openSUSE-SU-2013:0278-1 -- Suse rubyID: oval:org.secpod.oval:def:400486 | Date: (C)2013-04-01 (M)2024-02-19 |
Class: PATCH | Family: unix |
This update updates the RubyOnRails 2.3 stack to 2.3.16, also this update updates the RubyOnRails 3.2 stack to 3.2.11. Security and bugfixes were done, foremost: CVE-2013-0333: A JSON sql/code injection problem was fixed. CVE-2012-5664: A SQL Injection Vulnerability in Active Record was fixed. CVE-2012-2695: A SQL injection via nested hashes in conditions was fixed. CVE-2013-0155: Unsafe Query Generation Risk in Ruby on Rails was fixed. CVE-2013-0156: Multiple vulnerabilities in parameter parsing in Action Pack were fixed.
Platform: |
openSUSE 12.2 |
openSUSE 12.1 |