Novell Home

CVE-2013-0155

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-0155 at MITRE

Description

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694.

NVD CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)

Novell/SUSE information

Novell Bugzilla entries: 797449, 846239, 853625, 853627, 854786

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Cloud 1.0
  • rubygem-actionmailer-2_3 >= 2.3.17-0.9.1
  • rubygem-actionpack-2_3 >= 2.3.17-0.9.1
  • rubygem-activerecord-2_3 >= 2.3.17-0.9.1
  • rubygem-activeresource-2_3 >= 2.3.17-0.9.1
  • rubygem-activesupport-2_3 >= 2.3.17-0.9.1
  • rubygem-rails-2_3 >= 2.3.17-0.9.1
Builds
SAT Patch Nr: 7363
SUSE Linux Enterprise Software Development Kit 11 SP2
  • rubygem-actionmailer-2_3 >= 2.3.17-0.9.1
  • rubygem-actionpack-2_3 >= 2.3.17-0.9.1
  • rubygem-activerecord-2_3 >= 2.3.17-0.9.1
  • rubygem-activeresource-2_3 >= 2.3.17-0.9.1
  • rubygem-activesupport-2_3 >= 2.3.17-0.9.1
  • rubygem-rails >= 2.3.16-0.7.1
  • rubygem-rails-2_3 >= 2.3.17-0.9.1
Builds
SAT Patch Nr: 7363
SLE 11 SP3 DEBUGINFO
  • hawk-debuginfo >= 0.6.1-0.17.1
  • hawk-debugsource >= 0.6.1-0.17.1
Builds
SAT Patch Nr: 9208
SUSE Linux Enterprise High Availability Extension 11 SP3
  • hawk >= 0.6.1-0.17.1
  • hawk-templates >= 0.6.1-0.17.1
Builds
SAT Patch Nr: 9208
SUSE Lifecycle Management Server 1.3
SUSE Studio Onsite 1.3
WebYaST 1.3
  • rubygem-actionpack-3_2 >= 3.2.12-0.11.1
Builds
SAT Patch Nr: 8667
SUSE Studio Standard Edition 1.2
  • rubygem-actionmailer-2_3 >= 2.3.17-0.6.1
  • rubygem-actionpack-2_3 >= 2.3.17-0.6.1
  • rubygem-activerecord-2_3 >= 2.3.17-0.6.1
  • rubygem-activeresource-2_3 >= 2.3.17-0.6.1
  • rubygem-activesupport-2_3 >= 2.3.17-0.6.1
  • rubygem-rails >= 2.3.16-0.4.5.1
  • rubygem-rails-2_3 >= 2.3.17-0.6.1
Builds
SAT Patch Nr: 7364
SUSE Studio Extension for System z 1.2
SUSE Studio Onsite 1.2 [Appliance - Studio]
WebYaST 1.2
  • rubygem-actionmailer-2_3 >= 2.3.17-0.6.1
  • rubygem-actionpack-2_3 >= 2.3.17-0.6.1
  • rubygem-activerecord-2_3 >= 2.3.17-0.6.1
  • rubygem-activeresource-2_3 >= 2.3.17-0.6.1
  • rubygem-activesupport-2_3 >= 2.3.17-0.6.1
  • rubygem-rails-2_3 >= 2.3.17-0.6.1
Builds
SAT Patch Nr: 7364
SUSE Cloud 1.0
  • rubygem-merb-core >= 1.1.3-0.9.1
Builds
SAT Patch Nr: 7405

© 2014 Novell