CVE-2013-1854

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-1854 at MITRE

Description

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

SUSE information

SUSE Bugzilla entry: 809932

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Studio Extension for System z 1.2
SUSE Studio Onsite 1.2 [Appliance - Studio]
SUSE Studio Standard Edition 1.2
WebYaST 1.2
  • rubygem-actionpack-2_3 >= 2.3.17-0.8.8.1
  • rubygem-activerecord-2_3 >= 2.3.17-0.8.8.1
  • rubygem-activesupport-2_3 >= 2.3.17-0.8.8.1
Builds
SAT Patch Nr: 7590
SUSE Studio Onsite 1.3
  • susestudio >= 1.3.1.0-0.5.2
  • susestudio-bundled-packages >= 1.3.1.0-0.5.2
  • susestudio-common >= 1.3.1.0-0.5.2
  • susestudio-runner >= 1.3.1.0-0.5.2
  • susestudio-sid >= 1.3.1.0-0.5.2
  • susestudio-ui-server >= 1.3.1.0-0.5.2
Builds
SAT Patch Nr: 7721
SUSE Cloud 1.0
SUSE Linux Enterprise Software Development Kit 11 SP2
  • rubygem-actionpack-2_3 >= 2.3.17-0.11.1
  • rubygem-activerecord-2_3 >= 2.3.17-0.11.1
  • rubygem-activesupport-2_3 >= 2.3.17-0.11.1
Builds
SAT Patch Nr: 7589
BDK 11 SP2
  • rubygem-actionmailer-3_2 >= 3.2.12-0.5.9
  • rubygem-actionpack-3_2 >= 3.2.12-0.7.1
  • rubygem-activemodel-3_2 >= 3.2.12-0.5.8
  • rubygem-activerecord-3_2 >= 3.2.12-0.7.1
  • rubygem-activeresource-3_2 >= 3.2.12-0.5.8
  • rubygem-rails-3_2 >= 3.2.12-0.5.10
  • rubygem-railties-3_2 >= 3.2.12-0.7.9
Builds
SAT Patch Nr: 7617
SUSE Linux Enterprise Software Development Kit 11 SP2
  • rubygem-activesupport-3_2 >= 3.2.12-0.5.8
  • rubygem-rack-1_4 >= 1.4.5-0.5.8
Builds
SAT Patch Nr: 7617
SUSE Lifecycle Management Server 1.3
SUSE Studio Onsite 1.3
WebYaST 1.3
  • rubygem-actionmailer-3_2 >= 3.2.12-0.5.9
  • rubygem-actionpack-3_2 >= 3.2.12-0.7.1
  • rubygem-activemodel-3_2 >= 3.2.12-0.5.8
  • rubygem-activerecord-3_2 >= 3.2.12-0.7.1
  • rubygem-activeresource-3_2 >= 3.2.12-0.5.8
  • rubygem-activesupport-3_2 >= 3.2.12-0.5.8
  • rubygem-rack-1_4 >= 1.4.5-0.5.8
  • rubygem-rails-3_2 >= 3.2.12-0.5.10
  • rubygem-railties-3_2 >= 3.2.12-0.7.9
Builds
SAT Patch Nr: 7617
openSUSE 12.3
  • rubygem-activerecord-3_2 >= 3.2.12-1.4.1
  • rubygem-activerecord-3_2-doc >= 3.2.12-1.4.1
Patchnames:
openSUSE-2013-326
openSUSE Evergreen 11.4
  • rubygem-activerecord-2_3 >= 2.3.17-35.1
  • rubygem-activerecord-2_3-doc >= 2.3.17-35.1
  • rubygem-activerecord-2_3-testsuite >= 2.3.17-35.1
  • rubygem-activesupport-2_3 >= 2.3.17-32.1
  • rubygem-activesupport-2_3-doc >= 2.3.17-32.1
Patchnames:
2013-65
2013-66