CVE-2013-0276

Common Vulnerabilities and Exposures

Upstream information

CVE-2013-0276 at MITRE

Description

ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Novell/SUSE information

Novell Bugzilla entry: 803336

SUSE Security Advisories:

SUSE-SU-2013:0486-1, published Tue, 19 Mar 2013 18:04:46 +0100 (CET)
SUSE-SU-2013:0606-1, published Wed, 3 Apr 2013 20:06:19 +0200 (CEST)
openSUSE-SU-2013:0338-1, published Mon, 25 Feb 2013 11:06:04 +0100 (CET)
openSUSE-SU-2013:0462-1, published Thu, 14 Mar 2013 20:04:25 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Cloud 1.0	`rubygem-actionmailer-2_3 >= 2.3.17-0.9.1` `rubygem-actionpack-2_3 >= 2.3.17-0.9.1` `rubygem-activerecord-2_3 >= 2.3.17-0.9.1` `rubygem-activeresource-2_3 >= 2.3.17-0.9.1` `rubygem-activesupport-2_3 >= 2.3.17-0.9.1` `rubygem-rails-2_3 >= 2.3.17-0.9.1`	Builds SAT Patch Nr: 7363
SUSE Linux Enterprise Software Development Kit 11 SP2	`rubygem-actionmailer-2_3 >= 2.3.17-0.9.1` `rubygem-actionpack-2_3 >= 2.3.17-0.9.1` `rubygem-activerecord-2_3 >= 2.3.17-0.9.1` `rubygem-activeresource-2_3 >= 2.3.17-0.9.1` `rubygem-activesupport-2_3 >= 2.3.17-0.9.1` `rubygem-rails >= 2.3.16-0.7.1` `rubygem-rails-2_3 >= 2.3.17-0.9.1`	Builds SAT Patch Nr: 7363
SUSE Studio Standard Edition 1.2	`rubygem-actionmailer-2_3 >= 2.3.17-0.6.1` `rubygem-actionpack-2_3 >= 2.3.17-0.6.1` `rubygem-activerecord-2_3 >= 2.3.17-0.6.1` `rubygem-activeresource-2_3 >= 2.3.17-0.6.1` `rubygem-activesupport-2_3 >= 2.3.17-0.6.1` `rubygem-rails >= 2.3.16-0.4.5.1` `rubygem-rails-2_3 >= 2.3.17-0.6.1`	Builds SAT Patch Nr: 7364
SUSE Studio Extension for System z 1.2 SUSE Studio Onsite 1.2 [Appliance - Studio] WebYaST 1.2	`rubygem-actionmailer-2_3 >= 2.3.17-0.6.1` `rubygem-actionpack-2_3 >= 2.3.17-0.6.1` `rubygem-activerecord-2_3 >= 2.3.17-0.6.1` `rubygem-activeresource-2_3 >= 2.3.17-0.6.1` `rubygem-activesupport-2_3 >= 2.3.17-0.6.1` `rubygem-rails-2_3 >= 2.3.17-0.6.1`	Builds SAT Patch Nr: 7364
BDK 11 SP2	`rubygem-actionmailer-3_2 >= 3.2.12-0.5.9` `rubygem-actionpack-3_2 >= 3.2.12-0.7.1` `rubygem-activemodel-3_2 >= 3.2.12-0.5.8` `rubygem-activerecord-3_2 >= 3.2.12-0.7.1` `rubygem-activeresource-3_2 >= 3.2.12-0.5.8` `rubygem-rails-3_2 >= 3.2.12-0.5.10` `rubygem-railties-3_2 >= 3.2.12-0.7.9`	Builds SAT Patch Nr: 7617
SUSE Linux Enterprise Software Development Kit 11 SP2	`rubygem-activesupport-3_2 >= 3.2.12-0.5.8` `rubygem-rack-1_4 >= 1.4.5-0.5.8`	Builds SAT Patch Nr: 7617
SUSE Lifecycle Management Server 1.3 SUSE Studio Onsite 1.3 WebYaST 1.3	`rubygem-actionmailer-3_2 >= 3.2.12-0.5.9` `rubygem-actionpack-3_2 >= 3.2.12-0.7.1` `rubygem-activemodel-3_2 >= 3.2.12-0.5.8` `rubygem-activerecord-3_2 >= 3.2.12-0.7.1` `rubygem-activeresource-3_2 >= 3.2.12-0.5.8` `rubygem-activesupport-3_2 >= 3.2.12-0.5.8` `rubygem-rack-1_4 >= 1.4.5-0.5.8` `rubygem-rails-3_2 >= 3.2.12-0.5.10` `rubygem-railties-3_2 >= 3.2.12-0.7.9`	Builds SAT Patch Nr: 7617

List of products where fixes are in QA

SUSE Studio Onsite 1.3

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy