Cross-References: CVE-2012-5664 CVE-2013-0155 CVE-2013-0156 CVE-2013-0276 CVE-2013-0333 Affected Products: WebYaST 1.2 SUSE Studio Standard Edition 1.2 SUSE Studio Onsite 1.2 SUSE Studio Extension for System z 1.2 ______________________________________________________________________________
An update that solves 5 vulnerabilities and has one errata is now available. It includes one version update.
The Ruby on Rails stack has been updated to 2.3.17 to fix various security issues and bugs.
The rails gems were updated to fix:
* Unsafe Query Generation Risk in Ruby on Rails (CVE-2013-0155) * Multiple vulnerabilities in parameter parsing in Action Pack (CVE-2013-0156) * SQL Injection Vulnerability in Active Record (CVE-2012-5664) * rails: Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 (CVE-2013-0333) * activerecord: Circumvention of attr_protected (CVE-2013-0276) * activerecord: Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0 (CVE-2013-0277)