockets-2_2-doc-2.2.2-2.2

- openSUSE 12.2 (noarch):

rubygem-actionmailer-2.3.16-2.5.1

rubygem-actionpack-2.3.16-2.5.1

rubygem-activerecord-2.3.16-3.5.1

rubygem-activeresource-2.3.16-3.5.1

rubygem-activesupport-2.3.16-3.5.1

rubygem-rails-2.3.16-3.5.1

- openSUSE 12.1 (i586 x86_64):

rubygem-actionmailer-2_3-2.3.16-3.9.3

rubygem-actionmailer-2_3-doc-2.3.16-3.9.3

rubygem-actionmailer-2_3-testsuite-2.3.16-3.9.3

rubygem-actionpack-2_3-2.3.16-3.16.2

rubygem-actionpack-2_3-doc-2.3.16-3.16.2

rubygem-actionpack-2_3-testsuite-2.3.16-3.16.2

rubygem-activerecord-2_3-2.3.16-3.12.2

rubygem-activerecord-2_3-doc-2.3.16-3.12.2

rubygem-activerecord-2_3-testsuite-2.3.16-3.12.2

rubygem-activeresource-2_3-2.3.16-3.9.2

rubygem-activeresource-2_3-doc-2.3.16-3.9.2

rubygem-activeresource-2_3-testsuite-2.3.16-3.9.2

rubygem-activesupport-2_3-2.3.16-3.13.1

rubygem-activesupport-2_3-doc-2.3.16-3.13.1

rubygem-rack-1_1-1.1.5-3.5.1

rubygem-rack-1_1-doc-1.1.5-3.5.1

rubygem-rack-1_1-testsuite-1.1.5-3.5.1

rubygem-rails-2_3-2.3.16-3.9.1

rubygem-rails-2_3-doc-2.3.16-3.9.1

- openSUSE 12.1 (noarch):

rubygem-actionmailer-2.3.16-2.7.1

rubygem-actionpack-2.3.16-2.7.1

rubygem-activerecord-2.3.16-2.7.1

rubygem-activeresource-2.3.16-2.7.1

rubygem-activesupport-2.3.16-2.7.1

rubygem-rails-2.3.16-2.7.1

References:

http://support.novell.com/security/cve/CVE-2012-2695.html

http://support.novell.com/security/cve/CVE-2012-5664.html

http://support.novell.com/security/cve/CVE-2013-0155.html

http://support.novell.com/security/cve/CVE-2013-0156.html

http://support.novell.com/security/cve/CVE-2013-0333.html

https://bugzilla.novell.com/766792

https://bugzilla.novell.com/775649

https://bugzilla.novell.com/775653

https://bugzilla.novell.com/796712

https://bugzilla.novell.com/797449

https://bugzilla.novell.com/797452

https://bugzilla.novell.com/798452

https://bugzilla.novell.com/798458

https://bugzilla.novell.com/800320

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

Sign In

[security-announce] openSUSE-SU-2013:0278-1: important: ruby on rails to 2.3.16

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity