Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0303)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2014.0303

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2014-0303)

Zusammenfassung: The remote host is missing an update for the 'ruby-actionmailer, ruby-actionpack, ruby-activemodel, ruby-activerecord, ruby-activesupport, ruby-rails, ruby-railties' package(s) announced via the MGASA-2014-0303 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'ruby-actionmailer, ruby-actionpack, ruby-activemodel, ruby-activerecord, ruby-activesupport, ruby-rails, ruby-railties' package(s) announced via the MGASA-2014-0303 advisory.

Vulnerability Insight:
Updated ruby-actionpack and ruby-activerecord packages fix security
vulnerabilities:

Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb
in the implicit-render implementation in Ruby on Rails before 4.0.5, when
certain route globbing configurations are enabled, allows remote attackers to
read arbitrary files via a crafted request (CVE-2014-0130).

PostgreSQL supports a number of unique data types which are not present in
other supported databases. A bug in the SQL quoting code in ActiveRecord in
Ruby on Rails before 4.0.7 can allow an attacker to inject arbitrary SQL using
carefully crafted values (CVE-2014-3483).

The associated Ruby on Rails packages have been updated to version 4.0.8, to
address these and other issues.

Affected Software/OS:
'ruby-actionmailer, ruby-actionpack, ruby-activemodel, ruby-activerecord, ruby-activesupport, ruby-rails, ruby-railties' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-0130
67244
http://www.securityfocus.com/bid/67244
RHSA-2014:1863
http://rhn.redhat.com/errata/RHSA-2014-1863.html
[rubyonrails-security] 20140506 [CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configurations
https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ
http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf
Common Vulnerability Exposure (CVE) ID: CVE-2014-3483
BugTraq ID: 68341
http://www.securityfocus.com/bid/68341
Debian Security Information: DSA-2982 (Google Search)
http://www.debian.org/security/2014/dsa-2982
http://openwall.com/lists/oss-security/2014/07/02/5
https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J
RedHat Security Advisories: RHSA-2014:0877
http://rhn.redhat.com/errata/RHSA-2014-0877.html
http://secunia.com/advisories/59971
http://secunia.com/advisories/60214

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2014.0303
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2014-0303)
Zusammenfassung:	The remote host is missing an update for the 'ruby-actionmailer, ruby-actionpack, ruby-activemodel, ruby-activerecord, ruby-activesupport, ruby-rails, ruby-railties' package(s) announced via the MGASA-2014-0303 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'ruby-actionmailer, ruby-actionpack, ruby-activemodel, ruby-activerecord, ruby-activesupport, ruby-rails, ruby-railties' package(s) announced via the MGASA-2014-0303 advisory. Vulnerability Insight: Updated ruby-actionpack and ruby-activerecord packages fix security vulnerabilities: Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 4.0.5, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request (CVE-2014-0130). PostgreSQL supports a number of unique data types which are not present in other supported databases. A bug in the SQL quoting code in ActiveRecord in Ruby on Rails before 4.0.7 can allow an attacker to inject arbitrary SQL using carefully crafted values (CVE-2014-3483). The associated Ruby on Rails packages have been updated to version 4.0.8, to address these and other issues. Affected Software/OS: 'ruby-actionmailer, ruby-actionpack, ruby-activemodel, ruby-activerecord, ruby-activesupport, ruby-rails, ruby-railties' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0130 67244 http://www.securityfocus.com/bid/67244 RHSA-2014:1863 http://rhn.redhat.com/errata/RHSA-2014-1863.html [rubyonrails-security] 20140506 [CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configurations https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf Common Vulnerability Exposure (CVE) ID: CVE-2014-3483 BugTraq ID: 68341 http://www.securityfocus.com/bid/68341 Debian Security Information: DSA-2982 (Google Search) http://www.debian.org/security/2014/dsa-2982 http://openwall.com/lists/oss-security/2014/07/02/5 https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J RedHat Security Advisories: RHSA-2014:0877 http://rhn.redhat.com/errata/RHSA-2014-0877.html http://secunia.com/advisories/59971 http://secunia.com/advisories/60214
Copyright	Copyright (C) 2022 Greenbone AG