openSUSE-SU-2016:0790-1

Опубликовано: 16 мар. 2016

Источник: suse-cvrf

Описание

Security update for rubygem-actionview-4_2

This update for rubygem-actionview-4_2 fixes the following issues:

CVE-2016-2098: rubygem-actionpack: Possible remote code execution vulnerability in Action Pack (boo#968849)

Список пакетов

openSUSE Leap 42.1

ruby2.1-rubygem-actionview-4_2-4.2.4-9.1

ruby2.1-rubygem-actionview-doc-4_2-4.2.4-9.1

rubygem-actionview-4_2-4.2.4-9.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html
E-Mail link for openSUSE-SU-2016:0790-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

Затронутые продукты

openSUSE Leap 42.1:ruby2.1-rubygem-actionview-4_2-4.2.4-9.1

openSUSE Leap 42.1:ruby2.1-rubygem-actionview-doc-4_2-4.2.4-9.1

openSUSE Leap 42.1:rubygem-actionview-4_2-4.2.4-9.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-2098.html
CVE-2016-2098
https://bugzilla.suse.com/968849
SUSE Bug 968849
https://bugzilla.suse.com/993313
SUSE Bug 993313

openSUSE-SU-2016:0790-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2016-2098

Описание

Затронутые продукты

Ссылки