[SECURITY] Fedora 18 Update: rubygem-activesupport-3.2.8-3.fc18

Utility library which carries commonly used classes and goodies from the Rails framework...

Ruby on Rails XML解析远程拒绝服务漏洞(CVE-2013-1856)

BUGTRAQ ID: 58554 CVECAN ID: CVE-2013-1856 Ruby on Rails简称RoR或Rails，是一个使用Ruby语言写的开源Web应用框架，它是严格按照MVC结构开发的。 Ruby on Rails 3.0.0及之后版本在使用JRuby时，ActiveSupport XML解析器的JDOM后端内存在漏洞，攻击者可利用此漏洞造成拒绝服务或访问应用服务器上的文件。 0 Ruby on Rails 3.x Ruby on Rails 2.x 临时解决方法： 如果您不能立刻安装补丁或者升级，建议您采取以下措施以降低威胁：...

CVE-2013-1856

The ActiveSupport::XmlMiniJDOM backend in lib/activesupport/xmlmini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to...

Design/Logic Flaw

The ActiveSupport::XmlMiniJDOM backend in lib/activesupport/xmlmini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to...

CVE-2013-1856

The ActiveSupport::XmlMiniJDOM backend in lib/activesupport/xmlmini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to...

CVE-2013-1856

The ActiveSupport::XmlMiniJDOM backend in lib/activesupport/xmlmini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to...

CVE-2013-1856

CVE-2013-1856 affects the ActiveSupport XML parser backend (XMLMini_JDOM) in Ruby on Rails’ Active Support. Specifically, JRuby users of Rails 3.0.x and 3.1.x before 3.1.12 and Rails 3.2.x before 3.2.13 have an XML parsing vulnerability that can allow a remote attacker to read arbitrary files or ...

Ruby on Rails Patches DoS, XSS Vulnerabilities

The developers of Ruby on Rails, the popular web app framework, released four new versions of the product yesterday, complete with fixes for a series of vulnerabilities that could have lead to denial of service attacks and XSS injections. Four vulnerabilities in total are addressed in versions...

XML Parsing Vulnerability affecting JRuby users

There is a vulnerability in the JDOM backend to ActiveSupport's XML parser. you should upgrade or use one of the work arounds immediately...

XML Parsing Vulnerability affecting JRuby users

The ActiveSupport XML parsing functionality supports multiple pluggable backends. One backend supported for JRuby users is ActiveSupport::XmlMiniJDOM which makes use of the javax.xml.parsers.DocumentBuilder class. In some JVM configurations the default settings of that class can allow an attacker...

Fedora Update for rubygem-activesupport FEDORA-2013-1745

Check for the Version of rubygem-activesupport OpenVAS Vulnerability Test Fedora Update for rubygem-activesupport FEDORA-2013-1745 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

Fedora Update for rubygem-activesupport FEDORA-2013-1710

Check for the Version of rubygem-activesupport OpenVAS Vulnerability Test Fedora Update for rubygem-activesupport FEDORA-2013-1710 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

Fedora 16 : rubygem-activesupport-3.0.10-6.fc16 (2013-1745)

Fixes CVE-2013-0333. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

Fedora 17 : rubygem-activesupport-3.0.11-8.fc17 (2013-1710)

Fixes CVE-2013-0333. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

Fedora Update for rubygem-activesupport FEDORA-2013-1745

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for rubygem-activesupport FEDORA-2013-1710

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

[SECURITY] Fedora 17 Update: rubygem-activesupport-3.0.11-8.fc17

Utility library which carries commonly used classes and goodies from the Rails framework...

Critical: Red Hat Security Advisory: rubygem-activesupport security update

An updated rubygem-activesupport package that fixes one security issue is now available for Red Hat CloudForms. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

RHEL 6 : rubygem-activesupport (RHSA-2013:0201)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2013:0201 advisory. Ruby on Rails is a modelviewcontroller MVC framework for web application development. Active Support provides support and utility classes used by the...

rubygem-activesupport: json to yaml parsing

lib/activesupport/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication v...