Gentoo Linux Security Advisory 201412-28 - Multiple vulnerabilities were found in Ruby on Rails, the worst of which allowing for execution of arbitrary code. Versions less than 2.3.18 are affected.
76dc0b7e4c9e8b791f80a766fcc8ca7f6bcd6698fbd68637fd46c0e03c25cb62Apple Security Advisory 2013-06-04-1 - OS X Mountain Lion version 10.8.4 and Security Update 2013-002 is now available and addresses over 30 security issues.
29c85f7c4991f40f099be32dac2f2a9438a7fc5388a3ae3de429d2a6ba9bb431Red Hat Security Advisory 2013-0582-01 - OpenShift Enterprise is a cloud computing Platform-as-a-Service solution from Red Hat, and is designed for on-premise or private cloud deployments. Installing the updated packages and restarting the OpenShift services are the only requirements for this update. However, if you are updating your system to Red Hat Enterprise Linux 6.4 while applying OpenShift Enterprise 1.1.1 updates, it is recommended that you restart your system.
e0e1bc67708c3a5e17e015a956f1679d743300e35ddbcad23b6ada0623037f7aDebian Linux Security Advisory 2609-1 - An interpretation conflict can cause the Active Record component of Rails, a web framework for the Ruby programming language, to truncate queries in unexpected ways. This may allow attackers to elevate their privileges.
5b821d3e1a2d0e1f4b61d0f22af798ad2059c8c48dd822b5e252a0154434078cRed Hat Security Advisory 2013-0155-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Active Record implements object-relational mapping for accessing database entries using objects. Active Support provides support and utility classes used by the Ruby on Rails framework. Multiple flaws were found in the way Ruby on Rails performed XML parameter parsing in HTTP requests. A remote attacker could use these flaws to execute arbitrary code with the privileges of a Ruby on Rails application, perform SQL injection attacks, or bypass the authentication using a specially-created HTTP request.
d825b1b57e1d6890cb94057f1685605a18e65bd563bbe43c07cec03d024e59d8Red Hat Security Advisory 2013-0154-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Active Record implements object-relational mapping for accessing database entries using objects. Active Support provides support and utility classes used by the Ruby on Rails framework. Multiple flaws were found in the way Ruby on Rails performed XML parameter parsing in HTTP requests. A remote attacker could use these flaws to execute arbitrary code with the privileges of a Ruby on Rails application, perform SQL injection attacks, or bypass the authentication using a specially-created HTTP request.
b89415f26cbe7df0292f8becc9d6c5ea880a07ca0ff91d3ddedb27ea9643cf93
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed