Upstream information
CVE-2011-2930 at MITRE
Description
Multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters in activerecord/lib/active_record/connection_adapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name.
NVD CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Novell/SUSE information
Novell Bugzilla entry:
712062,
715443
SUSE Security Advisories:
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Studio Standard Edition 1.2 | rubygem-actionmailer-2_3 >= 2.3.14-0.7.4.3rubygem-actionpack-2_3 >= 2.3.14-0.7.4.3rubygem-activerecord-2_3 >= 2.3.14-0.7.4.3rubygem-activeresource-2_3 >= 2.3.14-0.7.4.3rubygem-activesupport-2_3 >= 2.3.14-0.7.4.3rubygem-rack >= 1.1.2-0.8.8.3rubygem-rails >= 2.3.14-0.8.6.1rubygem-rails-2_3 >= 2.3.14-0.7.4.3
| Builds
SAT Patch Nr: 5884 |
SUSE Studio Extension for System z 1.2
SUSE Studio Onsite 1.2 [Appliance - Studio]
WebYaST 1.2 | rubygem-actionmailer-2_3 >= 2.3.14-0.7.4.3rubygem-actionpack-2_3 >= 2.3.14-0.7.4.3rubygem-activerecord-2_3 >= 2.3.14-0.7.4.3rubygem-activeresource-2_3 >= 2.3.14-0.7.4.3rubygem-activesupport-2_3 >= 2.3.14-0.7.4.3rubygem-rack >= 1.1.2-0.8.8.3rubygem-rails-2_3 >= 2.3.14-0.7.4.3
| Builds
SAT Patch Nr: 5884 |
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Linux Enterprise Software Development Kit 11 SP2 | rubygem-actionpack-2_1 >= 2.1.2-1.12.2rubygem-activerecord-2_1 >= 2.1.2-1.4.5
| sle11-sp2-sdk.ia64
sle11-sp2-sdk.s390x
sle11-sp2-sdk.x86-64
sle11-sp1-sdk.s390x
sle11-sp1-sdk.x86-64
sle11-sp1-sdk.x86
sle11-sp2-sdk.ppc
sle11-sp1-sdk.ia64
sle11-sp1-sdk.ppc
sle11-sp2-sdk.x86
SAT Patch Nr: 5875 |
| openSUSE 11.3 | rubygem-actionmailer >= 2.3.14-0.3.1rubygem-actionmailer-2_3 >= 2.3.14-0.3.1rubygem-actionpack >= 2.3.14-0.3.1rubygem-actionpack-2_3 >= 2.3.14-0.2.1rubygem-activerecord >= 2.3.14-0.3.1rubygem-activerecord-2_3 >= 2.3.14-0.3.1rubygem-activeresource >= 2.3.14-0.3.1rubygem-activeresource-2_3 >= 2.3.14-0.3.1rubygem-activesupport >= 2.3.14-0.3.1rubygem-activesupport-2_3 >= 2.3.14-0.3.1rubygem-rack >= 1.1.2-0.3.1rubygem-rails >= 2.3.14-0.3.1rubygem-rails-2_3 >= 2.3.14-0.3.1
| |
| openSUSE 11.4 | rubygem-actionmailer >= 2.3.14-0.3.1rubygem-actionmailer-2_3 >= 2.3.14-0.3.1rubygem-actionmailer-2_3-doc >= 2.3.14-0.3.1rubygem-actionmailer-2_3-testsuite >= 2.3.14-0.3.1rubygem-actionpack >= 2.3.14-0.3.1rubygem-actionpack-2_3 >= 2.3.14-0.3.1rubygem-actionpack-2_3-doc >= 2.3.14-0.3.1rubygem-actionpack-2_3-testsuite >= 2.3.14-0.3.1rubygem-activerecord >= 2.3.14-0.3.1rubygem-activerecord-2_3 >= 2.3.14-0.3.1rubygem-activerecord-2_3-doc >= 2.3.14-0.3.1rubygem-activerecord-2_3-testsuite >= 2.3.14-0.3.1rubygem-activeresource >= 2.3.14-0.3.1rubygem-activeresource-2_3 >= 2.3.14-0.3.1rubygem-activeresource-2_3-doc >= 2.3.14-0.3.1rubygem-activeresource-2_3-testsuite >= 2.3.14-0.3.1rubygem-activesupport >= 2.3.14-0.3.1rubygem-activesupport-2_3 >= 2.3.14-0.3.1rubygem-activesupport-2_3-doc >= 2.3.14-0.3.1rubygem-rack >= 1.1.2-0.3.1rubygem-rails >= 2.3.14-0.3.1rubygem-rails-2_3 >= 2.3.14-0.3.1rubygem-rails-2_3-doc >= 2.3.14-0.3.1
| |
