Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseSUSE-SU-2016:1146-1
HistoryApr 25, 2016 - 8:07 p.m.

Security update for portus (important)

2016-04-2520:07:56
lists.opensuse.org
18

0.974 High

EPSS

Percentile

99.9%

JSON

Portus was updated to version 2.0.3, which brings several fixes and
enhancements:

  • Fixed crono job when a repository could not be found.
  • Fixed compatibility issues with Docker 1.10 and Distribution 2.3.
  • Handle multiple scopes in token requests.
  • Add optional fields to token response.
  • Fixed notification events for Distribution v2.3.
  • Paginate through the catalog properly.
  • Do not remove all the repositories if fetching one fails.
  • Fixed SMTP setup.
  • Don’t let crono overflow the β€˜log’ column on the DB.
  • Show the actual LDAP error on invalid login.
  • Fixed the location of crono logs.
  • Always use relative paths.
  • Set RUBYLIB when using portusctl.
  • Don’t count hidden teams on the admin panel.
  • Warn developers on unsupported docker-compose versions.
  • Directly invalidate LDAP logins without name and password.
  • Don’t show the "I forgot my password" link on LDAP.

The following Rubygems bundled within Portus have been updated to fix
security issues:

  • CVE-2016-2098: rubygem-actionpack (bsc#969943).
  • CVE-2015-7578: rails-html-sanitizer (bsc#963326).
  • CVE-2015-7579: rails-html-sanitizer (bsc#963327).
  • CVE-2015-7580: rails-html-sanitizer (bsc#963328).
  • CVE-2015-7576: rubygem-actionpack, rubygem-activesupport (bsc#963563).
  • CVE-2015-7577: rubygem-activerecord (bsc#963604).
  • CVE-2016-0751: rugygem-actionpack (bsc#963627).
  • CVE-2016-0752: rubygem-actionpack, rubygem-actionview (bsc#963608).
  • CVE-2016-0753: rubygem-activemodel, rubygem-activesupport,
    rubygem-activerecord (bsc#963617).
  • CVE-2015-7581: rubygem-actionpack (bsc#963625).

Related

openvas 32
nessus 26
ibm 1
freebsd 1
redhat 3
fedora 16
suse 4
debian 11
osv 15
hackerone 9
cve 10
debiancve 10
github 11
ubuntucve 10
prion 10
seebug 2
gitlab 3
veracode 2
rubygems 9
zdt 2
checkpoint_advisories 2
canvas 1
packetstorm 2
cisa_kev 1
saint 3
attackerkb 1
metasploit 1
exploitdb 1
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:1146-1)
2021-06-09 00:00:00
Fedora Update for rubygem-activemodel FEDORA-2016-94
2016-02-29 00:00:00
Fedora Update for rubygem-actionpack FEDORA-2016-94
2016-02-29 00:00:00
nessus
nessus
openSUSE Security Update : rubygem-actionpack-4_2 / rubygem-actionview-4_2 / rubygem-activemodel-4_2 / etc (openSUSE-2016-159)
2016-02-08 00:00:00
FreeBSD : rails -- multiple vulnerabilities (bb0ef21d-0e1b-461b-bc3d-9cba39948888)
2016-02-03 00:00:00
Fedora 22 : rubygem-actionpack-4.2.0-3.fc22 / rubygem-activemodel-4.2.0-2.fc22 (2016-94e71ee673)
2016-03-04 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9, IBM BigFix Inventory v9 and IBM Endpoint Manager for Software Use Analysis v9 & v2.2
2021-04-26 21:17:25
freebsd
freebsd
rails -- multiple vulnerabilities
2016-01-25 00:00:00
redhat
redhat
(RHSA-2016:0296) Important: rh-ror41 security update
2016-02-24 00:00:00
(RHSA-2016:0454) Important: ror40 security update
2016-03-15 00:00:00
(RHSA-2016:0455) Important: ruby193 security update
2016-03-15 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: rubygem-actionpack-4.2.0-3.fc22
2016-02-28 08:31:04
[SECURITY] Fedora 22 Update: rubygem-activemodel-4.2.0-2.fc22
2016-02-28 08:31:04
[SECURITY] Fedora 23 Update: rubygem-rails-html-sanitizer-1.0.3-1.fc23
2016-02-28 12:28:41
suse
suse
Security update for rubygem-rails-html-sanitizer (important)
2016-02-09 14:12:34
Security update for rubygem-rails-html-sanitizer (important)
2016-02-07 17:11:11
Security update for rubygem-actionview-4_2 (important)
2016-03-23 19:08:52
debian
debian
[SECURITY] [DSA 3464-1] rails security update
2016-01-31 18:43:51
[SECURITY] [DLA 604-1] ruby-actionpack-3.2 security update
2016-08-28 18:14:37
[SECURITY] [DSA 3509-1] rails security update
2016-03-09 17:48:46
osv
osv
ruby-actionpack-3.2 - security update
2016-08-28 00:00:00
rails - security update
2016-03-09 00:00:00
rails-html-sanitizer Cross-site Scripting vulnerability
2017-10-24 18:33:36
hackerone
hackerone
Ruby on Rails: Remote code execution using render :inline
2016-02-01 19:18:59
Ruby on Rails: Potential XSS on sanitize/Rails::Html::WhiteListSanitizer
2015-08-08 09:37:38
Ruby on Rails: DoS Attack in Controller Lookup Code
2015-08-22 01:34:13
cve
cve
CVE-2015-7581
2016-02-16 02:59:00
CVE-2015-7580
2016-02-16 02:59:00
CVE-2015-7579
2016-02-16 02:59:00
debiancve
debiancve
CVE-2015-7579
2016-02-16 02:59:00
CVE-2015-7580
2016-02-16 02:59:00
CVE-2015-7581
2016-02-16 02:59:00
github
github
rails-html-sanitizer Cross-site Scripting vulnerability
2017-10-24 18:33:36
rails-html-sanitizer Cross-site Scripting vulnerability
2017-10-24 18:33:36
actionpack is vulnerable to denial of service because of a wildcard controller route
2017-10-24 18:33:36
ubuntucve
ubuntucve
CVE-2015-7580
2016-02-16 00:00:00
CVE-2015-7579
2016-02-16 00:00:00
CVE-2015-7581
2016-02-16 00:00:00
prion
prion
Cross site scripting
2016-02-16 02:59:00
Cross site scripting
2016-02-16 02:59:00
Code injection
2016-02-16 02:59:00
seebug
seebug
Ruby on Rails rails-html-sanitizer XSS 漏洞
2016-01-27 00:00:00
Ruby on Rails Action PackθΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž
2016-03-17 00:00:00
gitlab
gitlab
Nested attributes rejection proc bypass
2016-02-15 00:00:00
Possible Information Leak Vulnerability
2016-02-15 00:00:00
Possible Input Validation Circumvention
2016-02-15 00:00:00
veracode
veracode
Timing Attack Vulnerability In Basic Authentication
2019-01-15 09:10:28
Remote Code Execution (RCE) And Information Disclosure
2016-01-26 05:48:59
rubygems
rubygems
Possible XSS vulnerability in rails-html-sanitizer
2016-01-24 21:00:00
Object leak vulnerability for wildcard controller routes in Action Pack
2016-01-24 21:00:00
XSS vulnerability in rails-html-sanitizer
2016-01-24 21:00:00
zdt
zdt
Ruby on Rails ActionPack Inline ERB - Code Execution (Metasploit)
2016-07-11 00:00:00
Ruby on Rails Dynamic Render File Upload Remote Code Execution
2016-10-15 00:00:00
checkpoint_advisories
checkpoint_advisories
Ruby on Rails Remote Code Execution (CVE-2016-2098)
2016-07-19 00:00:00
Ruby On Rails Directory Traversal (CVE-2016-0752)
2022-04-19 00:00:00
canvas
canvas
Immunity Canvas: RAILS_ACTIONPACK_RENDER
2016-04-07 23:59:00
packetstorm
packetstorm
Ruby On Rails ActionPack Inline ERB Code Execution
2016-07-09 00:00:00
Ruby on Rails Dynamic Render File Upload Remote Code Execution
2016-10-13 00:00:00
cisa_kev
cisa_kev
Ruby on Rails Directory Traversal Vulnerability
2022-03-25 00:00:00
saint
saint
Ruby on Rails Dynamic Render code execution
2016-11-11 00:00:00
Ruby on Rails Dynamic Render code execution
2016-11-11 00:00:00
Ruby on Rails Dynamic Render code execution
2016-11-11 00:00:00
attackerkb
attackerkb
CVE-2016-0752
2016-02-16 00:00:00
metasploit
metasploit
Ruby on Rails Dynamic Render File Upload Remote Code Execution
2016-10-10 22:36:20
exploitdb
exploitdb
Ruby on Rails - Dynamic Render File Upload / Remote Code Execution (Metasploit)
2016-10-17 00:00:00

0.974 High

EPSS

Percentile

99.9%

JSON
Related for SUSE-SU-2016:1146-1
openvas32nessus26ibm1freebsd1redhat3fedora16suse4debian11osv15hackerone9cve10debiancve10github11ubuntucve10prion10seebug2gitlab3veracode2rubygems9zdt2checkpoint_advisories2canvas1packetstorm2cisa_kev1saint3attackerkb1metasploit1exploitdb1