SUSE Security Update: Security update for rubygem-actionpack
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:1015-1
Rating:             important
References:         #765097 #766791 
Cross-References:   CVE-2012-2660 CVE-2012-2694
Affected Products:
                    WebYaST [Appliance - Tools]
                    WebYaST 1.2
                    SUSE Studio Standard Edition 1.2
                    SUSE Studio Onsite 1.2
                    SUSE Studio Extension for System z 1.2
                    SUSE Linux Enterprise Software Development Kit 11 SP1
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.
   It includes one version update.

Description:


   This update to rubygem-actionpack fixes two unsafe query
   generations with  "IS NULL" in the WHERE clause.
   (CVE-2012-2660
    ,  CVE-2012-2694
     )

Indications:

   Everyone using rubygem-actionpack should update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - WebYaST [Appliance - Tools]:

      zypper in -t patch slewystsp1-rubygem-actionpack-2_3-6619

   - WebYaST 1.2:

      zypper in -t patch slewyst12-rubygem-actionpack-2_3-6665

   - SUSE Studio Standard Edition 1.2:

      zypper in -t patch sleslms12-rubygem-actionpack-2_3-6665

   - SUSE Studio Onsite 1.2:

      zypper in -t patch slestso12-rubygem-actionpack-2_3-6665

   - SUSE Studio Extension for System z 1.2:

      zypper in -t patch slestso12-rubygem-actionpack-2_3-6665

   - SUSE Linux Enterprise Software Development Kit 11 SP1:

      zypper in -t patch sdksp1-rubygem-actionpack-2_3-6619

   To bring your system up-to-date, use "zypper patch".


Package List:

   - WebYaST [Appliance - Tools] (i586 ia64 ppc64 s390x x86_64) [New Version: 2.3.14]:

      rubygem-actionpack-2_3-2.3.14-0.7.6.1

   - WebYaST 1.2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.3.14]:

      rubygem-actionpack-2_3-2.3.14-0.7.6.1

   - SUSE Studio Standard Edition 1.2 (x86_64) [New Version: 2.3.14]:

      rubygem-actionpack-2_3-2.3.14-0.7.6.1

   - SUSE Studio Onsite 1.2 (x86_64) [New Version: 2.3.14]:

      rubygem-actionpack-2_3-2.3.14-0.7.6.1

   - SUSE Studio Extension for System z 1.2 (s390x) [New Version: 2.3.14]:

      rubygem-actionpack-2_3-2.3.14-0.7.6.1

   - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.3.14]:

      rubygem-actionpack-2_3-2.3.14-0.7.6.1


References:

   https://www.suse.com/security/cve/CVE-2012-2660.html
   https://www.suse.com/security/cve/CVE-2012-2694.html
   https://bugzilla.novell.com/765097
   https://bugzilla.novell.com/766791
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login

SuSE: 2012:1015-1: important: rubygem-actionpack

August 21, 2012
An update that fixes two vulnerabilities is now available

Summary

This update to rubygem-actionpack fixes two unsafe query generations with "IS NULL" in the WHERE clause. (CVE-2012-2660 , CVE-2012-2694 ) Indications: Everyone using rubygem-actionpack should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST [Appliance - Tools]: zypper in -t patch slewystsp1-rubygem-actionpack-2_3-6619 - WebYaST 1.2: zypper in -t patch slewyst12-rubygem-actionpack-2_3-6665 - SUSE Studio Standard Edition 1.2: zypper in -t patch sleslms12-rubygem-actionpack-2_3-6665 - SUSE Studio Onsite 1.2: zypper in -t patch slestso12-rubygem-actionpack-2_3-6665 - SUSE Studio Extension for System z 1.2: zypper in -t patch slestso12-rubygem-actionpack-2_3-6665 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-rubygem-actionpack-2_3-6619 ...

Read the Full Advisory

References

#765097 #766791

Cross- CVE-2012-2660 CVE-2012-2694

Affected Products:

WebYaST [Appliance - Tools]

WebYaST 1.2

SUSE Studio Standard Edition 1.2

SUSE Studio Onsite 1.2

SUSE Studio Extension for System z 1.2

SUSE Linux Enterprise Software Development Kit 11 SP1

https://www.suse.com/security/cve/CVE-2012-2660.html

https://www.suse.com/security/cve/CVE-2012-2694.html

https://bugzilla.novell.com/765097

https://bugzilla.novell.com/766791

https://login.microfocus.com/nidp/app/login

https://login.microfocus.com/nidp/app/login

Severity
Announcement ID: SUSE-SU-2012:1015-1
Rating: important

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved