Mailinglist Archive: opensuse-security (26 mails)

< Previous Next >
[opensuse-security] RE: [security-announce] openSUSE-SU-2012:0978-1: important: rubygem-actionpack/activerecord-2_3
Opensuse; N/A.

Company policy requires: This message may contain confidential and/or
privileged information. If you are not the addressee or authorized to receive
this for the addressee, you must not use, copy, disclose, or take any action
based on this message or any information herein. If you have received this
message in error, please advise the sender immediately by reply e-mail and
delete this message. Thank you for your cooperation.


-----Original Message-----
From: opensuse-security@xxxxxxxxxxxx [mailto:opensuse-security@xxxxxxxxxxxx]
Sent: Thursday, August 09, 2012 9:09 AM
To: opensuse-security-announce@xxxxxxxxxxxx
Subject: [security-announce] openSUSE-SU-2012:0978-1: important:
rubygem-actionpack/activerecord-2_3

openSUSE Security Update: rubygem-actionpack/activerecord-2_3
______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:0978-1
Rating: important
References: #765097 #766792
Cross-References: CVE-2012-2660 CVE-2012-2694 CVE-2012-2695

Affected Products:
openSUSE 12.1
openSUSE 11.4
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

3 Security issues were fixed in rails 2.3 core components.

2 NULL query issues where fixed in the actionpack gem. 1
SQL injection was fixed in the activerecord gem.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.1:

zypper in -t patch openSUSE-2012-508

- openSUSE 11.4:

zypper in -t patch openSUSE-2012-508

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.1 (i586 x86_64):

rubygem-actionpack-2_3-2.3.14-3.8.1
rubygem-actionpack-2_3-doc-2.3.14-3.8.1
rubygem-actionpack-2_3-testsuite-2.3.14-3.8.1
rubygem-activerecord-2_3-2.3.14-3.8.1
rubygem-activerecord-2_3-doc-2.3.14-3.8.1
rubygem-activerecord-2_3-testsuite-2.3.14-3.8.1

- openSUSE 11.4 (i586 x86_64):

rubygem-actionpack-2_3-2.3.14-0.16.1
rubygem-actionpack-2_3-doc-2.3.14-0.16.1
rubygem-actionpack-2_3-testsuite-2.3.14-0.16.1
rubygem-activerecord-2_3-2.3.14-0.16.1
rubygem-activerecord-2_3-doc-2.3.14-0.16.1
rubygem-activerecord-2_3-testsuite-2.3.14-0.16.1


References:

http://support.novell.com/security/cve/CVE-2012-2660.html
http://support.novell.com/security/cve/CVE-2012-2694.html
http://support.novell.com/security/cve/CVE-2012-2695.html
https://bugzilla.novell.com/765097
https://bugzilla.novell.com/766792

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages