SUSE update for Ruby On Rails

by Carol~ Moderator - 4/4/13 8:09 AM

In Reply to: VULNERABILITIES / FIXES - April 04, 2013 by Carol~ Moderator

Release Date : 2013-04-04

Criticality level : Highly critical
Impact : Manipulation of data
Security Bypass
System access
Where : From remote
Solution Status: Vendor Patch

Software:
SUSE Studio Extension for System z 1.x
SUSE Studio Onsite 1.x
SUSE Studio Standard Edition 1.x
WebYaST 1.x

Description:
SUSE has issued an update for Ruby On Rails. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct SQL injection attacks, and compromise a vulnerable system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
SUSE-SU-2013:0606-1:
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00000.html

http://secunia.com/advisories/52900/