Novell Home

CVE-2013-0276

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-0276 at MITRE

Description

ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Novell/SUSE information

Novell Bugzilla entry: 803336

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Cloud 1.0
  • rubygem-actionmailer-2_3 >= 2.3.17-0.9.1
  • rubygem-actionpack-2_3 >= 2.3.17-0.9.1
  • rubygem-activerecord-2_3 >= 2.3.17-0.9.1
  • rubygem-activeresource-2_3 >= 2.3.17-0.9.1
  • rubygem-activesupport-2_3 >= 2.3.17-0.9.1
  • rubygem-rails-2_3 >= 2.3.17-0.9.1
Builds
SAT Patch Nr: 7363
SUSE Linux Enterprise Software Development Kit 11 SP2
  • rubygem-actionmailer-2_3 >= 2.3.17-0.9.1
  • rubygem-actionpack-2_3 >= 2.3.17-0.9.1
  • rubygem-activerecord-2_3 >= 2.3.17-0.9.1
  • rubygem-activeresource-2_3 >= 2.3.17-0.9.1
  • rubygem-activesupport-2_3 >= 2.3.17-0.9.1
  • rubygem-rails >= 2.3.16-0.7.1
  • rubygem-rails-2_3 >= 2.3.17-0.9.1
Builds
SAT Patch Nr: 7363
SUSE Studio Onsite 1.3
  • susestudio >= 1.3.1.0-0.5.2
  • susestudio-bundled-packages >= 1.3.1.0-0.5.2
  • susestudio-common >= 1.3.1.0-0.5.2
  • susestudio-runner >= 1.3.1.0-0.5.2
  • susestudio-sid >= 1.3.1.0-0.5.2
  • susestudio-ui-server >= 1.3.1.0-0.5.2
Builds
SAT Patch Nr: 7721
SUSE Studio Standard Edition 1.2
  • rubygem-actionmailer-2_3 >= 2.3.17-0.6.1
  • rubygem-actionpack-2_3 >= 2.3.17-0.6.1
  • rubygem-activerecord-2_3 >= 2.3.17-0.6.1
  • rubygem-activeresource-2_3 >= 2.3.17-0.6.1
  • rubygem-activesupport-2_3 >= 2.3.17-0.6.1
  • rubygem-rails >= 2.3.16-0.4.5.1
  • rubygem-rails-2_3 >= 2.3.17-0.6.1
Builds
SAT Patch Nr: 7364
SUSE Studio Extension for System z 1.2
SUSE Studio Onsite 1.2 [Appliance - Studio]
WebYaST 1.2
  • rubygem-actionmailer-2_3 >= 2.3.17-0.6.1
  • rubygem-actionpack-2_3 >= 2.3.17-0.6.1
  • rubygem-activerecord-2_3 >= 2.3.17-0.6.1
  • rubygem-activeresource-2_3 >= 2.3.17-0.6.1
  • rubygem-activesupport-2_3 >= 2.3.17-0.6.1
  • rubygem-rails-2_3 >= 2.3.17-0.6.1
Builds
SAT Patch Nr: 7364
BDK 11 SP2
  • rubygem-actionmailer-3_2 >= 3.2.12-0.5.9
  • rubygem-actionpack-3_2 >= 3.2.12-0.7.1
  • rubygem-activemodel-3_2 >= 3.2.12-0.5.8
  • rubygem-activerecord-3_2 >= 3.2.12-0.7.1
  • rubygem-activeresource-3_2 >= 3.2.12-0.5.8
  • rubygem-rails-3_2 >= 3.2.12-0.5.10
  • rubygem-railties-3_2 >= 3.2.12-0.7.9
Builds
SAT Patch Nr: 7617
SUSE Linux Enterprise Software Development Kit 11 SP2
  • rubygem-activesupport-3_2 >= 3.2.12-0.5.8
  • rubygem-rack-1_4 >= 1.4.5-0.5.8
Builds
SAT Patch Nr: 7617
SUSE Lifecycle Management Server 1.3
SUSE Studio Onsite 1.3
WebYaST 1.3
  • rubygem-actionmailer-3_2 >= 3.2.12-0.5.9
  • rubygem-actionpack-3_2 >= 3.2.12-0.7.1
  • rubygem-activemodel-3_2 >= 3.2.12-0.5.8
  • rubygem-activerecord-3_2 >= 3.2.12-0.7.1
  • rubygem-activeresource-3_2 >= 3.2.12-0.5.8
  • rubygem-activesupport-3_2 >= 3.2.12-0.5.8
  • rubygem-rack-1_4 >= 1.4.5-0.5.8
  • rubygem-rails-3_2 >= 3.2.12-0.5.10
  • rubygem-railties-3_2 >= 3.2.12-0.7.9
Builds
SAT Patch Nr: 7617

© 2014 Novell