Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-0752 (GCVE-0-2016-0752)
Vulnerability from cvelistv5
Published
2016-02-16 02:00
Modified
2025-07-30 01:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
References
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog
Date added: 2022-03-25
Due date: 2022-04-15
Required action: Apply updates per vendor instructions.
Used in ransomware: Unknown
Notes: https://nvd.nist.gov/vuln/detail/CVE-2016-0752
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:03.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40561",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40561/"
},
{
"name": "openSUSE-SU-2016:0372",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
},
{
"name": "openSUSE-SU-2016:0363",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"
},
{
"name": "[oss-security] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/25/13"
},
{
"name": "FEDORA-2016-97002ad37b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html"
},
{
"name": "SUSE-SU-2016:1146",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"name": "81801",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/81801"
},
{
"name": "1034816",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034816"
},
{
"name": "FEDORA-2016-fa0dec2360",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html"
},
{
"name": "[ruby-security-ann] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ"
},
{
"name": "DSA-3464",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3464"
},
{
"name": "RHSA-2016:0296",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2016-0752",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T13:26:36.145115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:46:40.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2022-03-25T00:00:00+00:00",
"value": "CVE-2016-0752 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-09T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "40561",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40561/"
},
{
"name": "openSUSE-SU-2016:0372",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
},
{
"name": "openSUSE-SU-2016:0363",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"
},
{
"name": "[oss-security] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/25/13"
},
{
"name": "FEDORA-2016-97002ad37b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html"
},
{
"name": "SUSE-SU-2016:1146",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"name": "81801",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/81801"
},
{
"name": "1034816",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034816"
},
{
"name": "FEDORA-2016-fa0dec2360",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html"
},
{
"name": "[ruby-security-ann] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ"
},
{
"name": "DSA-3464",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3464"
},
{
"name": "RHSA-2016:0296",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40561",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40561/"
},
{
"name": "openSUSE-SU-2016:0372",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
},
{
"name": "openSUSE-SU-2016:0363",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"
},
{
"name": "[oss-security] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/25/13"
},
{
"name": "FEDORA-2016-97002ad37b",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html"
},
{
"name": "SUSE-SU-2016:1146",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"name": "81801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/81801"
},
{
"name": "1034816",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034816"
},
{
"name": "FEDORA-2016-fa0dec2360",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html"
},
{
"name": "[ruby-security-ann] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ"
},
{
"name": "DSA-3464",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3464"
},
{
"name": "RHSA-2016:0296",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-0752",
"datePublished": "2016-02-16T02:00:00.000Z",
"dateReserved": "2015-12-16T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:46:40.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2016-0752",
"cwes": "[\"CWE-22\"]",
"dateAdded": "2022-03-25",
"dueDate": "2022-04-15",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752",
"product": "Ruby on Rails",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.",
"vendorProject": "Rails",
"vulnerabilityName": "Ruby on Rails Directory Traversal Vulnerability"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-0752\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2016-02-16T02:59:06.783\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de salto de directorio en Action View en Ruby on Rails en versiones anteriores a 3.2.22.1, 4.0.x y 4.1.x en versiones anteriores a 4.1.14.1, 4.2.x en versiones anteriores a 4.2.5.1 y 5.x en versiones anteriores a 5.0.0.beta1.1 permite a atacantes remotos leer archivos arbitrarios aprovechando el uso no restringido del m\u00e9todo render en una aplicaci\u00f3n y proporcionando un .. (punto punto) en un nombre de ruta.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false}]},\"cisaExploitAdd\":\"2022-03-25\",\"cisaActionDue\":\"2022-04-15\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Ruby on Rails Directory Traversal Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.2.22.1\",\"matchCriteriaId\":\"E62190CB-5109-46AA-B58C-B3A11667A0AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndExcluding\":\"4.1.14.1\",\"matchCriteriaId\":\"65BD90F9-5A0C-4A1F-AB48-30FC68A3329F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.2.0\",\"versionEndExcluding\":\"4.2.5.1\",\"matchCriteriaId\":\"B405A97A-7C41-4005-8E72-56F632D72B9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF8F94CF-D504-4165-A69E-3F1198CB162A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4863BE36-D16A-4D75-90D9-FD76DB5B48B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03117DF1-3BEC-4B8D-AD63-DBBDB2126081\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_module_for_containers:12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9772014-5321-4AB8-9525-A94797C993B2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D7EE4B6-A6EC-4B9B-91DF-79615796673F\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-0296.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3464\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/01/25/13\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Mailing List\"]},{\"url\":\"http://www.securityfocus.com/bid/81801\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1034816\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.exploit-db.com/exploits/40561/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-0296.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3464\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/01/25/13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\"]},{\"url\":\"http://www.securityfocus.com/bid/81801\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1034816\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.exploit-db.com/exploits/40561/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.exploit-db.com/exploits/40561/\", \"name\": \"40561\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html\", \"name\": \"openSUSE-SU-2016:0372\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html\", \"name\": \"openSUSE-SU-2016:0363\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2016/01/25/13\", \"name\": \"[oss-security] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html\", \"name\": \"FEDORA-2016-97002ad37b\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html\", \"name\": \"SUSE-SU-2016:1146\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/81801\", \"name\": \"81801\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1034816\", \"name\": \"1034816\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html\", \"name\": \"FEDORA-2016-fa0dec2360\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ\", \"name\": \"[ruby-security-ann] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://www.debian.org/security/2016/dsa-3464\", \"name\": \"DSA-3464\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-0296.html\", \"name\": \"RHSA-2016:0296\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T22:30:03.939Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2016-0752\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-07T13:26:36.145115Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-03-25\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-0752\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-07T13:24:34.486Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2016-01-25T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.exploit-db.com/exploits/40561/\", \"name\": \"40561\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html\", \"name\": \"openSUSE-SU-2016:0372\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html\", \"name\": \"openSUSE-SU-2016:0363\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2016/01/25/13\", \"name\": \"[oss-security] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html\", \"name\": \"FEDORA-2016-97002ad37b\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html\", \"name\": \"SUSE-SU-2016:1146\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://www.securityfocus.com/bid/81801\", \"name\": \"81801\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://www.securitytracker.com/id/1034816\", \"name\": \"1034816\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html\", \"name\": \"FEDORA-2016-fa0dec2360\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ\", \"name\": \"[ruby-security-ann] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://www.debian.org/security/2016/dsa-3464\", \"name\": \"DSA-3464\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-0296.html\", \"name\": \"RHSA-2016:0296\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2017-09-09T09:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://www.exploit-db.com/exploits/40561/\", \"name\": \"40561\", \"refsource\": \"EXPLOIT-DB\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html\", \"name\": \"openSUSE-SU-2016:0372\", \"refsource\": \"SUSE\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html\", \"name\": \"openSUSE-SU-2016:0363\", \"refsource\": \"SUSE\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2016/01/25/13\", \"name\": \"[oss-security] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View\", \"refsource\": \"MLIST\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html\", \"name\": \"FEDORA-2016-97002ad37b\", \"refsource\": \"FEDORA\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html\", \"name\": \"SUSE-SU-2016:1146\", \"refsource\": \"SUSE\"}, {\"url\": \"http://www.securityfocus.com/bid/81801\", \"name\": \"81801\", \"refsource\": \"BID\"}, {\"url\": \"http://www.securitytracker.com/id/1034816\", \"name\": \"1034816\", \"refsource\": \"SECTRACK\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html\", \"name\": \"FEDORA-2016-fa0dec2360\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ\", \"name\": \"[ruby-security-ann] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View\", \"refsource\": \"MLIST\"}, {\"url\": \"http://www.debian.org/security/2016/dsa-3464\", \"name\": \"DSA-3464\", \"refsource\": \"DEBIAN\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-0296.html\", \"name\": \"RHSA-2016:0296\", \"refsource\": \"REDHAT\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2016-0752\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secalert@redhat.com\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2016-0752\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-07T13:26:44.098Z\", \"dateReserved\": \"2015-12-16T00:00:00.000Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2016-02-16T02:00:00.000Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
suse-su-2016:0599-1
Vulnerability from csaf_suse
Published
2016-02-26 15:08
Modified
2016-02-26 15:08
Summary
Security update for rubygem-actionview-4_1
Notes
Title of the patch
Security update for rubygem-actionview-4_1
Description of the patch
This update for rubygem-actionview-4_1 fixes the following issues:
- CVE-2016-0752: directory traversal and information leak in Action View (bsc#963332)
Patchnames
sleclo50sp3-rubygem-actionview-4_1-12421
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rubygem-actionview-4_1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for rubygem-actionview-4_1 fixes the following issues:\n\n- CVE-2016-0752: directory traversal and information leak in Action View (bsc#963332)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleclo50sp3-rubygem-actionview-4_1-12421",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_0599-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:0599-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160599-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:0599-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-February/001898.html"
},
{
"category": "self",
"summary": "SUSE Bug 963332",
"url": "https://bugzilla.suse.com/963332"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0752 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0752/"
}
],
"title": "Security update for rubygem-actionview-4_1",
"tracking": {
"current_release_date": "2016-02-26T15:08:28Z",
"generator": {
"date": "2016-02-26T15:08:28Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:0599-1",
"initial_release_date": "2016-02-26T15:08:28Z",
"revision_history": [
{
"date": "2016-02-26T15:08:28Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.1-rubygem-actionview-4_1-4.1.9-9.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-actionview-4_1-4.1.9-9.1.x86_64",
"product_id": "ruby2.1-rubygem-actionview-4_1-4.1.9-9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 5",
"product": {
"name": "SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:cloud:5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionview-4_1-4.1.9-9.1.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionview-4_1-4.1.9-9.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-actionview-4_1-4.1.9-9.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-0752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0752"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionview-4_1-4.1.9-9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0752",
"url": "https://www.suse.com/security/cve/CVE-2016-0752"
},
{
"category": "external",
"summary": "SUSE Bug 963332 for CVE-2016-0752",
"url": "https://bugzilla.suse.com/963332"
},
{
"category": "external",
"summary": "SUSE Bug 963608 for CVE-2016-0752",
"url": "https://bugzilla.suse.com/963608"
},
{
"category": "external",
"summary": "SUSE Bug 968850 for CVE-2016-0752",
"url": "https://bugzilla.suse.com/968850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionview-4_1-4.1.9-9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionview-4_1-4.1.9-9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-02-26T15:08:28Z",
"details": "low"
}
],
"title": "CVE-2016-0752"
}
]
}
suse-su-2016:0618-1
Vulnerability from csaf_suse
Published
2016-03-01 13:50
Modified
2016-03-01 13:50
Summary
Security update for rubygem-actionpack-3_2
Notes
Title of the patch
Security update for rubygem-actionpack-3_2
Description of the patch
This update for rubygem-actionpack-3_2 fixes the following issues:
- CVE-2016-0751: Object Leak DoS (bsc#963331)
- CVE-2016-0752: Directory traversal and information leak in Action View (bsc#963332)
- CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller (bsc#963329)
Patchnames
sdksp4-rubygem-actionpack-3_2-12431,sleslms13-rubygem-actionpack-3_2-12431,slestso13-rubygem-actionpack-3_2-12431,slewyst13-rubygem-actionpack-3_2-12431
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rubygem-actionpack-3_2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for rubygem-actionpack-3_2 fixes the following issues:\n\n- CVE-2016-0751: Object Leak DoS (bsc#963331)\n- CVE-2016-0752: Directory traversal and information leak in Action View (bsc#963332)\n- CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller (bsc#963329)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp4-rubygem-actionpack-3_2-12431,sleslms13-rubygem-actionpack-3_2-12431,slestso13-rubygem-actionpack-3_2-12431,slewyst13-rubygem-actionpack-3_2-12431",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_0618-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:0618-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160618-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:0618-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-March/001901.html"
},
{
"category": "self",
"summary": "SUSE Bug 963329",
"url": "https://bugzilla.suse.com/963329"
},
{
"category": "self",
"summary": "SUSE Bug 963331",
"url": "https://bugzilla.suse.com/963331"
},
{
"category": "self",
"summary": "SUSE Bug 963332",
"url": "https://bugzilla.suse.com/963332"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7576 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7576/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0751 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0752 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0752/"
}
],
"title": "Security update for rubygem-actionpack-3_2",
"tracking": {
"current_release_date": "2016-03-01T13:50:54Z",
"generator": {
"date": "2016-03-01T13:50:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:0618-1",
"initial_release_date": "2016-03-01T13:50:54Z",
"revision_history": [
{
"date": "2016-03-01T13:50:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rubygem-actionpack-3_2-3.2.12-0.23.1.i586",
"product": {
"name": "rubygem-actionpack-3_2-3.2.12-0.23.1.i586",
"product_id": "rubygem-actionpack-3_2-3.2.12-0.23.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-actionpack-3_2-3.2.12-0.23.1.ia64",
"product": {
"name": "rubygem-actionpack-3_2-3.2.12-0.23.1.ia64",
"product_id": "rubygem-actionpack-3_2-3.2.12-0.23.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64",
"product": {
"name": "rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64",
"product_id": "rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-actionpack-3_2-3.2.12-0.23.1.s390x",
"product": {
"name": "rubygem-actionpack-3_2-3.2.12-0.23.1.s390x",
"product_id": "rubygem-actionpack-3_2-3.2.12-0.23.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"product": {
"name": "rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"product_id": "rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Lifecycle Management Server 1.3",
"product": {
"name": "SUSE Lifecycle Management Server 1.3",
"product_id": "SUSE Lifecycle Management Server 1.3",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-slms:1.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Studio Onsite 1.3",
"product": {
"name": "SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-studioonsite:1.3"
}
}
},
{
"category": "product_name",
"name": "SUSE WebYast 1.3",
"product": {
"name": "SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:webyast:1.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-3_2-3.2.12-0.23.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.i586"
},
"product_reference": "rubygem-actionpack-3_2-3.2.12-0.23.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-3_2-3.2.12-0.23.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.ia64"
},
"product_reference": "rubygem-actionpack-3_2-3.2.12-0.23.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64"
},
"product_reference": "rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-3_2-3.2.12-0.23.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.s390x"
},
"product_reference": "rubygem-actionpack-3_2-3.2.12-0.23.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64"
},
"product_reference": "rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64 as component of SUSE Lifecycle Management Server 1.3",
"product_id": "SUSE Lifecycle Management Server 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64"
},
"product_reference": "rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"relates_to_product_reference": "SUSE Lifecycle Management Server 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64"
},
"product_reference": "rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-3_2-3.2.12-0.23.1.i586 as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.i586"
},
"product_reference": "rubygem-actionpack-3_2-3.2.12-0.23.1.i586",
"relates_to_product_reference": "SUSE WebYast 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-3_2-3.2.12-0.23.1.ia64 as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.ia64"
},
"product_reference": "rubygem-actionpack-3_2-3.2.12-0.23.1.ia64",
"relates_to_product_reference": "SUSE WebYast 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64 as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64"
},
"product_reference": "rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64",
"relates_to_product_reference": "SUSE WebYast 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-3_2-3.2.12-0.23.1.s390x as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.s390x"
},
"product_reference": "rubygem-actionpack-3_2-3.2.12-0.23.1.s390x",
"relates_to_product_reference": "SUSE WebYast 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64 as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64"
},
"product_reference": "rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"relates_to_product_reference": "SUSE WebYast 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-7576",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7576"
}
],
"notes": [
{
"category": "general",
"text": "The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Lifecycle Management Server 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE Studio Onsite 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.i586",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.ia64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.s390x",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7576",
"url": "https://www.suse.com/security/cve/CVE-2015-7576"
},
{
"category": "external",
"summary": "SUSE Bug 963329 for CVE-2015-7576",
"url": "https://bugzilla.suse.com/963329"
},
{
"category": "external",
"summary": "SUSE Bug 963563 for CVE-2015-7576",
"url": "https://bugzilla.suse.com/963563"
},
{
"category": "external",
"summary": "SUSE Bug 970715 for CVE-2015-7576",
"url": "https://bugzilla.suse.com/970715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Lifecycle Management Server 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE Studio Onsite 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.i586",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.ia64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.s390x",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Lifecycle Management Server 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE Studio Onsite 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.i586",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.ia64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.s390x",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-01T13:50:54Z",
"details": "low"
}
],
"title": "CVE-2015-7576"
},
{
"cve": "CVE-2016-0751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0751"
}
],
"notes": [
{
"category": "general",
"text": "actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Lifecycle Management Server 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE Studio Onsite 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.i586",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.ia64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.s390x",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0751",
"url": "https://www.suse.com/security/cve/CVE-2016-0751"
},
{
"category": "external",
"summary": "SUSE Bug 963331 for CVE-2016-0751",
"url": "https://bugzilla.suse.com/963331"
},
{
"category": "external",
"summary": "SUSE Bug 963627 for CVE-2016-0751",
"url": "https://bugzilla.suse.com/963627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Lifecycle Management Server 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE Studio Onsite 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.i586",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.ia64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.s390x",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Lifecycle Management Server 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE Studio Onsite 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.i586",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.ia64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.s390x",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-01T13:50:54Z",
"details": "low"
}
],
"title": "CVE-2016-0751"
},
{
"cve": "CVE-2016-0752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0752"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Lifecycle Management Server 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE Studio Onsite 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.i586",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.ia64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.s390x",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0752",
"url": "https://www.suse.com/security/cve/CVE-2016-0752"
},
{
"category": "external",
"summary": "SUSE Bug 963332 for CVE-2016-0752",
"url": "https://bugzilla.suse.com/963332"
},
{
"category": "external",
"summary": "SUSE Bug 963608 for CVE-2016-0752",
"url": "https://bugzilla.suse.com/963608"
},
{
"category": "external",
"summary": "SUSE Bug 968850 for CVE-2016-0752",
"url": "https://bugzilla.suse.com/968850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Lifecycle Management Server 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE Studio Onsite 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.i586",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.ia64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.s390x",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Lifecycle Management Server 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE Studio Onsite 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.i586",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.ia64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.ppc64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.s390x",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-01T13:50:54Z",
"details": "low"
}
],
"title": "CVE-2016-0752"
}
]
}
suse-su-2016:1146-1
Vulnerability from csaf_suse
Published
2016-04-25 14:28
Modified
2016-04-25 14:28
Summary
Security update for portus
Notes
Title of the patch
Security update for portus
Description of the patch
Portus was updated to version 2.0.3, which brings several fixes and enhancements:
- Fixed crono job when a repository could not be found.
- Fixed compatibility issues with Docker 1.10 and Distribution 2.3.
- Handle multiple scopes in token requests.
- Add optional fields to token response.
- Fixed notification events for Distribution v2.3.
- Paginate through the catalog properly.
- Do not remove all the repositories if fetching one fails.
- Fixed SMTP setup.
- Don't let crono overflow the 'log' column on the DB.
- Show the actual LDAP error on invalid login.
- Fixed the location of crono logs.
- Always use relative paths.
- Set RUBYLIB when using portusctl.
- Don't count hidden teams on the admin panel.
- Warn developers on unsupported docker-compose versions.
- Directly invalidate LDAP logins without name and password.
- Don't show the 'I forgot my password' link on LDAP.
The following Rubygems bundled within Portus have been updated to fix security
issues:
- CVE-2016-2098: rubygem-actionpack (bsc#969943).
- CVE-2015-7578: rails-html-sanitizer (bsc#963326).
- CVE-2015-7579: rails-html-sanitizer (bsc#963327).
- CVE-2015-7580: rails-html-sanitizer (bsc#963328).
- CVE-2015-7576: rubygem-actionpack, rubygem-activesupport (bsc#963563).
- CVE-2015-7577: rubygem-activerecord (bsc#963604).
- CVE-2016-0751: rugygem-actionpack (bsc#963627).
- CVE-2016-0752: rubygem-actionpack, rubygem-actionview (bsc#963608).
- CVE-2016-0753: rubygem-activemodel, rubygem-activesupport, rubygem-activerecord (bsc#963617).
- CVE-2015-7581: rubygem-actionpack (bsc#963625).
Patchnames
SUSE-SLE-Module-Containers-12-2016-672
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for portus",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nPortus was updated to version 2.0.3, which brings several fixes and enhancements:\n\n- Fixed crono job when a repository could not be found.\n- Fixed compatibility issues with Docker 1.10 and Distribution 2.3.\n- Handle multiple scopes in token requests.\n- Add optional fields to token response.\n- Fixed notification events for Distribution v2.3.\n- Paginate through the catalog properly.\n- Do not remove all the repositories if fetching one fails.\n- Fixed SMTP setup.\n- Don\u0027t let crono overflow the \u0027log\u0027 column on the DB.\n- Show the actual LDAP error on invalid login.\n- Fixed the location of crono logs.\n- Always use relative paths.\n- Set RUBYLIB when using portusctl.\n- Don\u0027t count hidden teams on the admin panel.\n- Warn developers on unsupported docker-compose versions.\n- Directly invalidate LDAP logins without name and password.\n- Don\u0027t show the \u0027I forgot my password\u0027 link on LDAP.\n\nThe following Rubygems bundled within Portus have been updated to fix security\nissues:\n\n- CVE-2016-2098: rubygem-actionpack (bsc#969943).\n- CVE-2015-7578: rails-html-sanitizer (bsc#963326).\n- CVE-2015-7579: rails-html-sanitizer (bsc#963327).\n- CVE-2015-7580: rails-html-sanitizer (bsc#963328).\n- CVE-2015-7576: rubygem-actionpack, rubygem-activesupport (bsc#963563).\n- CVE-2015-7577: rubygem-activerecord (bsc#963604).\n- CVE-2016-0751: rugygem-actionpack (bsc#963627).\n- CVE-2016-0752: rubygem-actionpack, rubygem-actionview (bsc#963608).\n- CVE-2016-0753: rubygem-activemodel, rubygem-activesupport, rubygem-activerecord (bsc#963617).\n- CVE-2015-7581: rubygem-actionpack (bsc#963625).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Module-Containers-12-2016-672",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1146-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:1146-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20161146-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:1146-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-April/002027.html"
},
{
"category": "self",
"summary": "SUSE Bug 963326",
"url": "https://bugzilla.suse.com/963326"
},
{
"category": "self",
"summary": "SUSE Bug 963327",
"url": "https://bugzilla.suse.com/963327"
},
{
"category": "self",
"summary": "SUSE Bug 963328",
"url": "https://bugzilla.suse.com/963328"
},
{
"category": "self",
"summary": "SUSE Bug 963563",
"url": "https://bugzilla.suse.com/963563"
},
{
"category": "self",
"summary": "SUSE Bug 963604",
"url": "https://bugzilla.suse.com/963604"
},
{
"category": "self",
"summary": "SUSE Bug 963608",
"url": "https://bugzilla.suse.com/963608"
},
{
"category": "self",
"summary": "SUSE Bug 963617",
"url": "https://bugzilla.suse.com/963617"
},
{
"category": "self",
"summary": "SUSE Bug 963625",
"url": "https://bugzilla.suse.com/963625"
},
{
"category": "self",
"summary": "SUSE Bug 963627",
"url": "https://bugzilla.suse.com/963627"
},
{
"category": "self",
"summary": "SUSE Bug 969943",
"url": "https://bugzilla.suse.com/969943"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7576 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7576/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7577 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7578 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7579 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7580 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7581 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0751 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0752 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0753 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2098 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2098/"
}
],
"title": "Security update for portus",
"tracking": {
"current_release_date": "2016-04-25T14:28:51Z",
"generator": {
"date": "2016-04-25T14:28:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:1146-1",
"initial_release_date": "2016-04-25T14:28:51Z",
"revision_history": [
{
"date": "2016-04-25T14:28:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "portus-2.0.3-2.4.x86_64",
"product": {
"name": "portus-2.0.3-2.4.x86_64",
"product_id": "portus-2.0.3-2.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 12",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "portus-2.0.3-2.4.x86_64 as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
},
"product_reference": "portus-2.0.3-2.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-7576",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7576"
}
],
"notes": [
{
"category": "general",
"text": "The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7576",
"url": "https://www.suse.com/security/cve/CVE-2015-7576"
},
{
"category": "external",
"summary": "SUSE Bug 963329 for CVE-2015-7576",
"url": "https://bugzilla.suse.com/963329"
},
{
"category": "external",
"summary": "SUSE Bug 963563 for CVE-2015-7576",
"url": "https://bugzilla.suse.com/963563"
},
{
"category": "external",
"summary": "SUSE Bug 970715 for CVE-2015-7576",
"url": "https://bugzilla.suse.com/970715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-04-25T14:28:51Z",
"details": "low"
}
],
"title": "CVE-2015-7576"
},
{
"cve": "CVE-2015-7577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7577"
}
],
"notes": [
{
"category": "general",
"text": "activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7577",
"url": "https://www.suse.com/security/cve/CVE-2015-7577"
},
{
"category": "external",
"summary": "SUSE Bug 963330 for CVE-2015-7577",
"url": "https://bugzilla.suse.com/963330"
},
{
"category": "external",
"summary": "SUSE Bug 963604 for CVE-2015-7577",
"url": "https://bugzilla.suse.com/963604"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-04-25T14:28:51Z",
"details": "low"
}
],
"title": "CVE-2015-7577"
},
{
"cve": "CVE-2015-7578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7578"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7578",
"url": "https://www.suse.com/security/cve/CVE-2015-7578"
},
{
"category": "external",
"summary": "SUSE Bug 963326 for CVE-2015-7578",
"url": "https://bugzilla.suse.com/963326"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-04-25T14:28:51Z",
"details": "moderate"
}
],
"title": "CVE-2015-7578"
},
{
"cve": "CVE-2015-7579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7579"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7579",
"url": "https://www.suse.com/security/cve/CVE-2015-7579"
},
{
"category": "external",
"summary": "SUSE Bug 963326 for CVE-2015-7579",
"url": "https://bugzilla.suse.com/963326"
},
{
"category": "external",
"summary": "SUSE Bug 963327 for CVE-2015-7579",
"url": "https://bugzilla.suse.com/963327"
},
{
"category": "external",
"summary": "SUSE Bug 963328 for CVE-2015-7579",
"url": "https://bugzilla.suse.com/963328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-04-25T14:28:51Z",
"details": "moderate"
}
],
"title": "CVE-2015-7579"
},
{
"cve": "CVE-2015-7580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7580"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7580",
"url": "https://www.suse.com/security/cve/CVE-2015-7580"
},
{
"category": "external",
"summary": "SUSE Bug 963326 for CVE-2015-7580",
"url": "https://bugzilla.suse.com/963326"
},
{
"category": "external",
"summary": "SUSE Bug 963327 for CVE-2015-7580",
"url": "https://bugzilla.suse.com/963327"
},
{
"category": "external",
"summary": "SUSE Bug 963328 for CVE-2015-7580",
"url": "https://bugzilla.suse.com/963328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-04-25T14:28:51Z",
"details": "moderate"
}
],
"title": "CVE-2015-7580"
},
{
"cve": "CVE-2015-7581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7581"
}
],
"notes": [
{
"category": "general",
"text": "actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application\u0027s use of a wildcard controller route.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7581",
"url": "https://www.suse.com/security/cve/CVE-2015-7581"
},
{
"category": "external",
"summary": "SUSE Bug 963335 for CVE-2015-7581",
"url": "https://bugzilla.suse.com/963335"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-04-25T14:28:51Z",
"details": "low"
}
],
"title": "CVE-2015-7581"
},
{
"cve": "CVE-2016-0751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0751"
}
],
"notes": [
{
"category": "general",
"text": "actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0751",
"url": "https://www.suse.com/security/cve/CVE-2016-0751"
},
{
"category": "external",
"summary": "SUSE Bug 963331 for CVE-2016-0751",
"url": "https://bugzilla.suse.com/963331"
},
{
"category": "external",
"summary": "SUSE Bug 963627 for CVE-2016-0751",
"url": "https://bugzilla.suse.com/963627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-04-25T14:28:51Z",
"details": "low"
}
],
"title": "CVE-2016-0751"
},
{
"cve": "CVE-2016-0752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0752"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0752",
"url": "https://www.suse.com/security/cve/CVE-2016-0752"
},
{
"category": "external",
"summary": "SUSE Bug 963332 for CVE-2016-0752",
"url": "https://bugzilla.suse.com/963332"
},
{
"category": "external",
"summary": "SUSE Bug 963608 for CVE-2016-0752",
"url": "https://bugzilla.suse.com/963608"
},
{
"category": "external",
"summary": "SUSE Bug 968850 for CVE-2016-0752",
"url": "https://bugzilla.suse.com/968850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-04-25T14:28:51Z",
"details": "low"
}
],
"title": "CVE-2016-0752"
},
{
"cve": "CVE-2016-0753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0753"
}
],
"notes": [
{
"category": "general",
"text": "Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0753",
"url": "https://www.suse.com/security/cve/CVE-2016-0753"
},
{
"category": "external",
"summary": "SUSE Bug 963334 for CVE-2016-0753",
"url": "https://bugzilla.suse.com/963334"
},
{
"category": "external",
"summary": "SUSE Bug 963617 for CVE-2016-0753",
"url": "https://bugzilla.suse.com/963617"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-04-25T14:28:51Z",
"details": "low"
}
],
"title": "CVE-2016-0753"
},
{
"cve": "CVE-2016-2098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2098"
}
],
"notes": [
{
"category": "general",
"text": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application\u0027s unrestricted use of the render method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2098",
"url": "https://www.suse.com/security/cve/CVE-2016-2098"
},
{
"category": "external",
"summary": "SUSE Bug 968849 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/968849"
},
{
"category": "external",
"summary": "SUSE Bug 969943 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/969943"
},
{
"category": "external",
"summary": "SUSE Bug 993313 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/993313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-04-25T14:28:51Z",
"details": "important"
}
],
"title": "CVE-2016-2098"
}
]
}
suse-su-2016:0457-1
Vulnerability from csaf_suse
Published
2016-02-15 13:25
Modified
2016-02-15 13:25
Summary
Security update for rubygem-actionpack-4_2
Notes
Title of the patch
Security update for rubygem-actionpack-4_2
Description of the patch
This update for rubygem-actionpack-4_2 fixes the following issues:
- CVE-2016-0751: Object Leak DoS (bsc#963331)
- CVE-2015-7581: unbounded memory growth DoS via wildcard controller routes (bsc#963335)
- CVE-2016-0752: directory traversal and information leak in Action View (bsc#963332)
- CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller (bsc#963329)
Patchnames
SUSE-Storage-2.1-2016-262
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rubygem-actionpack-4_2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for rubygem-actionpack-4_2 fixes the following issues:\n\n- CVE-2016-0751: Object Leak DoS (bsc#963331)\n- CVE-2015-7581: unbounded memory growth DoS via wildcard controller routes (bsc#963335) \n- CVE-2016-0752: directory traversal and information leak in Action View (bsc#963332) \n- CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller (bsc#963329)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-Storage-2.1-2016-262",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_0457-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:0457-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160457-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:0457-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-February/001879.html"
},
{
"category": "self",
"summary": "SUSE Bug 963329",
"url": "https://bugzilla.suse.com/963329"
},
{
"category": "self",
"summary": "SUSE Bug 963331",
"url": "https://bugzilla.suse.com/963331"
},
{
"category": "self",
"summary": "SUSE Bug 963332",
"url": "https://bugzilla.suse.com/963332"
},
{
"category": "self",
"summary": "SUSE Bug 963335",
"url": "https://bugzilla.suse.com/963335"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7576 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7576/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7581 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0751 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0752 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0752/"
}
],
"title": "Security update for rubygem-actionpack-4_2",
"tracking": {
"current_release_date": "2016-02-15T13:25:35Z",
"generator": {
"date": "2016-02-15T13:25:35Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:0457-1",
"initial_release_date": "2016-02-15T13:25:35Z",
"revision_history": [
{
"date": "2016-02-15T13:25:35Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1.x86_64",
"product_id": "ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Enterprise Storage 2.1",
"product": {
"name": "SUSE Enterprise Storage 2.1",
"product_id": "SUSE Enterprise Storage 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:2.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1.x86_64 as component of SUSE Enterprise Storage 2.1",
"product_id": "SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 2.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-7576",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7576"
}
],
"notes": [
{
"category": "general",
"text": "The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7576",
"url": "https://www.suse.com/security/cve/CVE-2015-7576"
},
{
"category": "external",
"summary": "SUSE Bug 963329 for CVE-2015-7576",
"url": "https://bugzilla.suse.com/963329"
},
{
"category": "external",
"summary": "SUSE Bug 963563 for CVE-2015-7576",
"url": "https://bugzilla.suse.com/963563"
},
{
"category": "external",
"summary": "SUSE Bug 970715 for CVE-2015-7576",
"url": "https://bugzilla.suse.com/970715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-02-15T13:25:35Z",
"details": "low"
}
],
"title": "CVE-2015-7576"
},
{
"cve": "CVE-2015-7581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7581"
}
],
"notes": [
{
"category": "general",
"text": "actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application\u0027s use of a wildcard controller route.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7581",
"url": "https://www.suse.com/security/cve/CVE-2015-7581"
},
{
"category": "external",
"summary": "SUSE Bug 963335 for CVE-2015-7581",
"url": "https://bugzilla.suse.com/963335"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-02-15T13:25:35Z",
"details": "low"
}
],
"title": "CVE-2015-7581"
},
{
"cve": "CVE-2016-0751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0751"
}
],
"notes": [
{
"category": "general",
"text": "actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0751",
"url": "https://www.suse.com/security/cve/CVE-2016-0751"
},
{
"category": "external",
"summary": "SUSE Bug 963331 for CVE-2016-0751",
"url": "https://bugzilla.suse.com/963331"
},
{
"category": "external",
"summary": "SUSE Bug 963627 for CVE-2016-0751",
"url": "https://bugzilla.suse.com/963627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-02-15T13:25:35Z",
"details": "low"
}
],
"title": "CVE-2016-0751"
},
{
"cve": "CVE-2016-0752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0752"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0752",
"url": "https://www.suse.com/security/cve/CVE-2016-0752"
},
{
"category": "external",
"summary": "SUSE Bug 963332 for CVE-2016-0752",
"url": "https://bugzilla.suse.com/963332"
},
{
"category": "external",
"summary": "SUSE Bug 963608 for CVE-2016-0752",
"url": "https://bugzilla.suse.com/963608"
},
{
"category": "external",
"summary": "SUSE Bug 968850 for CVE-2016-0752",
"url": "https://bugzilla.suse.com/968850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-02-15T13:25:35Z",
"details": "low"
}
],
"title": "CVE-2016-0752"
}
]
}
suse-su-2016:0858-1
Vulnerability from csaf_suse
Published
2016-03-22 16:21
Modified
2016-03-22 16:21
Summary
Security update for rubygem-actionpack-4_1
Notes
Title of the patch
Security update for rubygem-actionpack-4_1
Description of the patch
This update for rubygem-actionpack-4_1 fixes the following issues:
- CVE-2016-0751: Object Leak DoS (bsc#963331)
- CVE-2015-7581: unbounded memory growth DoS via wildcard controller routes (bsc#963335)
- CVE-2016-0752: directory traversal and information leak in Action View (bsc#963332)
- CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller (bsc#963329)
Patchnames
sleclo50sp3-rubygem-actionpack-4_1-12468
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rubygem-actionpack-4_1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for rubygem-actionpack-4_1 fixes the following issues:\n\n- CVE-2016-0751: Object Leak DoS (bsc#963331)\n- CVE-2015-7581: unbounded memory growth DoS via wildcard controller routes (bsc#963335) \n- CVE-2016-0752: directory traversal and information leak in Action View (bsc#963332) \n- CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller (bsc#963329)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleclo50sp3-rubygem-actionpack-4_1-12468",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_0858-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:0858-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160858-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:0858-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-March/001964.html"
},
{
"category": "self",
"summary": "SUSE Bug 963329",
"url": "https://bugzilla.suse.com/963329"
},
{
"category": "self",
"summary": "SUSE Bug 963331",
"url": "https://bugzilla.suse.com/963331"
},
{
"category": "self",
"summary": "SUSE Bug 963332",
"url": "https://bugzilla.suse.com/963332"
},
{
"category": "self",
"summary": "SUSE Bug 963335",
"url": "https://bugzilla.suse.com/963335"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7576 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7576/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7581 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0751 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0752 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0752/"
}
],
"title": "Security update for rubygem-actionpack-4_1",
"tracking": {
"current_release_date": "2016-03-22T16:21:44Z",
"generator": {
"date": "2016-03-22T16:21:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:0858-1",
"initial_release_date": "2016-03-22T16:21:44Z",
"revision_history": [
{
"date": "2016-03-22T16:21:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.1-rubygem-actionpack-4_1-4.1.9-9.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-actionpack-4_1-4.1.9-9.1.x86_64",
"product_id": "ruby2.1-rubygem-actionpack-4_1-4.1.9-9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 5",
"product": {
"name": "SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:cloud:5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionpack-4_1-4.1.9-9.1.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionpack-4_1-4.1.9-9.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-actionpack-4_1-4.1.9-9.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-7576",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7576"
}
],
"notes": [
{
"category": "general",
"text": "The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionpack-4_1-4.1.9-9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7576",
"url": "https://www.suse.com/security/cve/CVE-2015-7576"
},
{
"category": "external",
"summary": "SUSE Bug 963329 for CVE-2015-7576",
"url": "https://bugzilla.suse.com/963329"
},
{
"category": "external",
"summary": "SUSE Bug 963563 for CVE-2015-7576",
"url": "https://bugzilla.suse.com/963563"
},
{
"category": "external",
"summary": "SUSE Bug 970715 for CVE-2015-7576",
"url": "https://bugzilla.suse.com/970715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionpack-4_1-4.1.9-9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionpack-4_1-4.1.9-9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-22T16:21:44Z",
"details": "low"
}
],
"title": "CVE-2015-7576"
},
{
"cve": "CVE-2015-7581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7581"
}
],
"notes": [
{
"category": "general",
"text": "actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application\u0027s use of a wildcard controller route.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionpack-4_1-4.1.9-9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7581",
"url": "https://www.suse.com/security/cve/CVE-2015-7581"
},
{
"category": "external",
"summary": "SUSE Bug 963335 for CVE-2015-7581",
"url": "https://bugzilla.suse.com/963335"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionpack-4_1-4.1.9-9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionpack-4_1-4.1.9-9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-22T16:21:44Z",
"details": "low"
}
],
"title": "CVE-2015-7581"
},
{
"cve": "CVE-2016-0751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0751"
}
],
"notes": [
{
"category": "general",
"text": "actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionpack-4_1-4.1.9-9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0751",
"url": "https://www.suse.com/security/cve/CVE-2016-0751"
},
{
"category": "external",
"summary": "SUSE Bug 963331 for CVE-2016-0751",
"url": "https://bugzilla.suse.com/963331"
},
{
"category": "external",
"summary": "SUSE Bug 963627 for CVE-2016-0751",
"url": "https://bugzilla.suse.com/963627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionpack-4_1-4.1.9-9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionpack-4_1-4.1.9-9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-22T16:21:44Z",
"details": "low"
}
],
"title": "CVE-2016-0751"
},
{
"cve": "CVE-2016-0752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0752"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionpack-4_1-4.1.9-9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0752",
"url": "https://www.suse.com/security/cve/CVE-2016-0752"
},
{
"category": "external",
"summary": "SUSE Bug 963332 for CVE-2016-0752",
"url": "https://bugzilla.suse.com/963332"
},
{
"category": "external",
"summary": "SUSE Bug 963608 for CVE-2016-0752",
"url": "https://bugzilla.suse.com/963608"
},
{
"category": "external",
"summary": "SUSE Bug 968850 for CVE-2016-0752",
"url": "https://bugzilla.suse.com/968850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionpack-4_1-4.1.9-9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionpack-4_1-4.1.9-9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-22T16:21:44Z",
"details": "low"
}
],
"title": "CVE-2016-0752"
}
]
}
suse-su-2016:0456-1
Vulnerability from csaf_suse
Published
2016-02-15 13:25
Modified
2016-02-15 13:25
Summary
Security update for rubygem-actionview-4_2
Notes
Title of the patch
Security update for rubygem-actionview-4_2
Description of the patch
This update for rubygem-actionview-4_2 fixes the following issues:
- CVE-2016-0752: directory traversal and information leak in Action View (bsc#963332)
Patchnames
SUSE-Storage-2.1-2016-260
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rubygem-actionview-4_2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for rubygem-actionview-4_2 fixes the following issues:\n\n- CVE-2016-0752: directory traversal and information leak in Action View (bsc#963332)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-Storage-2.1-2016-260",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_0456-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:0456-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160456-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:0456-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-February/001878.html"
},
{
"category": "self",
"summary": "SUSE Bug 963332",
"url": "https://bugzilla.suse.com/963332"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0752 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0752/"
}
],
"title": "Security update for rubygem-actionview-4_2",
"tracking": {
"current_release_date": "2016-02-15T13:25:24Z",
"generator": {
"date": "2016-02-15T13:25:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:0456-1",
"initial_release_date": "2016-02-15T13:25:24Z",
"revision_history": [
{
"date": "2016-02-15T13:25:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.1-rubygem-actionview-4_2-4.2.2-5.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-actionview-4_2-4.2.2-5.1.x86_64",
"product_id": "ruby2.1-rubygem-actionview-4_2-4.2.2-5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Enterprise Storage 2.1",
"product": {
"name": "SUSE Enterprise Storage 2.1",
"product_id": "SUSE Enterprise Storage 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:2.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionview-4_2-4.2.2-5.1.x86_64 as component of SUSE Enterprise Storage 2.1",
"product_id": "SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionview-4_2-4.2.2-5.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-actionview-4_2-4.2.2-5.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 2.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-0752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0752"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionview-4_2-4.2.2-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0752",
"url": "https://www.suse.com/security/cve/CVE-2016-0752"
},
{
"category": "external",
"summary": "SUSE Bug 963332 for CVE-2016-0752",
"url": "https://bugzilla.suse.com/963332"
},
{
"category": "external",
"summary": "SUSE Bug 963608 for CVE-2016-0752",
"url": "https://bugzilla.suse.com/963608"
},
{
"category": "external",
"summary": "SUSE Bug 968850 for CVE-2016-0752",
"url": "https://bugzilla.suse.com/968850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionview-4_2-4.2.2-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionview-4_2-4.2.2-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-02-15T13:25:24Z",
"details": "low"
}
],
"title": "CVE-2016-0752"
}
]
}
suse-su-2017:0475-1
Vulnerability from csaf_suse
Published
2017-02-16 00:19
Modified
2017-02-16 00:19
Summary
Security update for susestudio
Notes
Title of the patch
Security update for susestudio
Description of the patch
This update provides SUSE Studio Runner 1.3.14, which brings fixes for the following issues:
- bsc#968797: 11 SP3 appliance gets invalid distribution upgrade from SLMS.
- bsc#947225: Second build of appliance will not register to SLMS, wrong product name.
- bsc#983404: UEFI boot missing for SLE11 SP4.
- bsc#972406: Kiwi export config.sh script has /build-custom out of order.
- bsc#981095: Add user 'ldap' to default_users list for assigning owners for overlay files.
- bsc#972425: Runlevel 3 is being ignored in appliance configuration.
- bsc#983999: SLES 12 appliance build does not include gpg keys from base product.
- bsc#979110: SLES 12 will not build for EC2.
- bsc#929102: Plaintext Password Local Disclosure in rubygem-rest-client. (CVE-2015-3448)
- bsc#963741: Security fixes for Rails v3.2.22. (CVE-2015-7576, CVE-2015-7577, CVE-2016-0751,
CVE-2016-0752)
Patchnames
slestso13-susestudio-12990
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for susestudio",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update provides SUSE Studio Runner 1.3.14, which brings fixes for the following issues:\n\n- bsc#968797: 11 SP3 appliance gets invalid distribution upgrade from SLMS.\n- bsc#947225: Second build of appliance will not register to SLMS, wrong product name.\n- bsc#983404: UEFI boot missing for SLE11 SP4.\n- bsc#972406: Kiwi export config.sh script has /build-custom out of order.\n- bsc#981095: Add user \u0027ldap\u0027 to default_users list for assigning owners for overlay files.\n- bsc#972425: Runlevel 3 is being ignored in appliance configuration.\n- bsc#983999: SLES 12 appliance build does not include gpg keys from base product.\n- bsc#979110: SLES 12 will not build for EC2.\n- bsc#929102: Plaintext Password Local Disclosure in rubygem-rest-client. (CVE-2015-3448)\n- bsc#963741: Security fixes for Rails v3.2.22. (CVE-2015-7576, CVE-2015-7577, CVE-2016-0751,\n CVE-2016-0752)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slestso13-susestudio-12990",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_0475-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:0475-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170475-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:0475-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-February/002650.html"
},
{
"category": "self",
"summary": "SUSE Bug 870697",
"url": "https://bugzilla.suse.com/870697"
},
{
"category": "self",
"summary": "SUSE Bug 887489",
"url": "https://bugzilla.suse.com/887489"
},
{
"category": "self",
"summary": "SUSE Bug 929102",
"url": "https://bugzilla.suse.com/929102"
},
{
"category": "self",
"summary": "SUSE Bug 942185",
"url": "https://bugzilla.suse.com/942185"
},
{
"category": "self",
"summary": "SUSE Bug 947225",
"url": "https://bugzilla.suse.com/947225"
},
{
"category": "self",
"summary": "SUSE Bug 963741",
"url": "https://bugzilla.suse.com/963741"
},
{
"category": "self",
"summary": "SUSE Bug 968797",
"url": "https://bugzilla.suse.com/968797"
},
{
"category": "self",
"summary": "SUSE Bug 969322",
"url": "https://bugzilla.suse.com/969322"
},
{
"category": "self",
"summary": "SUSE Bug 972406",
"url": "https://bugzilla.suse.com/972406"
},
{
"category": "self",
"summary": "SUSE Bug 972425",
"url": "https://bugzilla.suse.com/972425"
},
{
"category": "self",
"summary": "SUSE Bug 974130",
"url": "https://bugzilla.suse.com/974130"
},
{
"category": "self",
"summary": "SUSE Bug 979110",
"url": "https://bugzilla.suse.com/979110"
},
{
"category": "self",
"summary": "SUSE Bug 979124",
"url": "https://bugzilla.suse.com/979124"
},
{
"category": "self",
"summary": "SUSE Bug 981095",
"url": "https://bugzilla.suse.com/981095"
},
{
"category": "self",
"summary": "SUSE Bug 983404",
"url": "https://bugzilla.suse.com/983404"
},
{
"category": "self",
"summary": "SUSE Bug 983999",
"url": "https://bugzilla.suse.com/983999"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3448 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7576 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7576/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7577 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0751 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0752 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0752/"
}
],
"title": "Security update for susestudio",
"tracking": {
"current_release_date": "2017-02-16T00:19:16Z",
"generator": {
"date": "2017-02-16T00:19:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:0475-1",
"initial_release_date": "2017-02-16T00:19:16Z",
"revision_history": [
{
"date": "2017-02-16T00:19:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "studio-help-1.3.20-0.6.9.noarch",
"product": {
"name": "studio-help-1.3.20-0.6.9.noarch",
"product_id": "studio-help-1.3.20-0.6.9.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"product": {
"name": "libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"product_id": "libcontainment-insomnia-0.1.1-0.9.4.19.s390x"
}
},
{
"category": "product_version",
"name": "libjansson4-2.2.1-0.9.11.6.s390x",
"product": {
"name": "libjansson4-2.2.1-0.9.11.6.s390x",
"product_id": "libjansson4-2.2.1-0.9.11.6.s390x"
}
},
{
"category": "product_version",
"name": "qemu-ext2-0.1.1-0.9.4.19.s390x",
"product": {
"name": "qemu-ext2-0.1.1-0.9.4.19.s390x",
"product_id": "qemu-ext2-0.1.1-0.9.4.19.s390x"
}
},
{
"category": "product_version",
"name": "rubygem-bundler19-1.7.0-0.13.10.s390x",
"product": {
"name": "rubygem-bundler19-1.7.0-0.13.10.s390x",
"product_id": "rubygem-bundler19-1.7.0-0.13.10.s390x"
}
},
{
"category": "product_version",
"name": "susestudio-bundled-packages-1.3.14-52.1.s390x",
"product": {
"name": "susestudio-bundled-packages-1.3.14-52.1.s390x",
"product_id": "susestudio-bundled-packages-1.3.14-52.1.s390x"
}
},
{
"category": "product_version",
"name": "susestudio-common-1.3.14-52.1.s390x",
"product": {
"name": "susestudio-common-1.3.14-52.1.s390x",
"product_id": "susestudio-common-1.3.14-52.1.s390x"
}
},
{
"category": "product_version",
"name": "susestudio-runner-1.3.14-52.1.s390x",
"product": {
"name": "susestudio-runner-1.3.14-52.1.s390x",
"product_id": "susestudio-runner-1.3.14-52.1.s390x"
}
},
{
"category": "product_version",
"name": "susestudio-ui-server-1.3.14-52.1.s390x",
"product": {
"name": "susestudio-ui-server-1.3.14-52.1.s390x",
"product_id": "susestudio-ui-server-1.3.14-52.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"product": {
"name": "libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"product_id": "libcontainment-insomnia-0.1.1-0.9.4.19.x86_64"
}
},
{
"category": "product_version",
"name": "libjansson4-2.2.1-0.9.11.6.x86_64",
"product": {
"name": "libjansson4-2.2.1-0.9.11.6.x86_64",
"product_id": "libjansson4-2.2.1-0.9.11.6.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ext2-0.1.1-0.9.4.19.x86_64",
"product": {
"name": "qemu-ext2-0.1.1-0.9.4.19.x86_64",
"product_id": "qemu-ext2-0.1.1-0.9.4.19.x86_64"
}
},
{
"category": "product_version",
"name": "rubygem-bundler19-1.7.0-0.13.10.x86_64",
"product": {
"name": "rubygem-bundler19-1.7.0-0.13.10.x86_64",
"product_id": "rubygem-bundler19-1.7.0-0.13.10.x86_64"
}
},
{
"category": "product_version",
"name": "susestudio-1.3.14-52.1.x86_64",
"product": {
"name": "susestudio-1.3.14-52.1.x86_64",
"product_id": "susestudio-1.3.14-52.1.x86_64"
}
},
{
"category": "product_version",
"name": "susestudio-bundled-packages-1.3.14-52.1.x86_64",
"product": {
"name": "susestudio-bundled-packages-1.3.14-52.1.x86_64",
"product_id": "susestudio-bundled-packages-1.3.14-52.1.x86_64"
}
},
{
"category": "product_version",
"name": "susestudio-common-1.3.14-52.1.x86_64",
"product": {
"name": "susestudio-common-1.3.14-52.1.x86_64",
"product_id": "susestudio-common-1.3.14-52.1.x86_64"
}
},
{
"category": "product_version",
"name": "susestudio-runner-1.3.14-52.1.x86_64",
"product": {
"name": "susestudio-runner-1.3.14-52.1.x86_64",
"product_id": "susestudio-runner-1.3.14-52.1.x86_64"
}
},
{
"category": "product_version",
"name": "susestudio-sid-1.3.14-52.1.x86_64",
"product": {
"name": "susestudio-sid-1.3.14-52.1.x86_64",
"product_id": "susestudio-sid-1.3.14-52.1.x86_64"
}
},
{
"category": "product_version",
"name": "susestudio-ui-server-1.3.14-52.1.x86_64",
"product": {
"name": "susestudio-ui-server-1.3.14-52.1.x86_64",
"product_id": "susestudio-ui-server-1.3.14-52.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Studio Onsite 1.3",
"product": {
"name": "SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-studioonsite:1.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Studio Onsite Runner 1.3",
"product": {
"name": "SUSE Studio Onsite Runner 1.3",
"product_id": "SUSE Studio Onsite Runner 1.3"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libcontainment-insomnia-0.1.1-0.9.4.19.s390x as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x"
},
"product_reference": "libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcontainment-insomnia-0.1.1-0.9.4.19.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64"
},
"product_reference": "libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjansson4-2.2.1-0.9.11.6.s390x as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.s390x"
},
"product_reference": "libjansson4-2.2.1-0.9.11.6.s390x",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjansson4-2.2.1-0.9.11.6.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.x86_64"
},
"product_reference": "libjansson4-2.2.1-0.9.11.6.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ext2-0.1.1-0.9.4.19.s390x as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x"
},
"product_reference": "qemu-ext2-0.1.1-0.9.4.19.s390x",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ext2-0.1.1-0.9.4.19.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64"
},
"product_reference": "qemu-ext2-0.1.1-0.9.4.19.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bundler19-1.7.0-0.13.10.s390x as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x"
},
"product_reference": "rubygem-bundler19-1.7.0-0.13.10.s390x",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bundler19-1.7.0-0.13.10.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64"
},
"product_reference": "rubygem-bundler19-1.7.0-0.13.10.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "studio-help-1.3.20-0.6.9.noarch as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:studio-help-1.3.20-0.6.9.noarch"
},
"product_reference": "studio-help-1.3.20-0.6.9.noarch",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-1.3.14-52.1.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:susestudio-1.3.14-52.1.x86_64"
},
"product_reference": "susestudio-1.3.14-52.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-bundled-packages-1.3.14-52.1.s390x as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x"
},
"product_reference": "susestudio-bundled-packages-1.3.14-52.1.s390x",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-bundled-packages-1.3.14-52.1.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64"
},
"product_reference": "susestudio-bundled-packages-1.3.14-52.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-common-1.3.14-52.1.s390x as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.s390x"
},
"product_reference": "susestudio-common-1.3.14-52.1.s390x",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-common-1.3.14-52.1.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.x86_64"
},
"product_reference": "susestudio-common-1.3.14-52.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-runner-1.3.14-52.1.s390x as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.s390x"
},
"product_reference": "susestudio-runner-1.3.14-52.1.s390x",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-runner-1.3.14-52.1.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.x86_64"
},
"product_reference": "susestudio-runner-1.3.14-52.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-sid-1.3.14-52.1.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:susestudio-sid-1.3.14-52.1.x86_64"
},
"product_reference": "susestudio-sid-1.3.14-52.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-ui-server-1.3.14-52.1.s390x as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.s390x"
},
"product_reference": "susestudio-ui-server-1.3.14-52.1.s390x",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-ui-server-1.3.14-52.1.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.x86_64"
},
"product_reference": "susestudio-ui-server-1.3.14-52.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcontainment-insomnia-0.1.1-0.9.4.19.s390x as component of SUSE Studio Onsite Runner 1.3",
"product_id": "SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x"
},
"product_reference": "libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"relates_to_product_reference": "SUSE Studio Onsite Runner 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcontainment-insomnia-0.1.1-0.9.4.19.x86_64 as component of SUSE Studio Onsite Runner 1.3",
"product_id": "SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64"
},
"product_reference": "libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite Runner 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjansson4-2.2.1-0.9.11.6.s390x as component of SUSE Studio Onsite Runner 1.3",
"product_id": "SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.s390x"
},
"product_reference": "libjansson4-2.2.1-0.9.11.6.s390x",
"relates_to_product_reference": "SUSE Studio Onsite Runner 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjansson4-2.2.1-0.9.11.6.x86_64 as component of SUSE Studio Onsite Runner 1.3",
"product_id": "SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.x86_64"
},
"product_reference": "libjansson4-2.2.1-0.9.11.6.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite Runner 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ext2-0.1.1-0.9.4.19.s390x as component of SUSE Studio Onsite Runner 1.3",
"product_id": "SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x"
},
"product_reference": "qemu-ext2-0.1.1-0.9.4.19.s390x",
"relates_to_product_reference": "SUSE Studio Onsite Runner 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ext2-0.1.1-0.9.4.19.x86_64 as component of SUSE Studio Onsite Runner 1.3",
"product_id": "SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64"
},
"product_reference": "qemu-ext2-0.1.1-0.9.4.19.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite Runner 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bundler19-1.7.0-0.13.10.s390x as component of SUSE Studio Onsite Runner 1.3",
"product_id": "SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x"
},
"product_reference": "rubygem-bundler19-1.7.0-0.13.10.s390x",
"relates_to_product_reference": "SUSE Studio Onsite Runner 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bundler19-1.7.0-0.13.10.x86_64 as component of SUSE Studio Onsite Runner 1.3",
"product_id": "SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64"
},
"product_reference": "rubygem-bundler19-1.7.0-0.13.10.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite Runner 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "studio-help-1.3.20-0.6.9.noarch as component of SUSE Studio Onsite Runner 1.3",
"product_id": "SUSE Studio Onsite Runner 1.3:studio-help-1.3.20-0.6.9.noarch"
},
"product_reference": "studio-help-1.3.20-0.6.9.noarch",
"relates_to_product_reference": "SUSE Studio Onsite Runner 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-1.3.14-52.1.x86_64 as component of SUSE Studio Onsite Runner 1.3",
"product_id": "SUSE Studio Onsite Runner 1.3:susestudio-1.3.14-52.1.x86_64"
},
"product_reference": "susestudio-1.3.14-52.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite Runner 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-bundled-packages-1.3.14-52.1.s390x as component of SUSE Studio Onsite Runner 1.3",
"product_id": "SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x"
},
"product_reference": "susestudio-bundled-packages-1.3.14-52.1.s390x",
"relates_to_product_reference": "SUSE Studio Onsite Runner 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-bundled-packages-1.3.14-52.1.x86_64 as component of SUSE Studio Onsite Runner 1.3",
"product_id": "SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64"
},
"product_reference": "susestudio-bundled-packages-1.3.14-52.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite Runner 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-common-1.3.14-52.1.s390x as component of SUSE Studio Onsite Runner 1.3",
"product_id": "SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.s390x"
},
"product_reference": "susestudio-common-1.3.14-52.1.s390x",
"relates_to_product_reference": "SUSE Studio Onsite Runner 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-common-1.3.14-52.1.x86_64 as component of SUSE Studio Onsite Runner 1.3",
"product_id": "SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.x86_64"
},
"product_reference": "susestudio-common-1.3.14-52.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite Runner 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-runner-1.3.14-52.1.s390x as component of SUSE Studio Onsite Runner 1.3",
"product_id": "SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.s390x"
},
"product_reference": "susestudio-runner-1.3.14-52.1.s390x",
"relates_to_product_reference": "SUSE Studio Onsite Runner 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-runner-1.3.14-52.1.x86_64 as component of SUSE Studio Onsite Runner 1.3",
"product_id": "SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.x86_64"
},
"product_reference": "susestudio-runner-1.3.14-52.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite Runner 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-sid-1.3.14-52.1.x86_64 as component of SUSE Studio Onsite Runner 1.3",
"product_id": "SUSE Studio Onsite Runner 1.3:susestudio-sid-1.3.14-52.1.x86_64"
},
"product_reference": "susestudio-sid-1.3.14-52.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite Runner 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-ui-server-1.3.14-52.1.s390x as component of SUSE Studio Onsite Runner 1.3",
"product_id": "SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.s390x"
},
"product_reference": "susestudio-ui-server-1.3.14-52.1.s390x",
"relates_to_product_reference": "SUSE Studio Onsite Runner 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susestudio-ui-server-1.3.14-52.1.x86_64 as component of SUSE Studio Onsite Runner 1.3",
"product_id": "SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.x86_64"
},
"product_reference": "susestudio-ui-server-1.3.14-52.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite Runner 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-3448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3448"
}
],
"notes": [
{
"category": "general",
"text": "REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite Runner 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite Runner 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3448",
"url": "https://www.suse.com/security/cve/CVE-2015-3448"
},
{
"category": "external",
"summary": "SUSE Bug 917802 for CVE-2015-3448",
"url": "https://bugzilla.suse.com/917802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite Runner 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite Runner 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-16T00:19:16Z",
"details": "low"
}
],
"title": "CVE-2015-3448"
},
{
"cve": "CVE-2015-7576",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7576"
}
],
"notes": [
{
"category": "general",
"text": "The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite Runner 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite Runner 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7576",
"url": "https://www.suse.com/security/cve/CVE-2015-7576"
},
{
"category": "external",
"summary": "SUSE Bug 963329 for CVE-2015-7576",
"url": "https://bugzilla.suse.com/963329"
},
{
"category": "external",
"summary": "SUSE Bug 963563 for CVE-2015-7576",
"url": "https://bugzilla.suse.com/963563"
},
{
"category": "external",
"summary": "SUSE Bug 970715 for CVE-2015-7576",
"url": "https://bugzilla.suse.com/970715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite Runner 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite Runner 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite Runner 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite Runner 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-16T00:19:16Z",
"details": "low"
}
],
"title": "CVE-2015-7576"
},
{
"cve": "CVE-2015-7577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7577"
}
],
"notes": [
{
"category": "general",
"text": "activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite Runner 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite Runner 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7577",
"url": "https://www.suse.com/security/cve/CVE-2015-7577"
},
{
"category": "external",
"summary": "SUSE Bug 963330 for CVE-2015-7577",
"url": "https://bugzilla.suse.com/963330"
},
{
"category": "external",
"summary": "SUSE Bug 963604 for CVE-2015-7577",
"url": "https://bugzilla.suse.com/963604"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite Runner 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite Runner 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite Runner 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite Runner 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-16T00:19:16Z",
"details": "low"
}
],
"title": "CVE-2015-7577"
},
{
"cve": "CVE-2016-0751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0751"
}
],
"notes": [
{
"category": "general",
"text": "actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite Runner 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite Runner 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0751",
"url": "https://www.suse.com/security/cve/CVE-2016-0751"
},
{
"category": "external",
"summary": "SUSE Bug 963331 for CVE-2016-0751",
"url": "https://bugzilla.suse.com/963331"
},
{
"category": "external",
"summary": "SUSE Bug 963627 for CVE-2016-0751",
"url": "https://bugzilla.suse.com/963627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite Runner 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite Runner 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite Runner 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite Runner 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-16T00:19:16Z",
"details": "low"
}
],
"title": "CVE-2016-0751"
},
{
"cve": "CVE-2016-0752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0752"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite Runner 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite Runner 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0752",
"url": "https://www.suse.com/security/cve/CVE-2016-0752"
},
{
"category": "external",
"summary": "SUSE Bug 963332 for CVE-2016-0752",
"url": "https://bugzilla.suse.com/963332"
},
{
"category": "external",
"summary": "SUSE Bug 963608 for CVE-2016-0752",
"url": "https://bugzilla.suse.com/963608"
},
{
"category": "external",
"summary": "SUSE Bug 968850 for CVE-2016-0752",
"url": "https://bugzilla.suse.com/968850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite Runner 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite Runner 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.s390x",
"SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6.x86_64",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.s390x",
"SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19.x86_64",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.s390x",
"SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10.x86_64",
"SUSE Studio Onsite Runner 1.3:studio-help-1.3.20-0.6.9.noarch",
"SUSE Studio Onsite Runner 1.3:susestudio-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-sid-1.3.14-52.1.x86_64",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.s390x",
"SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-16T00:19:16Z",
"details": "low"
}
],
"title": "CVE-2016-0752"
}
]
}
gsd-2016-0752
Vulnerability from gsd
Modified
2016-01-25 00:00
Details
There is a possible directory traversal and information leak vulnerability in
Action View. This vulnerability has been assigned the CVE identifier
CVE-2016-0752.
Versions Affected: All.
Not affected: None.
Fixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1
Impact
------
Applications that pass unverified user input to the `render` method in a
controller may be vulnerable to an information leak vulnerability.
Impacted code will look something like this:
```ruby
def index
render params[:id]
end
```
Carefully crafted requests can cause the above code to render files from
unexpected places like outside the application's view directory, and can
possibly escalate this to a remote code execution attack.
All users running an affected release should either upgrade or use one of the
workarounds immediately.
Releases
--------
The FIXED releases are available at the normal locations.
Workarounds
-----------
A workaround to this issue is to not pass arbitrary user input to the `render`
method. Instead, verify that data before passing it to the `render` method.
For example, change this:
```ruby
def index
render params[:id]
end
```
To this:
```ruby
def index
render verify_template(params[:id])
end
private
def verify_template(name)
# add verification logic particular to your application here
end
```
Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.
* 3-2-render_data_leak.patch - Patch for 3.2 series
* 4-1-render_data_leak.patch - Patch for 4.1 series
* 4-2-render_data_leak.patch - Patch for 4.2 series
* 5-0-render_data_leak.patch - Patch for 5.0 series
Please note that only the 4.1.x and 4.2.x series are supported at present. Users
of earlier unsupported releases are advised to upgrade as soon as possible as we
cannot guarantee the continued availability of security fixes for unsupported
releases.
Credits
-------
Thanks John Poulin for reporting this!
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-0752",
"description": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname.",
"id": "GSD-2016-0752",
"references": [
"https://www.suse.com/security/cve/CVE-2016-0752.html",
"https://www.debian.org/security/2016/dsa-3464",
"https://access.redhat.com/errata/RHSA-2016:0455",
"https://access.redhat.com/errata/RHSA-2016:0454",
"https://access.redhat.com/errata/RHSA-2016:0296",
"https://packetstormsecurity.com/files/cve/CVE-2016-0752"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "actionpack",
"purl": "pkg:gem/actionpack"
}
}
],
"aliases": [
"CVE-2016-0752"
],
"details": "There is a possible directory traversal and information leak vulnerability in\nAction View. This vulnerability has been assigned the CVE identifier\nCVE-2016-0752.\n\nVersions Affected: All.\nNot affected: None.\nFixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1\n\nImpact\n------\nApplications that pass unverified user input to the `render` method in a\ncontroller may be vulnerable to an information leak vulnerability.\n\nImpacted code will look something like this:\n\n```ruby\ndef index\n render params[:id]\nend\n```\n\nCarefully crafted requests can cause the above code to render files from\nunexpected places like outside the application\u0027s view directory, and can\npossibly escalate this to a remote code execution attack.\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\nReleases\n--------\nThe FIXED releases are available at the normal locations.\n\nWorkarounds\n-----------\nA workaround to this issue is to not pass arbitrary user input to the `render`\nmethod. Instead, verify that data before passing it to the `render` method.\n\nFor example, change this:\n\n```ruby\ndef index\n render params[:id]\nend\n```\n\nTo this:\n\n```ruby\ndef index\n render verify_template(params[:id])\nend\n\nprivate\ndef verify_template(name)\n # add verification logic particular to your application here\nend\n```\n\nPatches\n-------\nTo aid users who aren\u0027t able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 3-2-render_data_leak.patch - Patch for 3.2 series\n* 4-1-render_data_leak.patch - Patch for 4.1 series\n* 4-2-render_data_leak.patch - Patch for 4.2 series\n* 5-0-render_data_leak.patch - Patch for 5.0 series\n\nPlease note that only the 4.1.x and 4.2.x series are supported at present. Users\nof earlier unsupported releases are advised to upgrade as soon as possible as we\ncannot guarantee the continued availability of security fixes for unsupported\nreleases.\n\nCredits\n-------\nThanks John Poulin for reporting this!\n",
"id": "GSD-2016-0752",
"modified": "2016-01-25T00:00:00.000Z",
"published": "2016-01-25T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00"
}
],
"schema_version": "1.4.0",
"summary": "Possible Information Leak Vulnerability in Action View"
}
},
"namespaces": {
"cisa.gov": {
"cveID": "CVE-2016-0752",
"dateAdded": "2022-03-25",
"dueDate": "2022-04-15",
"product": "Ruby on Rails",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.",
"vendorProject": "Rails",
"vulnerabilityName": "Ruby on Rails Directory Traversal Vulnerability"
},
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40561",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40561/"
},
{
"name": "openSUSE-SU-2016:0372",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
},
{
"name": "openSUSE-SU-2016:0363",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"
},
{
"name": "[oss-security] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/25/13"
},
{
"name": "FEDORA-2016-97002ad37b",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html"
},
{
"name": "SUSE-SU-2016:1146",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"name": "81801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/81801"
},
{
"name": "1034816",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034816"
},
{
"name": "FEDORA-2016-fa0dec2360",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html"
},
{
"name": "[ruby-security-ann] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ"
},
{
"name": "DSA-3464",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3464"
},
{
"name": "RHSA-2016:0296",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2016-0752",
"cvss_v2": 5.0,
"cvss_v3": 7.5,
"date": "2016-01-25",
"description": "There is a possible directory traversal and information leak vulnerability in\nAction View. This vulnerability has been assigned the CVE identifier\nCVE-2016-0752.\n\nVersions Affected: All.\nNot affected: None.\nFixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1\n\nImpact\n------\nApplications that pass unverified user input to the `render` method in a\ncontroller may be vulnerable to an information leak vulnerability.\n\nImpacted code will look something like this:\n\n```ruby\ndef index\n render params[:id]\nend\n```\n\nCarefully crafted requests can cause the above code to render files from\nunexpected places like outside the application\u0027s view directory, and can\npossibly escalate this to a remote code execution attack.\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\nReleases\n--------\nThe FIXED releases are available at the normal locations.\n\nWorkarounds\n-----------\nA workaround to this issue is to not pass arbitrary user input to the `render`\nmethod. Instead, verify that data before passing it to the `render` method.\n\nFor example, change this:\n\n```ruby\ndef index\n render params[:id]\nend\n```\n\nTo this:\n\n```ruby\ndef index\n render verify_template(params[:id])\nend\n\nprivate\ndef verify_template(name)\n # add verification logic particular to your application here\nend\n```\n\nPatches\n-------\nTo aid users who aren\u0027t able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 3-2-render_data_leak.patch - Patch for 3.2 series\n* 4-1-render_data_leak.patch - Patch for 4.1 series\n* 4-2-render_data_leak.patch - Patch for 4.2 series\n* 5-0-render_data_leak.patch - Patch for 5.0 series\n\nPlease note that only the 4.1.x and 4.2.x series are supported at present. Users\nof earlier unsupported releases are advised to upgrade as soon as possible as we\ncannot guarantee the continued availability of security fixes for unsupported\nreleases.\n\nCredits\n-------\nThanks John Poulin for reporting this!\n",
"framework": "rails",
"gem": "actionview",
"ghsa": "xrr4-p6fq-hjg7",
"notes": "\u0027~\u003e 3.2.22.1\u0027 is found in gems/actionpack/CVE-2016-0752.yml",
"patched_versions": [
"\u003e= 5.0.0.beta1.1",
"~\u003e 4.2.5, \u003e= 4.2.5.1",
"~\u003e 4.1.14, \u003e= 4.1.14.1"
],
"title": "Possible Information Leak Vulnerability in Action View",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c3.2.22.1",
"affected_versions": "All versions before 3.2.22.1",
"credit": "John Poulin",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-22",
"CWE-937"
],
"date": "2019-08-08",
"description": "Applications that pass unverified user input to the `render` method in a controller may be vulnerable to an information leak vulnerability. Carefully crafted requests can render files from unexpected places like outside the application\u0027s view directory, and can possibly escalate this to a remote code execution attack.",
"fixed_versions": [
"3.2.22.1"
],
"identifier": "CVE-2016-0752",
"identifiers": [
"CVE-2016-0752"
],
"package_slug": "gem/actionpack",
"pubdate": "2016-02-15",
"solution": "Upgrade to latest, apply patches or use workaround. See provided link.",
"title": "Possible Information Leak Vulnerability in ActionView",
"urls": [
"https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00"
],
"uuid": "83ce344a-9c70-4c28-aa71-ee040cb07b68"
},
{
"affected_range": "\u003e=5.0.0.alpha \u003c5.0.0.beta1.1||\u003e=4.2.0.alpha \u003c4.2.5.1||\u003c4.1.14.1",
"affected_versions": "All versions starting from 5.0.0.alpha before 5.0.0.beta1.1, all versions starting from 4.2.0.alpha before 4.2.5.1, all versions before 4.1.14.1",
"credit": "John Poulin",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-22",
"CWE-937"
],
"date": "2019-08-08",
"description": "Applications that pass unverified user input to the `render` method in a controller may be vulnerable to an information leak vulnerability. Carefully crafted requests can render files from unexpected places like outside the application\u0027s view directory, and can possibly escalate this to a remote code execution attack. ",
"fixed_versions": [
"4.1.14.1",
"4.2.5.1",
"5.0.0.beta1.1"
],
"identifier": "CVE-2016-0752",
"identifiers": [
"CVE-2016-0752"
],
"package_slug": "gem/actionview",
"pubdate": "2016-02-15",
"solution": "Upgrade to latest, apply patches or use workaround. See provided link.",
"title": "Possible Information Leak Vulnerability",
"urls": [
"https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00"
],
"uuid": "2cb5b4be-915d-4ffe-beea-95146cfa6061"
},
{
"affected_range": "\u003e=4.0.0 \u003c=5.0.0",
"affected_versions": "All versions starting from 4.0.0 up to 5.0.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-22",
"CWE-937"
],
"date": "2019-08-08",
"description": "The Rails gem allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a `..` in a pathname.",
"fixed_versions": [
"5.0.1"
],
"identifier": "CVE-2016-0752",
"identifiers": [
"CVE-2016-0752"
],
"not_impacted": "All versions before 4.0.0, all versions after 5.0.0",
"package_slug": "gem/rails",
"pubdate": "2016-02-16",
"solution": "Upgrade to versions 5.0.1 or above.",
"title": "Path Traversal",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2016-0752"
],
"uuid": "f1576168-f930-4a11-b848-d02bcfad912f"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.2.22",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0752"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[ruby-security-ann] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View",
"refsource": "MLIST",
"tags": [],
"url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ"
},
{
"name": "[oss-security] 20160125 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2016/01/25/13"
},
{
"name": "81801",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/81801"
},
{
"name": "SUSE-SU-2016:1146",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"name": "FEDORA-2016-fa0dec2360",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html"
},
{
"name": "RHSA-2016:0296",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
},
{
"name": "FEDORA-2016-97002ad37b",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html"
},
{
"name": "openSUSE-SU-2016:0372",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
},
{
"name": "openSUSE-SU-2016:0363",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"
},
{
"name": "DSA-3464",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2016/dsa-3464"
},
{
"name": "40561",
"refsource": "EXPLOIT-DB",
"tags": [],
"url": "https://www.exploit-db.com/exploits/40561/"
},
{
"name": "1034816",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1034816"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": true,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM"
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-08-08T15:43Z",
"publishedDate": "2016-02-16T02:59Z"
}
}
}
rhsa-2016:0296
Vulnerability from csaf_redhat
Published
2016-02-24 10:36
Modified
2025-08-04 11:50
Summary
Red Hat Security Advisory: rh-ror41 security update
Notes
Topic
Updated rh-ror41-rubygem-actionpack, rh-ror41-rubygem-actionview,
rh-ror41-rubygem-activemodel, and rh-ror41-rubygem-activerecord packages
that fix multiple security issues are now available for Red Hat Software
Collections.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
The rh-ror41 collection provides Ruby on Rails version 4.1. Ruby on Rails
is a model-view-controller (MVC) framework for web application development.
The following issue was corrected in rubygem-actionpack and
rubygem-actionview:
A directory traversal flaw was found in the way the Action View component
searched for templates for rendering. If an application passed untrusted
input to the 'render' method, a remote, unauthenticated attacker could use
this to render unexpected files and, possibly, execute arbitrary code.
(CVE-2016-0752)
The following issues were corrected in rubygem-actionpack:
A flaw was found in the way the Action Pack component performed MIME type
lookups. Since queries were cached in a global cache of MIME types, an
attacker could use this flaw to grow the cache indefinitely, potentially
resulting in a denial of service. (CVE-2016-0751)
A flaw was found in the Action Pack component's caching of controller
references. An attacker could use this flaw to cause unbounded memory
growth, potentially resulting in a denial of service. (CVE-2015-7581)
A flaw was found in the way the Action Controller component compared user
names and passwords when performing HTTP basic authentication. Time taken
to compare strings could differ depending on input, possibly allowing a
remote attacker to determine valid user names and passwords using a timing
attack. (CVE-2015-7576)
The following issue was corrected in rubygem-activerecord:
A flaw was found in the Active Record component's handling of nested
attributes in combination with the destroy flag. An attacker could possibly
use this flaw to set attributes to invalid values or clear all attributes.
(CVE-2015-7577)
The following issue was corrected in rubygem-activemodel and
rubygem-activerecord:
A flaw was found in the way the Active Model based models processed
attributes. An attacker with the ability to pass arbitrary attributes to
models could possibly use this flaw to bypass input validation.
(CVE-2016-0753)
Red Hat would like to thank the Ruby on Rails project for reporting these
issues. Upstream acknowledges John Poulin as the original reporter of
CVE-2016-0752, Aaron Patterson of Red Hat as the original reporter of
CVE-2016-0751, Daniel Waterworth as the original reporter of CVE-2015-7576,
Justin Coyne as the original reporter of CVE-2015-7577, and John Backus
from BlockScore as the original reporter of CVE-2016-0753.
All rh-ror41 collection rubygem-actionpack, rubygem-actionview,
rubygem-activemodel, and rubygem-activerecord packages users are advised to
upgrade to these updated packages, which contain backported patches to
correct these issues. All running applications using the rh-ror41
collection must be restarted for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated rh-ror41-rubygem-actionpack, rh-ror41-rubygem-actionview,\nrh-ror41-rubygem-activemodel, and rh-ror41-rubygem-activerecord packages\nthat fix multiple security issues are now available for Red Hat Software\nCollections.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The rh-ror41 collection provides Ruby on Rails version 4.1. Ruby on Rails\nis a model-view-controller (MVC) framework for web application development.\n\nThe following issue was corrected in rubygem-actionpack and\nrubygem-actionview:\n\nA directory traversal flaw was found in the way the Action View component\nsearched for templates for rendering. If an application passed untrusted\ninput to the \u0027render\u0027 method, a remote, unauthenticated attacker could use\nthis to render unexpected files and, possibly, execute arbitrary code.\n(CVE-2016-0752)\n\nThe following issues were corrected in rubygem-actionpack:\n\nA flaw was found in the way the Action Pack component performed MIME type\nlookups. Since queries were cached in a global cache of MIME types, an\nattacker could use this flaw to grow the cache indefinitely, potentially\nresulting in a denial of service. (CVE-2016-0751)\n\nA flaw was found in the Action Pack component\u0027s caching of controller\nreferences. An attacker could use this flaw to cause unbounded memory\ngrowth, potentially resulting in a denial of service. (CVE-2015-7581)\n\nA flaw was found in the way the Action Controller component compared user\nnames and passwords when performing HTTP basic authentication. Time taken\nto compare strings could differ depending on input, possibly allowing a\nremote attacker to determine valid user names and passwords using a timing\nattack. (CVE-2015-7576)\n\nThe following issue was corrected in rubygem-activerecord:\n\nA flaw was found in the Active Record component\u0027s handling of nested\nattributes in combination with the destroy flag. An attacker could possibly\nuse this flaw to set attributes to invalid values or clear all attributes.\n(CVE-2015-7577)\n\nThe following issue was corrected in rubygem-activemodel and\nrubygem-activerecord:\n\nA flaw was found in the way the Active Model based models processed\nattributes. An attacker with the ability to pass arbitrary attributes to\nmodels could possibly use this flaw to bypass input validation.\n(CVE-2016-0753)\n\nRed Hat would like to thank the Ruby on Rails project for reporting these\nissues. Upstream acknowledges John Poulin as the original reporter of\nCVE-2016-0752, Aaron Patterson of Red Hat as the original reporter of\nCVE-2016-0751, Daniel Waterworth as the original reporter of CVE-2015-7576,\nJustin Coyne as the original reporter of CVE-2015-7577, and John Backus\nfrom BlockScore as the original reporter of CVE-2016-0753.\n\nAll rh-ror41 collection rubygem-actionpack, rubygem-actionview,\nrubygem-activemodel, and rubygem-activerecord packages users are advised to\nupgrade to these updated packages, which contain backported patches to\ncorrect these issues. All running applications using the rh-ror41\ncollection must be restarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:0296",
"url": "https://access.redhat.com/errata/RHSA-2016:0296"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1301933",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301933"
},
{
"category": "external",
"summary": "1301946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301946"
},
{
"category": "external",
"summary": "1301957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301957"
},
{
"category": "external",
"summary": "1301963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963"
},
{
"category": "external",
"summary": "1301973",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301973"
},
{
"category": "external",
"summary": "1301981",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301981"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_0296.json"
}
],
"title": "Red Hat Security Advisory: rh-ror41 security update",
"tracking": {
"current_release_date": "2025-08-04T11:50:08+00:00",
"generator": {
"date": "2025-08-04T11:50:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2016:0296",
"initial_release_date": "2016-02-24T10:36:00+00:00",
"revision_history": [
{
"date": "2016-02-24T10:36:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-02-24T10:36:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-04T11:50:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"product": {
"name": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"product_id": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-actionview-doc@4.1.5-4.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"product": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"product_id": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-actionview@4.1.5-4.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"product": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"product_id": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activemodel@4.1.5-2.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"product": {
"name": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"product_id": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activemodel-doc@4.1.5-2.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"product": {
"name": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"product_id": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-actionpack-doc@4.1.5-3.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"product": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"product_id": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-actionpack@4.1.5-3.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"product": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"product_id": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activerecord@4.1.5-2.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"product": {
"name": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"product_id": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activerecord-doc@4.1.5-2.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"product": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"product_id": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activesupport@4.1.5-3.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"product": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"product_id": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-actionview@4.1.5-4.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"product": {
"name": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"product_id": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-actionview-doc@4.1.5-4.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"product": {
"name": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"product_id": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activemodel-doc@4.1.5-2.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"product": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"product_id": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activemodel@4.1.5-2.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"product": {
"name": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"product_id": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-actionpack-doc@4.1.5-3.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"product": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"product_id": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-actionpack@4.1.5-3.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"product": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"product_id": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activerecord@4.1.5-2.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"product": {
"name": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"product_id": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activerecord-doc@4.1.5-2.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"product": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"product_id": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activesupport@4.1.5-3.el6?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"product": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"product_id": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-actionview@4.1.5-4.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"product": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"product_id": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activemodel@4.1.5-2.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"product": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"product_id": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-actionpack@4.1.5-3.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"product": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"product_id": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activerecord@4.1.5-2.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"product": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"product_id": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activesupport@4.1.5-3.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"product": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"product_id": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-actionview@4.1.5-4.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"product": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"product_id": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activemodel@4.1.5-2.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"product": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"product_id": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-actionpack@4.1.5-3.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"product": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"product_id": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activerecord@4.1.5-2.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"product": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"product_id": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-ror41-rubygem-activesupport@4.1.5-3.el6?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src"
},
"product_reference": "rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src"
},
"product_reference": "rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src"
},
"product_reference": "rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src"
},
"product_reference": "rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
},
"product_reference": "rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Daniel Waterworth"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2015-7576",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301933"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7576"
},
{
"category": "external",
"summary": "RHBZ#1301933",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301933"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7576",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7576"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576"
},
{
"category": "external",
"summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
"url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-02-24T10:36:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0296"
},
{
"category": "workaround",
"details": "Use following code to monkey-patch http_basic_authenticate_with method in ActionController:\n\n~~~\nmodule ActiveSupport\n module SecurityUtils\n def secure_compare(a, b)\n return false unless a.bytesize == b.bytesize\n\n l = a.unpack \"C#{a.bytesize}\"\n\n res = 0\n b.each_byte { |byte| res |= byte ^ l.shift }\n res == 0\n end\n module_function :secure_compare\n\n def variable_size_secure_compare(a, b)\n secure_compare(::Digest::SHA256.hexdigest(a), ::Digest::SHA256.hexdigest(b))\n end\n module_function :variable_size_secure_compare\n end\nend\n\nmodule ActionController\n class Base\n def self.http_basic_authenticate_with(options = {})\n before_action(options.except(:name, :password, :realm)) do\n authenticate_or_request_with_http_basic(options[:realm] || \"Application\") do |name, password|\n # This comparison uses \u0026 so that it doesn\u0027t short circuit and\n # uses `variable_size_secure_compare` so that length information\n # isn\u0027t leaked.\n ActiveSupport::SecurityUtils.variable_size_secure_compare(name, options[:name]) \u0026\n ActiveSupport::SecurityUtils.variable_size_secure_compare(password, options[:password])\n end\n end\n end\n end\nend\n~~~",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Justin Coyne"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2015-7577",
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301957"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Active Record component\u0027s handling of nested attributes in combination with the destroy flag. An attacker could possibly use this flaw to set attributes to invalid values or clear all attributes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-activerecord: Nested attributes rejection proc bypass in Active Record",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7577"
},
{
"category": "external",
"summary": "RHBZ#1301957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301957"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7577",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7577"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7577",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7577"
},
{
"category": "external",
"summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
"url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/cawsWcQ6c8g/tegZtYdbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/cawsWcQ6c8g/tegZtYdbFQAJ"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-02-24T10:36:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0296"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-activerecord: Nested attributes rejection proc bypass in Active Record"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
}
],
"cve": "CVE-2015-7581",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301981"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Action Pack component\u0027s caching of controller references. An attacker could use this flaw to cause unbounded memory growth, potentially resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: Object leak vulnerability for wildcard controller routes in Action Pack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7581"
},
{
"category": "external",
"summary": "RHBZ#1301981",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301981"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7581",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7581"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7581",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7581"
},
{
"category": "external",
"summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
"url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/dthJ5wL69JE/YzPnFelbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/dthJ5wL69JE/YzPnFelbFQAJ"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-02-24T10:36:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0296"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-actionpack: Object leak vulnerability for wildcard controller routes in Action Pack"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Aaron Patterson"
],
"organization": "Red Hat",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-0751",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the Action Pack component performed MIME type lookups. Since queries were cached in a global cache of MIME types, an attacker could use this flaw to grow the cache indefinitely, potentially resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: possible object leak and denial of service attack in Action Pack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0751"
},
{
"category": "external",
"summary": "RHBZ#1301946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0751",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0751"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751"
},
{
"category": "external",
"summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
"url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-02-24T10:36:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0296"
},
{
"category": "workaround",
"details": "Use following code to monkey-patch mime types cache and disable caching.\n\n```\nrequire \u0027action_dispatch/http/mime_type\u0027\n\nMime.const_set :LOOKUP, Hash.new { |h,k|\n Mime::Type.new(k) unless k.blank?\n} \n```\n\nAlternatively perform filtering of mime types in the Accept header to allow only known types.",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-actionpack: possible object leak and denial of service attack in Action Pack"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"John Poulin"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-0752",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301963"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the \u0027render\u0027 method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: directory traversal flaw in Action View",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0752"
},
{
"category": "external",
"summary": "RHBZ#1301963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0752",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/335P1DcLG00/OfB9_LhbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/335P1DcLG00/OfB9_LhbFQAJ"
},
{
"category": "external",
"summary": "https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/",
"url": "https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-02-24T10:36:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0296"
},
{
"category": "workaround",
"details": "Avoid passing untrusted input to render method, or verify the input using whitelist before passing it to the render method:\n\n```\n\ndef index\n render verify_template(params[:id])\nend\n\nprivate\ndef verify_template(name)\n # add verification logic particular to your application here\nend\n\n```",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-actionpack: directory traversal flaw in Action View"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"John Backus"
],
"organization": "BlockScore",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-0753",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301973"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the Active Model based models processed attributes. An attacker with the ability to pass arbitrary attributes to models could possibly use this flaw to bypass input validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-activerecord: possible input validation circumvention in Active Model",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0753"
},
{
"category": "external",
"summary": "RHBZ#1301973",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301973"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0753",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0753"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0753",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0753"
},
{
"category": "external",
"summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
"url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/6jQVC1geukQ/8oYETcxbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/6jQVC1geukQ/8oYETcxbFQAJ"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-02-24T10:36:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0296"
},
{
"category": "workaround",
"details": "Do not allow arbitrary attributes to be passed to models. In Rails with Strong Parameters, make sure to not call permit! method, which bypasses strong parameters protections. Outside of rails, use whitelisting to filter only allowed attributes before passing them to models.",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el6.src",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.noarch",
"6Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el6.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Server-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-1:4.1.5-3.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-0:4.1.5-4.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-0:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-1:4.1.5-2.el7.src",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.noarch",
"7Workstation-RHSCL-2.1:rh-ror41-rubygem-activesupport-1:4.1.5-3.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-activerecord: possible input validation circumvention in Active Model"
}
]
}
rhsa-2016:0454
Vulnerability from csaf_redhat
Published
2016-03-15 20:56
Modified
2025-08-04 11:50
Summary
Red Hat Security Advisory: ror40 security update
Notes
Topic
Updated ror40-rubygem-actionpack and ror40-rubygem-activerecord packages
that fix multiple security issues are now available for Red Hat Software
Collections.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
The ror40 collection provides Ruby on Rails version 4.0. Ruby on Rails is
a model-view-controller (MVC) framework for web application development.
The following issues were corrected in rubygem-actionpack:
Multiple directory traversal flaws were found in the way the Action View
component searched for templates for rendering. If an application passed
untrusted input to the 'render' method, a remote, unauthenticated attacker
could use these flaws to render unexpected files and, possibly, execute
arbitrary code. (CVE-2016-0752, CVE-2016-2097)
A code injection flaw was found in the way the Action View component
searched for templates for rendering. If an application passed untrusted
input to the 'render' method, a remote, unauthenticated attacker could use
this flaw to execute arbitrary code. (CVE-2016-2098)
A flaw was found in the way the Action Pack component performed MIME type
lookups. Since queries were cached in a global cache of MIME types, an
attacker could use this flaw to grow the cache indefinitely, potentially
resulting in a denial of service. (CVE-2016-0751)
A flaw was found in the Action Pack component's caching of controller
references. An attacker could use this flaw to cause unbounded memory
growth, potentially resulting in a denial of service. (CVE-2015-7581)
A flaw was found in the way the Action Controller component compared user
names and passwords when performing HTTP basic authentication. Time taken
to compare strings could differ depending on input, possibly allowing a
remote attacker to determine valid user names and passwords using a timing
attack. (CVE-2015-7576)
The following issue was corrected in rubygem-activerecord:
A flaw was found in the Active Record component's handling of nested
attributes in combination with the destroy flag. An attacker could possibly
use this flaw to set attributes to invalid values or clear all attributes.
(CVE-2015-7577)
Red Hat would like to thank the Ruby on Rails project for reporting these
issues. Upstream acknowledges John Poulin as the original reporter of
CVE-2016-0752, Jyoti Singh and Tobias Kraze (makandra) as original
reporters of CVE-2016-2097, Tobias Kraze (makandra) and joernchen
(Phenoelit) as original reporters of CVE-2016-2098, Aaron Patterson (Red
Hat) as the original reporter of CVE-2016-0751, Daniel Waterworth as the
original reporter of CVE-2015-7576, and Justin Coyne as the original
reporter of CVE-2015-7577.
All ror40 collection rubygem-actionpack and rubygem-activerecord packages
users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues. All running applications using
the ror40 collection must be restarted for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated ror40-rubygem-actionpack and ror40-rubygem-activerecord packages\nthat fix multiple security issues are now available for Red Hat Software\nCollections.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The ror40 collection provides Ruby on Rails version 4.0. Ruby on Rails is\na model-view-controller (MVC) framework for web application development.\n\nThe following issues were corrected in rubygem-actionpack:\n\nMultiple directory traversal flaws were found in the way the Action View\ncomponent searched for templates for rendering. If an application passed\nuntrusted input to the \u0027render\u0027 method, a remote, unauthenticated attacker\ncould use these flaws to render unexpected files and, possibly, execute\narbitrary code. (CVE-2016-0752, CVE-2016-2097)\n\nA code injection flaw was found in the way the Action View component\nsearched for templates for rendering. If an application passed untrusted\ninput to the \u0027render\u0027 method, a remote, unauthenticated attacker could use\nthis flaw to execute arbitrary code. (CVE-2016-2098)\n\nA flaw was found in the way the Action Pack component performed MIME type\nlookups. Since queries were cached in a global cache of MIME types, an\nattacker could use this flaw to grow the cache indefinitely, potentially\nresulting in a denial of service. (CVE-2016-0751)\n\nA flaw was found in the Action Pack component\u0027s caching of controller\nreferences. An attacker could use this flaw to cause unbounded memory\ngrowth, potentially resulting in a denial of service. (CVE-2015-7581)\n\nA flaw was found in the way the Action Controller component compared user\nnames and passwords when performing HTTP basic authentication. Time taken\nto compare strings could differ depending on input, possibly allowing a\nremote attacker to determine valid user names and passwords using a timing\nattack. (CVE-2015-7576)\n\nThe following issue was corrected in rubygem-activerecord:\n\nA flaw was found in the Active Record component\u0027s handling of nested\nattributes in combination with the destroy flag. An attacker could possibly\nuse this flaw to set attributes to invalid values or clear all attributes.\n(CVE-2015-7577)\n\nRed Hat would like to thank the Ruby on Rails project for reporting these\nissues. Upstream acknowledges John Poulin as the original reporter of\nCVE-2016-0752, Jyoti Singh and Tobias Kraze (makandra) as original\nreporters of CVE-2016-2097, Tobias Kraze (makandra) and joernchen\n(Phenoelit) as original reporters of CVE-2016-2098, Aaron Patterson (Red\nHat) as the original reporter of CVE-2016-0751, Daniel Waterworth as the\noriginal reporter of CVE-2015-7576, and Justin Coyne as the original\nreporter of CVE-2015-7577.\n\nAll ror40 collection rubygem-actionpack and rubygem-activerecord packages\nusers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications using\nthe ror40 collection must be restarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:0454",
"url": "https://access.redhat.com/errata/RHSA-2016:0454"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1301933",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301933"
},
{
"category": "external",
"summary": "1301946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301946"
},
{
"category": "external",
"summary": "1301957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301957"
},
{
"category": "external",
"summary": "1301963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963"
},
{
"category": "external",
"summary": "1301981",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301981"
},
{
"category": "external",
"summary": "1310043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310043"
},
{
"category": "external",
"summary": "1310054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310054"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_0454.json"
}
],
"title": "Red Hat Security Advisory: ror40 security update",
"tracking": {
"current_release_date": "2025-08-04T11:50:19+00:00",
"generator": {
"date": "2025-08-04T11:50:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2016:0454",
"initial_release_date": "2016-03-15T20:56:17+00:00",
"revision_history": [
{
"date": "2016-03-15T20:56:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-03-15T20:56:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-04T11:50:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"product": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"product_id": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-activerecord@4.0.2-6.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"product": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"product_id": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-activesupport@4.0.2-4.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"product": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"product_id": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-actionpack@4.0.2-7.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"product": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"product_id": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-activerecord@4.0.2-6.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"product": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"product_id": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-activesupport@4.0.2-4.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"product": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"product_id": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-actionpack@4.0.2-7.el6?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"product": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"product_id": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-activerecord@4.0.2-6.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"product": {
"name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"product_id": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-activerecord-doc@4.0.2-6.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"product": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"product_id": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-activesupport@4.0.2-4.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"product": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"product_id": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-actionpack@4.0.2-7.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"product": {
"name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"product_id": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-actionpack-doc@4.0.2-7.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"product": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"product_id": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-activerecord@4.0.2-6.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"product": {
"name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"product_id": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-activerecord-doc@4.0.2-6.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"product": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"product_id": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-activesupport@4.0.2-4.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"product": {
"name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"product_id": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-actionpack-doc@4.0.2-7.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"product": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"product_id": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-actionpack@4.0.2-7.el6?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch"
},
"product_reference": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch"
},
"product_reference": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch"
},
"product_reference": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch"
},
"product_reference": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch"
},
"product_reference": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch"
},
"product_reference": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch"
},
"product_reference": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch"
},
"product_reference": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch"
},
"product_reference": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch"
},
"product_reference": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch"
},
"product_reference": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch"
},
"product_reference": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch"
},
"product_reference": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch"
},
"product_reference": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch"
},
"product_reference": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch"
},
"product_reference": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Daniel Waterworth"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2015-7576",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301933"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7576"
},
{
"category": "external",
"summary": "RHBZ#1301933",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301933"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7576",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7576"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576"
},
{
"category": "external",
"summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
"url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:56:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0454"
},
{
"category": "workaround",
"details": "Use following code to monkey-patch http_basic_authenticate_with method in ActionController:\n\n~~~\nmodule ActiveSupport\n module SecurityUtils\n def secure_compare(a, b)\n return false unless a.bytesize == b.bytesize\n\n l = a.unpack \"C#{a.bytesize}\"\n\n res = 0\n b.each_byte { |byte| res |= byte ^ l.shift }\n res == 0\n end\n module_function :secure_compare\n\n def variable_size_secure_compare(a, b)\n secure_compare(::Digest::SHA256.hexdigest(a), ::Digest::SHA256.hexdigest(b))\n end\n module_function :variable_size_secure_compare\n end\nend\n\nmodule ActionController\n class Base\n def self.http_basic_authenticate_with(options = {})\n before_action(options.except(:name, :password, :realm)) do\n authenticate_or_request_with_http_basic(options[:realm] || \"Application\") do |name, password|\n # This comparison uses \u0026 so that it doesn\u0027t short circuit and\n # uses `variable_size_secure_compare` so that length information\n # isn\u0027t leaked.\n ActiveSupport::SecurityUtils.variable_size_secure_compare(name, options[:name]) \u0026\n ActiveSupport::SecurityUtils.variable_size_secure_compare(password, options[:password])\n end\n end\n end\n end\nend\n~~~",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Justin Coyne"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2015-7577",
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301957"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Active Record component\u0027s handling of nested attributes in combination with the destroy flag. An attacker could possibly use this flaw to set attributes to invalid values or clear all attributes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-activerecord: Nested attributes rejection proc bypass in Active Record",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7577"
},
{
"category": "external",
"summary": "RHBZ#1301957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301957"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7577",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7577"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7577",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7577"
},
{
"category": "external",
"summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
"url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/cawsWcQ6c8g/tegZtYdbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/cawsWcQ6c8g/tegZtYdbFQAJ"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:56:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0454"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-activerecord: Nested attributes rejection proc bypass in Active Record"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
}
],
"cve": "CVE-2015-7581",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301981"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Action Pack component\u0027s caching of controller references. An attacker could use this flaw to cause unbounded memory growth, potentially resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: Object leak vulnerability for wildcard controller routes in Action Pack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7581"
},
{
"category": "external",
"summary": "RHBZ#1301981",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301981"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7581",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7581"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7581",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7581"
},
{
"category": "external",
"summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
"url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/dthJ5wL69JE/YzPnFelbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/dthJ5wL69JE/YzPnFelbFQAJ"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:56:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0454"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-actionpack: Object leak vulnerability for wildcard controller routes in Action Pack"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Aaron Patterson"
],
"organization": "Red Hat",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-0751",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the Action Pack component performed MIME type lookups. Since queries were cached in a global cache of MIME types, an attacker could use this flaw to grow the cache indefinitely, potentially resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: possible object leak and denial of service attack in Action Pack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0751"
},
{
"category": "external",
"summary": "RHBZ#1301946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0751",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0751"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751"
},
{
"category": "external",
"summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
"url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:56:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0454"
},
{
"category": "workaround",
"details": "Use following code to monkey-patch mime types cache and disable caching.\n\n```\nrequire \u0027action_dispatch/http/mime_type\u0027\n\nMime.const_set :LOOKUP, Hash.new { |h,k|\n Mime::Type.new(k) unless k.blank?\n} \n```\n\nAlternatively perform filtering of mime types in the Accept header to allow only known types.",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-actionpack: possible object leak and denial of service attack in Action Pack"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"John Poulin"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-0752",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301963"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the \u0027render\u0027 method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: directory traversal flaw in Action View",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0752"
},
{
"category": "external",
"summary": "RHBZ#1301963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0752",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/335P1DcLG00/OfB9_LhbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/335P1DcLG00/OfB9_LhbFQAJ"
},
{
"category": "external",
"summary": "https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/",
"url": "https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:56:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0454"
},
{
"category": "workaround",
"details": "Avoid passing untrusted input to render method, or verify the input using whitelist before passing it to the render method:\n\n```\n\ndef index\n render verify_template(params[:id])\nend\n\nprivate\ndef verify_template(name)\n # add verification logic particular to your application here\nend\n\n```",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-actionpack: directory traversal flaw in Action View"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Jyoti Singh"
],
"summary": "Acknowledged by upstream."
},
{
"names": [
"Tobias Kraze"
],
"organization": "makandra",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-2097",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2016-02-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1310043"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the \u0027render\u0027 method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: directory traversal in Action View, incomplete CVE-2016-0752 fix",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2097"
},
{
"category": "external",
"summary": "RHBZ#1310043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310043"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2097"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2097",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2097"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ"
}
],
"release_date": "2016-02-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:56:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0454"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-actionpack: directory traversal in Action View, incomplete CVE-2016-0752 fix"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Tobias Kraze"
],
"organization": "makandra",
"summary": "Acknowledged by upstream."
},
{
"names": [
"joernchen"
],
"organization": "Phenoelit",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-2098",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2016-02-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1310054"
}
],
"notes": [
{
"category": "description",
"text": "A code injection flaw was found in the way Action View component searched for templates for rendering. If an application passed untrusted input to the \u0027render\u0027 method, a remote, unauthenticated attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: code injection vulnerability in Action View",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2098"
},
{
"category": "external",
"summary": "RHBZ#1310054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2098",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2098"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2098",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2098"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ"
}
],
"release_date": "2016-02-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:56:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0454"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-actionpack: code injection vulnerability in Action View"
}
]
}
rhsa-2016:0455
Vulnerability from csaf_redhat
Published
2016-03-15 20:55
Modified
2025-08-04 11:50
Summary
Red Hat Security Advisory: ruby193 security update
Notes
Topic
Updated ruby193-rubygem-actionpack and ruby193-rubygem-activerecord
packages that fix multiple security issues are now available for Red Hat
Software Collections.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
The ruby193 collection provides Ruby version 1.9.3 and Ruby on Rails
version 3.2. Ruby on Rails is a model-view-controller (MVC) framework for
web application development.
The following issues were corrected in rubygem-actionpack:
Multiple directory traversal flaws were found in the way the Action View
component searched for templates for rendering. If an application passed
untrusted input to the 'render' method, a remote, unauthenticated attacker
could use these flaws to render unexpected files and, possibly, execute
arbitrary code. (CVE-2016-0752, CVE-2016-2097)
A code injection flaw was found in the way the Action View component
searched for templates for rendering. If an application passed untrusted
input to the 'render' method, a remote, unauthenticated attacker could use
this flaw to execute arbitrary code. (CVE-2016-2098)
A flaw was found in the way the Action Pack component performed MIME type
lookups. Since queries were cached in a global cache of MIME types, an
attacker could use this flaw to grow the cache indefinitely, potentially
resulting in a denial of service. (CVE-2016-0751)
A flaw was found in the way the Action Controller component compared user
names and passwords when performing HTTP basic authentication. Time taken
to compare strings could differ depending on input, possibly allowing a
remote attacker to determine valid user names and passwords using a timing
attack. (CVE-2015-7576)
The following issue was corrected in rubygem-activerecord:
A flaw was found in the Active Record component's handling of nested
attributes in combination with the destroy flag. An attacker could possibly
use this flaw to set attributes to invalid values or clear all attributes.
(CVE-2015-7577)
Red Hat would like to thank the Ruby on Rails project for reporting these
issues. Upstream acknowledges John Poulin as the original reporter of
CVE-2016-0752, Jyoti Singh and Tobias Kraze (makandra) as original
reporters of CVE-2016-2097, Tobias Kraze (makandra) and joernchen
(Phenoelit) as original reporters of CVE-2016-2098, Aaron Patterson (Red
Hat) as the original reporter of CVE-2016-0751, Daniel Waterworth as the
original reporter of CVE-2015-7576, and Justin Coyne as the original
reporter of CVE-2015-7577.
All ruby193 collection rubygem-actionpack and rubygem-activerecord packages
users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues. All running applications using
the ruby193 collection must be restarted for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated ruby193-rubygem-actionpack and ruby193-rubygem-activerecord\npackages that fix multiple security issues are now available for Red Hat\nSoftware Collections.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The ruby193 collection provides Ruby version 1.9.3 and Ruby on Rails\nversion 3.2. Ruby on Rails is a model-view-controller (MVC) framework for\nweb application development.\n\nThe following issues were corrected in rubygem-actionpack:\n\nMultiple directory traversal flaws were found in the way the Action View\ncomponent searched for templates for rendering. If an application passed\nuntrusted input to the \u0027render\u0027 method, a remote, unauthenticated attacker\ncould use these flaws to render unexpected files and, possibly, execute\narbitrary code. (CVE-2016-0752, CVE-2016-2097)\n\nA code injection flaw was found in the way the Action View component\nsearched for templates for rendering. If an application passed untrusted\ninput to the \u0027render\u0027 method, a remote, unauthenticated attacker could use\nthis flaw to execute arbitrary code. (CVE-2016-2098)\n\nA flaw was found in the way the Action Pack component performed MIME type\nlookups. Since queries were cached in a global cache of MIME types, an\nattacker could use this flaw to grow the cache indefinitely, potentially\nresulting in a denial of service. (CVE-2016-0751)\n\nA flaw was found in the way the Action Controller component compared user\nnames and passwords when performing HTTP basic authentication. Time taken\nto compare strings could differ depending on input, possibly allowing a\nremote attacker to determine valid user names and passwords using a timing\nattack. (CVE-2015-7576)\n\nThe following issue was corrected in rubygem-activerecord:\n\nA flaw was found in the Active Record component\u0027s handling of nested\nattributes in combination with the destroy flag. An attacker could possibly\nuse this flaw to set attributes to invalid values or clear all attributes.\n(CVE-2015-7577)\n\nRed Hat would like to thank the Ruby on Rails project for reporting these\nissues. Upstream acknowledges John Poulin as the original reporter of\nCVE-2016-0752, Jyoti Singh and Tobias Kraze (makandra) as original\nreporters of CVE-2016-2097, Tobias Kraze (makandra) and joernchen\n(Phenoelit) as original reporters of CVE-2016-2098, Aaron Patterson (Red\nHat) as the original reporter of CVE-2016-0751, Daniel Waterworth as the\noriginal reporter of CVE-2015-7576, and Justin Coyne as the original\nreporter of CVE-2015-7577.\n\nAll ruby193 collection rubygem-actionpack and rubygem-activerecord packages\nusers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications using\nthe ruby193 collection must be restarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:0455",
"url": "https://access.redhat.com/errata/RHSA-2016:0455"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1301933",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301933"
},
{
"category": "external",
"summary": "1301946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301946"
},
{
"category": "external",
"summary": "1301957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301957"
},
{
"category": "external",
"summary": "1301963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963"
},
{
"category": "external",
"summary": "1310043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310043"
},
{
"category": "external",
"summary": "1310054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310054"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_0455.json"
}
],
"title": "Red Hat Security Advisory: ruby193 security update",
"tracking": {
"current_release_date": "2025-08-04T11:50:25+00:00",
"generator": {
"date": "2025-08-04T11:50:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2016:0455",
"initial_release_date": "2016-03-15T20:55:59+00:00",
"revision_history": [
{
"date": "2016-03-15T20:55:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-03-15T20:55:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-04T11:50:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"product": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"product_id": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-activerecord@3.2.8-11.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"product": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"product_id": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-activesupport@3.2.8-6.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"product": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"product_id": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.8-16.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"product": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"product_id": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-activerecord@3.2.8-11.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"product": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"product_id": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-activesupport@3.2.8-6.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"product": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"product_id": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.8-16.el6?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"product": {
"name": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"product_id": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-activerecord-doc@3.2.8-11.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"product": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"product_id": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-activerecord@3.2.8-11.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"product": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"product_id": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-activesupport@3.2.8-6.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"product": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"product_id": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.8-16.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"product": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"product_id": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack-doc@3.2.8-16.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"product": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"product_id": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-activerecord@3.2.8-11.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"product": {
"name": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"product_id": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-activerecord-doc@3.2.8-11.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"product": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"product_id": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-activesupport@3.2.8-6.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"product": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"product_id": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.8-16.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"product": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"product_id": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack-doc@3.2.8-16.el6?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Daniel Waterworth"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2015-7576",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301933"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7576"
},
{
"category": "external",
"summary": "RHBZ#1301933",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301933"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7576",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7576"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576"
},
{
"category": "external",
"summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
"url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:55:59+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0455"
},
{
"category": "workaround",
"details": "Use following code to monkey-patch http_basic_authenticate_with method in ActionController:\n\n~~~\nmodule ActiveSupport\n module SecurityUtils\n def secure_compare(a, b)\n return false unless a.bytesize == b.bytesize\n\n l = a.unpack \"C#{a.bytesize}\"\n\n res = 0\n b.each_byte { |byte| res |= byte ^ l.shift }\n res == 0\n end\n module_function :secure_compare\n\n def variable_size_secure_compare(a, b)\n secure_compare(::Digest::SHA256.hexdigest(a), ::Digest::SHA256.hexdigest(b))\n end\n module_function :variable_size_secure_compare\n end\nend\n\nmodule ActionController\n class Base\n def self.http_basic_authenticate_with(options = {})\n before_action(options.except(:name, :password, :realm)) do\n authenticate_or_request_with_http_basic(options[:realm] || \"Application\") do |name, password|\n # This comparison uses \u0026 so that it doesn\u0027t short circuit and\n # uses `variable_size_secure_compare` so that length information\n # isn\u0027t leaked.\n ActiveSupport::SecurityUtils.variable_size_secure_compare(name, options[:name]) \u0026\n ActiveSupport::SecurityUtils.variable_size_secure_compare(password, options[:password])\n end\n end\n end\n end\nend\n~~~",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Justin Coyne"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2015-7577",
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301957"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Active Record component\u0027s handling of nested attributes in combination with the destroy flag. An attacker could possibly use this flaw to set attributes to invalid values or clear all attributes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-activerecord: Nested attributes rejection proc bypass in Active Record",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7577"
},
{
"category": "external",
"summary": "RHBZ#1301957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301957"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7577",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7577"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7577",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7577"
},
{
"category": "external",
"summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
"url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/cawsWcQ6c8g/tegZtYdbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/cawsWcQ6c8g/tegZtYdbFQAJ"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:55:59+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-activerecord: Nested attributes rejection proc bypass in Active Record"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Aaron Patterson"
],
"organization": "Red Hat",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-0751",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the Action Pack component performed MIME type lookups. Since queries were cached in a global cache of MIME types, an attacker could use this flaw to grow the cache indefinitely, potentially resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: possible object leak and denial of service attack in Action Pack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0751"
},
{
"category": "external",
"summary": "RHBZ#1301946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0751",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0751"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751"
},
{
"category": "external",
"summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
"url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:55:59+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0455"
},
{
"category": "workaround",
"details": "Use following code to monkey-patch mime types cache and disable caching.\n\n```\nrequire \u0027action_dispatch/http/mime_type\u0027\n\nMime.const_set :LOOKUP, Hash.new { |h,k|\n Mime::Type.new(k) unless k.blank?\n} \n```\n\nAlternatively perform filtering of mime types in the Accept header to allow only known types.",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-actionpack: possible object leak and denial of service attack in Action Pack"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"John Poulin"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-0752",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301963"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the \u0027render\u0027 method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: directory traversal flaw in Action View",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0752"
},
{
"category": "external",
"summary": "RHBZ#1301963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0752",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/335P1DcLG00/OfB9_LhbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/335P1DcLG00/OfB9_LhbFQAJ"
},
{
"category": "external",
"summary": "https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/",
"url": "https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:55:59+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0455"
},
{
"category": "workaround",
"details": "Avoid passing untrusted input to render method, or verify the input using whitelist before passing it to the render method:\n\n```\n\ndef index\n render verify_template(params[:id])\nend\n\nprivate\ndef verify_template(name)\n # add verification logic particular to your application here\nend\n\n```",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-actionpack: directory traversal flaw in Action View"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Jyoti Singh"
],
"summary": "Acknowledged by upstream."
},
{
"names": [
"Tobias Kraze"
],
"organization": "makandra",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-2097",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2016-02-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1310043"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the \u0027render\u0027 method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: directory traversal in Action View, incomplete CVE-2016-0752 fix",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2097"
},
{
"category": "external",
"summary": "RHBZ#1310043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310043"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2097"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2097",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2097"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ"
}
],
"release_date": "2016-02-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:55:59+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-actionpack: directory traversal in Action View, incomplete CVE-2016-0752 fix"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Tobias Kraze"
],
"organization": "makandra",
"summary": "Acknowledged by upstream."
},
{
"names": [
"joernchen"
],
"organization": "Phenoelit",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-2098",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2016-02-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1310054"
}
],
"notes": [
{
"category": "description",
"text": "A code injection flaw was found in the way Action View component searched for templates for rendering. If an application passed untrusted input to the \u0027render\u0027 method, a remote, unauthenticated attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: code injection vulnerability in Action View",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2098"
},
{
"category": "external",
"summary": "RHBZ#1310054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2098",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2098"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2098",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2098"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ"
}
],
"release_date": "2016-02-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:55:59+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-actionpack: code injection vulnerability in Action View"
}
]
}
wid-sec-w-2025-1085
Vulnerability from csaf_certbund
Published
2016-01-25 23:00
Modified
2025-05-18 22:00
Summary
Ruby on Rails: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Ruby on Rails ist ein in der Programmiersprache Ruby geschriebenes und quelloffenes Web Application Framework.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Ruby on Rails ausnutzen, um Sicherheitsfunktionen zu umgehen, um Dateien zu manipulieren oder um einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Ruby on Rails ist ein in der Programmiersprache Ruby geschriebenes und quelloffenes Web Application Framework.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Ruby on Rails ausnutzen, um Sicherheitsfunktionen zu umgehen, um Dateien zu manipulieren oder um einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1085 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2016/wid-sec-w-2025-1085.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1085 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1085"
},
{
"category": "external",
"summary": "Weblog Rubyonrails vom 2016-01-25",
"url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-3464 vom 2016-02-01",
"url": "http://www.debian.org/security/2016/dsa-3464"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:0391-1 vom 2016-02-09",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160391-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:0432-1 vom 2016-02-12",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160432-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:0435-1 vom 2016-02-12",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160435-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:0457-1 vom 2016-02-15",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160457-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:0458-1 vom 2016-02-15",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160458-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:0456-1 vom 2016-02-15",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160456-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:0296 vom 2016-02-25",
"url": "https://rhn.redhat.com/errata/RHSA-2016-0296.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:0600-1 vom 2016-02-26",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160600-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:0598-1 vom 2016-02-26",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160598-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:0597-1 vom 2016-02-26",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160597-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:0599-1 vom 2016-02-26",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160599-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:0619-1 vom 2016-03-01",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160619-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:0623-1 vom 2016-03-01",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160623-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:0618-1 vom 2016-03-01",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160618-1.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-3509 vom 2016-03-09",
"url": "https://www.debian.org/security/2016/dsa-3509"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:0454 vom 2016-03-16",
"url": "https://rhn.redhat.com/errata/RHSA-2016-0454.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:0857-1 vom 2016-03-23",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160857-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:0858-1 vom 2016-03-23",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160858-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:0968-1 vom 2016-04-07",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160968-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:1146-1 vom 2016-04-25",
"url": "https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"category": "external",
"summary": "CXSecurity #WLB-2016100137 vom 2016-10-23",
"url": "https://cxsecurity.com/issue/WLB-2016100137"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:0475-1 vom 2017-02-16",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170475-1.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15125-1 vom 2025-05-18",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4QQONV4QKIWHRILZMO26H7FGDPO7KJAF/"
}
],
"source_lang": "en-US",
"title": "Ruby on Rails: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-18T22:00:00.000+00:00",
"generator": {
"date": "2025-05-19T08:27:28.505+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-1085",
"initial_release_date": "2016-01-25T23:00:00.000+00:00",
"revision_history": [
{
"date": "2016-01-25T23:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2016-01-25T23:00:00.000+00:00",
"number": "2",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-01-31T23:00:00.000+00:00",
"number": "3",
"summary": "New remediations available"
},
{
"date": "2016-01-31T23:00:00.000+00:00",
"number": "4",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-02-09T23:00:00.000+00:00",
"number": "5",
"summary": "New remediations available"
},
{
"date": "2016-02-09T23:00:00.000+00:00",
"number": "6",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-02-11T23:00:00.000+00:00",
"number": "7",
"summary": "New remediations available"
},
{
"date": "2016-02-14T23:00:00.000+00:00",
"number": "8",
"summary": "New remediations available"
},
{
"date": "2016-02-15T23:00:00.000+00:00",
"number": "9",
"summary": "New remediations available"
},
{
"date": "2016-02-25T23:00:00.000+00:00",
"number": "10",
"summary": "New remediations available"
},
{
"date": "2016-02-25T23:00:00.000+00:00",
"number": "11",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-02-28T23:00:00.000+00:00",
"number": "12",
"summary": "New remediations available"
},
{
"date": "2016-03-01T23:00:00.000+00:00",
"number": "13",
"summary": "New remediations available"
},
{
"date": "2016-03-09T23:00:00.000+00:00",
"number": "14",
"summary": "New remediations available"
},
{
"date": "2016-03-15T23:00:00.000+00:00",
"number": "15",
"summary": "New remediations available"
},
{
"date": "2016-03-23T23:00:00.000+00:00",
"number": "16",
"summary": "New remediations available"
},
{
"date": "2016-04-07T22:00:00.000+00:00",
"number": "17",
"summary": "New remediations available"
},
{
"date": "2016-04-25T22:00:00.000+00:00",
"number": "18",
"summary": "New remediations available"
},
{
"date": "2016-04-25T22:00:00.000+00:00",
"number": "19",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-02-16T23:00:00.000+00:00",
"number": "20",
"summary": "New remediations available"
},
{
"date": "2025-05-18T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von openSUSE aufgenommen"
}
],
"status": "final",
"version": "21"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.2.5.1",
"product": {
"name": "Open Source Ruby on Rails \u003c4.2.5.1",
"product_id": "T006926"
}
},
{
"category": "product_version",
"name": "4.2.5.1",
"product": {
"name": "Open Source Ruby on Rails 4.2.5.1",
"product_id": "T006926-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:rubyonrails:ruby_on_rails:4.2.5.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.1.14.1",
"product": {
"name": "Open Source Ruby on Rails \u003c4.1.14.1",
"product_id": "T006927"
}
},
{
"category": "product_version",
"name": "4.1.14.1",
"product": {
"name": "Open Source Ruby on Rails 4.1.14.1",
"product_id": "T006927-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:rubyonrails:ruby_on_rails:4.1.14.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.2.22.1",
"product": {
"name": "Open Source Ruby on Rails \u003c3.2.22.1",
"product_id": "T006928"
}
},
{
"category": "product_version",
"name": "3.2.22.1",
"product": {
"name": "Open Source Ruby on Rails 3.2.22.1",
"product_id": "T006928-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:rubyonrails:ruby_on_rails:3.2.22.1"
}
}
}
],
"category": "product_name",
"name": "Ruby on Rails"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "6",
"product": {
"name": "Red Hat Enterprise Linux 6",
"product_id": "120737",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6"
}
}
},
{
"category": "product_version",
"name": "7",
"product": {
"name": "Red Hat Enterprise Linux 7",
"product_id": "T006054",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server",
"product": {
"name": "SUSE Linux Enterprise Server",
"product_id": "T003320",
"product_identification_helper": {
"cpe": "cpe:/o:suse:linux_enterprise_server:suseenterprisehighavailabilityextension11sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-7576",
"product_status": {
"known_affected": [
"T003320",
"2951",
"T002207",
"T027843",
"T006926",
"T006928",
"T006927"
]
},
"release_date": "2016-01-25T23:00:00.000+00:00",
"title": "CVE-2015-7576"
},
{
"cve": "CVE-2015-7577",
"product_status": {
"known_affected": [
"T002207",
"T027843",
"T006926",
"T006928",
"T006927"
]
},
"release_date": "2016-01-25T23:00:00.000+00:00",
"title": "CVE-2015-7577"
},
{
"cve": "CVE-2015-7578",
"product_status": {
"known_affected": [
"T002207",
"T027843",
"T006926",
"T006928",
"T006927"
]
},
"release_date": "2016-01-25T23:00:00.000+00:00",
"title": "CVE-2015-7578"
},
{
"cve": "CVE-2015-7579",
"product_status": {
"known_affected": [
"T002207",
"T027843",
"T006926",
"T006928",
"T006927"
]
},
"release_date": "2016-01-25T23:00:00.000+00:00",
"title": "CVE-2015-7579"
},
{
"cve": "CVE-2015-7580",
"product_status": {
"known_affected": [
"T002207",
"T027843",
"T006926",
"T006928",
"T006927"
]
},
"release_date": "2016-01-25T23:00:00.000+00:00",
"title": "CVE-2015-7580"
},
{
"cve": "CVE-2015-7581",
"product_status": {
"known_affected": [
"T002207",
"T027843",
"T006926",
"T006928",
"T006927"
]
},
"release_date": "2016-01-25T23:00:00.000+00:00",
"title": "CVE-2015-7581"
},
{
"cve": "CVE-2016-0751",
"product_status": {
"known_affected": [
"T002207",
"T027843",
"T006926",
"T006928",
"T006927"
]
},
"release_date": "2016-01-25T23:00:00.000+00:00",
"title": "CVE-2016-0751"
},
{
"cve": "CVE-2016-0752",
"product_status": {
"known_affected": [
"T003320",
"2951",
"T002207",
"120737",
"T027843",
"T006926",
"T006054",
"T006928",
"T006927"
]
},
"release_date": "2016-01-25T23:00:00.000+00:00",
"title": "CVE-2016-0752"
},
{
"cve": "CVE-2016-0753",
"product_status": {
"known_affected": [
"T002207",
"T027843",
"T006926",
"T006928",
"T006927"
]
},
"release_date": "2016-01-25T23:00:00.000+00:00",
"title": "CVE-2016-0753"
}
]
}
fkie_cve-2016-0752
Vulnerability from fkie_nvd
Published
2016-02-16 02:59
Modified
2025-04-12 10:46
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html | Permissions Required | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html | Permissions Required | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2016-0296.html | Third Party Advisory | |
| secalert@redhat.com | http://www.debian.org/security/2016/dsa-3464 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2016/01/25/13 | Exploit, Mailing List | |
| secalert@redhat.com | http://www.securityfocus.com/bid/81801 | Broken Link, Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securitytracker.com/id/1034816 | Broken Link, Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ | Broken Link | |
| secalert@redhat.com | https://www.exploit-db.com/exploits/40561/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-0296.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3464 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/01/25/13 | Exploit, Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/81801 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034816 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40561/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rubyonrails | rails | * | |
| rubyonrails | rails | * | |
| rubyonrails | rails | * | |
| rubyonrails | rails | 5.0.0 | |
| opensuse | leap | 42.1 | |
| opensuse | opensuse | 13.2 | |
| suse | linux_enterprise_module_for_containers | 12 | |
| debian | debian_linux | 8.0 | |
| redhat | software_collections | 1.0 |
{
"cisaActionDue": "2022-04-15",
"cisaExploitAdd": "2022-03-25",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Ruby on Rails Directory Traversal Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E62190CB-5109-46AA-B58C-B3A11667A0AD",
"versionEndExcluding": "3.2.22.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65BD90F9-5A0C-4A1F-AB48-30FC68A3329F",
"versionEndExcluding": "4.1.14.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B405A97A-7C41-4005-8E72-56F632D72B9E",
"versionEndExcluding": "4.2.5.1",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "AF8F94CF-D504-4165-A69E-3F1198CB162A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_module_for_containers:12:*:*:*:*:*:*:*",
"matchCriteriaId": "E9772014-5321-4AB8-9525-A94797C993B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en Action View en Ruby on Rails en versiones anteriores a 3.2.22.1, 4.0.x y 4.1.x en versiones anteriores a 4.1.14.1, 4.2.x en versiones anteriores a 4.2.5.1 y 5.x en versiones anteriores a 5.0.0.beta1.1 permite a atacantes remotos leer archivos arbitrarios aprovechando el uso no restringido del m\u00e9todo render en una aplicaci\u00f3n y proporcionando un .. (punto punto) en un nombre de ruta."
}
],
"id": "CVE-2016-0752",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2016-02-16T02:59:06.783",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3464"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/25/13"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/81801"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034816"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40561/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/25/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/81801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40561/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
ghsa-xrr4-p6fq-hjg7
Vulnerability from github
Published
2017-10-24 18:33
Modified
2024-07-16 20:12
Severity ?
VLAI Severity ?
Summary
Directory traversal vulnerability in Action View in Ruby on Rails
Details
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.14.0"
},
"package": {
"ecosystem": "RubyGems",
"name": "actionview"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.1.14.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.2.5.0"
},
"package": {
"ecosystem": "RubyGems",
"name": "actionview"
},
"ranges": [
{
"events": [
{
"introduced": "4.2.0"
},
{
"fixed": "4.2.5.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.14.0"
},
"package": {
"ecosystem": "RubyGems",
"name": "actionpack"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.1.14.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.2.5.0"
},
"package": {
"ecosystem": "RubyGems",
"name": "actionpack"
},
"ranges": [
{
"events": [
{
"introduced": "4.2.0"
},
{
"fixed": "4.2.5.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "actionpack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.22.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-0752"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T22:04:24Z",
"nvd_published_at": "2016-02-16T02:59:06Z",
"severity": "HIGH"
},
"details": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a `..` (dot dot) in a pathname.",
"id": "GHSA-xrr4-p6fq-hjg7",
"modified": "2024-07-16T20:12:47Z",
"published": "2017-10-24T18:33:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-xrr4-p6fq-hjg7"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/40561"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3464"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/01/25/13"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/81801"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1034816"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Directory traversal vulnerability in Action View in Ruby on Rails"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…