Novell Home

CVE-2013-0269

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-0269 at MITRE

Description

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability."

NVD CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entries: 803342, 807044, 809839

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Studio Extension for System z 1.2
SUSE Studio Standard Edition 1.2
WebYaST 1.2
  • rubygem-json_pure >= 1.2.0-0.4.1
Builds
SAT Patch Nr: 7486
SUSE Studio Onsite 1.3
  • susestudio >= 1.3.1.0-0.5.2
  • susestudio-bundled-packages >= 1.3.1.0-0.5.2
  • susestudio-common >= 1.3.1.0-0.5.2
  • susestudio-runner >= 1.3.1.0-0.5.2
  • susestudio-sid >= 1.3.1.0-0.5.2
  • susestudio-ui-server >= 1.3.1.0-0.5.2
Builds
SAT Patch Nr: 7721
SUSE Lifecycle Management Server 1.3
SUSE Linux Enterprise Software Development Kit 11 SP2
WebYaST 1.3
  • rubygem-json_pure >= 1.2.0-0.4.4
Builds
SAT Patch Nr: 7527
SUSE Studio Extension for System z 1.2
SUSE Studio Onsite 1.2 [Appliance - Studio]
  • rubygem-crack >= 0.1.7-0.5.4
Builds
SAT Patch Nr: 7530
SUSE Cloud 1.0
  • rubygem-extlib >= 0.9.15-0.9.1
Builds
SAT Patch Nr: 7498
SUSE Studio Onsite 1.3
  • ruby19 >= 1.9.3.p392-0.7.1
  • ruby19-devel >= 1.9.3.p392-0.7.1
  • ruby19-devel-extra >= 1.9.3.p392-0.7.1
Builds
SAT Patch Nr: 7496

© 2014 Novell