openSUSE Security Update : rubygem-actionpack/activerecord-2_3 (openSUSE-SU-2012:0978-1)

3 Security issues were fixed in rails 2.3 core components. 2 NULL query issues where fixed in the actionpack gem. 1 SQL injection was fixed in the activerecord gem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

openSUSE Security Update : rubygem-actionpack-2_3 / rubygem-activesupport-2_3 (openSUSE-SU-2012:1218-1)

added 3-0-escapehtml-activesupport.patch: bnc775653 Also encode single quote CVE-2012-3464 - added 3-0-striptags.patch: bnc775649 Do not mark striptags result as htmlsafe CVE-2012-3465 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2013:0661-1)

Changes in rubygem-actionpack-32 : - add 2 patches to fix security issues : - bug-8099353-2-csssanitize.patch: CVE-2013-1855: rubygem-actionpack: XSS vulnerability in sanitizecss in Action Pack bnc809935 - bug-8099403-2-sanitizeprotocol.patch: CVE-2013-1857: rubygem-actionpack: XSS Vulnerability ...

openSUSE Security Update : rubygem-actionmailer-3_2 / rubygem-actionpack-3_2 / rubygem-activemodel-3_2 / etc (openSUSE-SU-2012:1066-1)

Multiple version upgrades for rails components. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-536. The text description of this plugin is C SUSE LLC...

openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2014:0718-1)

fix CVE-2014-0130: rubygem-actionpack: directory traversal issue bnc876714 CVE-2014-0130.patch: contains the fix %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2014-397. The text...

openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2013:1906-1)

fix CVE-2013-4491: rubygem-actionpack: i18n missing translation XSS bnc853625. File CVE-2013-4491.patch contains the patch - fix CVE-2013-6414: rubygem-actionpack: Action View DoS bnc853633. File CVE-2013-6414.patch contains the patch. - fix CVE-2013-6415: rubygem-actionpack: numbertocurrency XSS...

Fedora Update for rubygem-actionpack FEDORA-2014-6098

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for rubygem-actionpack FEDORA-2014-6127

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 20 : rubygem-actionpack-4.0.0-4.fc20 (2014-6098)

Fix for CVE-2014-0130 - Avoid directory traversal Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

CentOS 6 : Moderate: / ruby193-rubygem-actionpack (CESA-2014:0510)

The remote CentOS host is missing a security update which has been documented in Red Hat advisory RHSA-2014:0510. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Red Hat Security Advisory RHSA-2014:0510 and CentOS...

CentOS 6 : ruby193-rubygem-actionpack (CESA-2014:0306)

The remote CentOS host is missing a security update which has been documented in Red Hat advisory RHSA-2014:0306. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Red Hat Security Advisory RHSA-2014:0306 and CentOS...

Fedora Update for rubygem-actionpack FEDORA-2014-3232

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for rubygem-actionpack FEDORA-2013-23636

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for rubygem-actionpack FEDORA-2014-3169

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for rubygem-actionpack FEDORA-2014-3232

Check for the Version of rubygem-actionpack OpenVAS Vulnerability Test Fedora Update for rubygem-actionpack FEDORA-2014-3232 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Fedora Update for rubygem-actionpack FEDORA-2013-23636

Check for the Version of rubygem-actionpack OpenVAS Vulnerability Test Fedora Update for rubygem-actionpack FEDORA-2013-23636 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Fedora Update for rubygem-actionpack FEDORA-2014-3169

Check for the Version of rubygem-actionpack OpenVAS Vulnerability Test Fedora Update for rubygem-actionpack FEDORA-2014-3169 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

CVE-2014-0081 rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability

Multiple cross-site scripting XSS vulnerabilities in actionview/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the 1 format, 2 negativeformat, or 3 units...

CVE-2014-0082 rubygem-actionpack: Action View string handling denial of service

actionpack/lib/actionview/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service memory consumption by including these strings in heade...

Fedora 19 : rubygem-actionmailer-3.2.13-2.fc19 / rubygem-actionpack-3.2.13-4.fc19 / etc (2014-0970)

Avoid potential format string vulnerabilities where user-provided data is interpolated into the log message before String% is called. CVE-2013-4389. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted t...