Opensuse; N/A. Company policy requires: This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -----Original Message----- From: opensuse-security@opensuse.org [mailto:opensuse-security@opensuse.org] Sent: Thursday, August 09, 2012 9:09 AM To: opensuse-security-announce@opensuse.org Subject: [security-announce] openSUSE-SU-2012:0978-1: important: rubygem-actionpack/activerecord-2_3 openSUSE Security Update: rubygem-actionpack/activerecord-2_3 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0978-1 Rating: important References: #765097 #766792 Cross-References: CVE-2012-2660 CVE-2012-2694 CVE-2012-2695 Affected Products: openSUSE 12.1 openSUSE 11.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: 3 Security issues were fixed in rails 2.3 core components. 2 NULL query issues where fixed in the actionpack gem. 1 SQL injection was fixed in the activerecord gem. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-508 - openSUSE 11.4: zypper in -t patch openSUSE-2012-508 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): rubygem-actionpack-2_3-2.3.14-3.8.1 rubygem-actionpack-2_3-doc-2.3.14-3.8.1 rubygem-actionpack-2_3-testsuite-2.3.14-3.8.1 rubygem-activerecord-2_3-2.3.14-3.8.1 rubygem-activerecord-2_3-doc-2.3.14-3.8.1 rubygem-activerecord-2_3-testsuite-2.3.14-3.8.1 - openSUSE 11.4 (i586 x86_64): rubygem-actionpack-2_3-2.3.14-0.16.1 rubygem-actionpack-2_3-doc-2.3.14-0.16.1 rubygem-actionpack-2_3-testsuite-2.3.14-0.16.1 rubygem-activerecord-2_3-2.3.14-0.16.1 rubygem-activerecord-2_3-doc-2.3.14-0.16.1 rubygem-activerecord-2_3-testsuite-2.3.14-0.16.1 References: http://support.novell.com/security/cve/CVE-2012-2660.html http://support.novell.com/security/cve/CVE-2012-2694.html http://support.novell.com/security/cve/CVE-2012-2695.html https://bugzilla.novell.com/765097 https://bugzilla.novell.com/766792 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org