CVE-2013-0277

Common Vulnerabilities and Exposures

Upstream information

CVE-2013-0277 at MITRE

Description

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.

NVD CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entry: 803339, 809839

SUSE Security Advisories:

SUSE-SU-2013:0486-1, published Tue, 19 Mar 2013 18:04:46 +0100 (CET)
openSUSE-SU-2013:0338-1, published Mon, 25 Feb 2013 11:06:04 +0100 (CET)
openSUSE-SU-2013:0462-1, published Thu, 14 Mar 2013 20:04:25 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Cloud 1.0	`rubygem-actionmailer-2_3 >= 2.3.17-0.9.1` `rubygem-actionpack-2_3 >= 2.3.17-0.9.1` `rubygem-activerecord-2_3 >= 2.3.17-0.9.1` `rubygem-activeresource-2_3 >= 2.3.17-0.9.1` `rubygem-activesupport-2_3 >= 2.3.17-0.9.1` `rubygem-rails-2_3 >= 2.3.17-0.9.1`	Builds SAT Patch Nr: 7363
SUSE Linux Enterprise Software Development Kit 11 SP2	`rubygem-actionmailer-2_3 >= 2.3.17-0.9.1` `rubygem-actionpack-2_3 >= 2.3.17-0.9.1` `rubygem-activerecord-2_3 >= 2.3.17-0.9.1` `rubygem-activeresource-2_3 >= 2.3.17-0.9.1` `rubygem-activesupport-2_3 >= 2.3.17-0.9.1` `rubygem-rails >= 2.3.16-0.7.1` `rubygem-rails-2_3 >= 2.3.17-0.9.1`	Builds SAT Patch Nr: 7363
SUSE Studio Standard Edition 1.2	`rubygem-actionmailer-2_3 >= 2.3.17-0.6.1` `rubygem-actionpack-2_3 >= 2.3.17-0.6.1` `rubygem-activerecord-2_3 >= 2.3.17-0.6.1` `rubygem-activeresource-2_3 >= 2.3.17-0.6.1` `rubygem-activesupport-2_3 >= 2.3.17-0.6.1` `rubygem-rails >= 2.3.16-0.4.5.1` `rubygem-rails-2_3 >= 2.3.17-0.6.1`	Builds SAT Patch Nr: 7364
SUSE Studio Extension for System z 1.2 SUSE Studio Onsite 1.2 [Appliance - Studio] WebYaST 1.2	`rubygem-actionmailer-2_3 >= 2.3.17-0.6.1` `rubygem-actionpack-2_3 >= 2.3.17-0.6.1` `rubygem-activerecord-2_3 >= 2.3.17-0.6.1` `rubygem-activeresource-2_3 >= 2.3.17-0.6.1` `rubygem-activesupport-2_3 >= 2.3.17-0.6.1` `rubygem-rails-2_3 >= 2.3.17-0.6.1`	Builds SAT Patch Nr: 7364

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy