Mailinglist Archive: opensuse-security-announce (36 mails)

< Previous Next >
[security-announce] openSUSE-SU-2013:0278-1: important: ruby on rails to 2.3.16
openSUSE Security Update: ruby on rails to 2.3.16
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:0278-1
Rating: important
References: #766792 #775649 #775653 #796712 #797449 #797452
#798452 #798458 #800320
Cross-References: CVE-2012-2695 CVE-2012-5664 CVE-2013-0155
CVE-2013-0156 CVE-2013-0333
Affected Products:
openSUSE 12.2
openSUSE 12.1
______________________________________________________________________________

An update that solves 5 vulnerabilities and has four fixes
is now available.

Description:


This update updates the RubyOnRails 2.3 stack to 2.3.16,
also this update updates the RubyOnRails 3.2 stack to
3.2.11.

Security and bugfixes were done, foremost: CVE-2013-0333: A
JSON sql/code injection problem was fixed. CVE-2012-5664: A
SQL Injection Vulnerability in Active Record was fixed.
CVE-2012-2695: A SQL injection via nested hashes in
conditions was fixed. CVE-2013-0155: Unsafe Query
Generation Risk in Ruby on Rails was fixed. CVE-2013-0156:
Multiple vulnerabilities in parameter parsing in Action
Pack were fixed.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-106

- openSUSE 12.1:

zypper in -t patch openSUSE-2013-106

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.2 (i586 x86_64):

rubygem-actionmailer-2_3-2.3.16-2.5.3
rubygem-actionmailer-2_3-doc-2.3.16-2.5.3
rubygem-actionmailer-2_3-testsuite-2.3.16-2.5.3
rubygem-actionmailer-3_2-3.2.11-2.9.5
rubygem-actionmailer-3_2-doc-3.2.11-2.9.5
rubygem-actionpack-2_3-2.3.16-2.13.3
rubygem-actionpack-2_3-doc-2.3.16-2.13.3
rubygem-actionpack-2_3-testsuite-2.3.16-2.13.3
rubygem-actionpack-3_2-3.2.11-3.9.4
rubygem-actionpack-3_2-doc-3.2.11-3.9.4
rubygem-activemodel-3_2-3.2.11-2.9.2
rubygem-activemodel-3_2-doc-3.2.11-2.9.2
rubygem-activerecord-2_3-2.3.16-2.9.2
rubygem-activerecord-2_3-doc-2.3.16-2.9.2
rubygem-activerecord-2_3-testsuite-2.3.16-2.9.2
rubygem-activerecord-3_2-3.2.11-2.9.1
rubygem-activerecord-3_2-doc-3.2.11-2.9.1
rubygem-activeresource-2_3-2.3.16-2.5.2
rubygem-activeresource-2_3-doc-2.3.16-2.5.2
rubygem-activeresource-2_3-testsuite-2.3.16-2.5.2
rubygem-activeresource-3_2-3.2.11-2.9.1
rubygem-activeresource-3_2-doc-3.2.11-2.9.1
rubygem-activesupport-2_3-2.3.16-3.9.1
rubygem-activesupport-2_3-doc-2.3.16-3.9.1
rubygem-activesupport-3_2-3.2.11-2.9.1
rubygem-activesupport-3_2-doc-3.2.11-2.9.1
rubygem-rack-1_1-1.1.5-6.5.1
rubygem-rack-1_1-doc-1.1.5-6.5.1
rubygem-rack-1_1-testsuite-1.1.5-6.5.1
rubygem-rack-1_2-1.2.7-2.5.1
rubygem-rack-1_2-doc-1.2.7-2.5.1
rubygem-rack-1_2-testsuite-1.2.7-2.5.1
rubygem-rack-1_3-1.3.9-2.5.1
rubygem-rack-1_3-doc-1.3.9-2.5.1
rubygem-rack-1_3-testsuite-1.3.9-2.5.1
rubygem-rack-1_4-1.4.1-2.5.1
rubygem-rack-1_4-doc-1.4.1-2.5.1
rubygem-rack-1_4-testsuite-1.4.1-2.5.1
rubygem-rails-2_3-2.3.16-3.5.1
rubygem-rails-2_3-doc-2.3.16-3.5.1
rubygem-rails-3_2-3.2.11-2.9.1
rubygem-rails-3_2-doc-3.2.11-2.9.1
rubygem-railties-3_2-3.2.11-2.9.1
rubygem-railties-3_2-doc-3.2.11-2.9.1
rubygem-sprockets-2_2-2.2.2-2.2
rubygem-sprockets-2_2-doc-2.2.2-2.2

- openSUSE 12.2 (noarch):

rubygem-actionmailer-2.3.16-2.5.1
rubygem-actionpack-2.3.16-2.5.1
rubygem-activerecord-2.3.16-3.5.1
rubygem-activeresource-2.3.16-3.5.1
rubygem-activesupport-2.3.16-3.5.1
rubygem-rails-2.3.16-3.5.1

- openSUSE 12.1 (i586 x86_64):

rubygem-actionmailer-2_3-2.3.16-3.9.3
rubygem-actionmailer-2_3-doc-2.3.16-3.9.3
rubygem-actionmailer-2_3-testsuite-2.3.16-3.9.3
rubygem-actionpack-2_3-2.3.16-3.16.2
rubygem-actionpack-2_3-doc-2.3.16-3.16.2
rubygem-actionpack-2_3-testsuite-2.3.16-3.16.2
rubygem-activerecord-2_3-2.3.16-3.12.2
rubygem-activerecord-2_3-doc-2.3.16-3.12.2
rubygem-activerecord-2_3-testsuite-2.3.16-3.12.2
rubygem-activeresource-2_3-2.3.16-3.9.2
rubygem-activeresource-2_3-doc-2.3.16-3.9.2
rubygem-activeresource-2_3-testsuite-2.3.16-3.9.2
rubygem-activesupport-2_3-2.3.16-3.13.1
rubygem-activesupport-2_3-doc-2.3.16-3.13.1
rubygem-rack-1_1-1.1.5-3.5.1
rubygem-rack-1_1-doc-1.1.5-3.5.1
rubygem-rack-1_1-testsuite-1.1.5-3.5.1
rubygem-rails-2_3-2.3.16-3.9.1
rubygem-rails-2_3-doc-2.3.16-3.9.1

- openSUSE 12.1 (noarch):

rubygem-actionmailer-2.3.16-2.7.1
rubygem-actionpack-2.3.16-2.7.1
rubygem-activerecord-2.3.16-2.7.1
rubygem-activeresource-2.3.16-2.7.1
rubygem-activesupport-2.3.16-2.7.1
rubygem-rails-2.3.16-2.7.1


References:

http://support.novell.com/security/cve/CVE-2012-2695.html
http://support.novell.com/security/cve/CVE-2012-5664.html
http://support.novell.com/security/cve/CVE-2013-0155.html
http://support.novell.com/security/cve/CVE-2013-0156.html
http://support.novell.com/security/cve/CVE-2013-0333.html
https://bugzilla.novell.com/766792
https://bugzilla.novell.com/775649
https://bugzilla.novell.com/775653
https://bugzilla.novell.com/796712
https://bugzilla.novell.com/797449
https://bugzilla.novell.com/797452
https://bugzilla.novell.com/798452
https://bugzilla.novell.com/798458
https://bugzilla.novell.com/800320

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages