Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31271
HistoryOct 16, 2014 - 12:00 a.m.

[SECURITY] [DSA 2982-1] ruby-activerecord-3.2 security update

2014-10-1600:00:00
vulners.com
15
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Debian Security Advisory DSA-2982-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
July 19, 2014 http://www.debian.org/security/faq

Package : ruby-activerecord-3.2
CVE ID : CVE-2014-3482 CVE-2014-3483

Sean Griffin discovered two vulnerabilities in the PostgreSQL adapter
for Active Record which could lead to SQL injection.

For the stable distribution (wheezy), these problems have been fixed in
version 3.2.6-5+deb7u1. Debian provides two variants of "Ruby on Rails"
in Wheezy (2.3 and 3.2). Support for the 2.3 variants had to be ceased
at this point. This affects the following source packages:
ruby-actionmailer-2.3, ruby-actionpack-2.3 ruby-activerecord-2.3,
ruby-activeresource-2.3, ruby-activesupport-2.3 and ruby-rails-2.3. The
version of Redmine in Wheezy still requires 2.3, you can use an updated
version from backports.debian.org which is compatible with rails 3.2.

For the unstable distribution (sid), these problems have been fixed in
version 3.2.19-1 of the rails-3.2 source package.

We recommend that you upgrade your ruby-activerecord-3.2 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTykOCAAoJEBDCk7bDfE4212QP/02xh9SxMXSQ+K/UGeCNrcEk
ndZUWOwHsNmEzd7lauAfD8RiBTVSaHULS46LElcjlIhsEm3c28G7E+iyiRXbHzn/
HHVmwCuiqctXH2gcz0xct/uzUHCBG0OD6Q+EjERHo9SNirUtftjZUCekP6C8Qx3H
+fuvsGrvFupU1Ckio+zSTzgodBY807JIbTbX3VR3h0o2ckYFveIOvLtR7+c+a0QF
zR60hgoHQTFuwF7oaCJPb9+KMnFki0SyyOtEDbWpCoQ3mwmlvepQfYIc+jI8bEni
S7d/XWqzfqSrhRSfNkFnNLEOMRFZPhrA82G9RPQJ2/h2qh8GH6tUYZh3nL96BX03
kc+y96QZvSVYGIM8AYirZu2n5vGdaY9/kUtwIU3xUfPPtQ2mbvalYSIqy1gpAVbw
HCKBI5UW8L/AJBSCnWVVLWIxaepLN6ldf/8f27Q3wwJ3OQDPSgohji0QeZik2Uro
APMR1Bmi21r4MmbcoBk4Xq1KeHnqXzrdUOZvqxTKT+8LMXTDGZNRFo8WWYNHS/DN
y98ud8YyhtdAQMlO5hCHycTdRhvrW6Bjf7j/CCKBmOy/Ni0Y3FT/wIB/OMnMO+zj
XS1BDSDUdwIcuJ/+vjm4Gi37ByIe3QsRa2IASJs6Y0NaVk6guu2iuB8lWcA+OxOp
rhl2V1RLej6qxzaZGgGw
=1eAA
-----END PGP SIGNATURE-----

Related

openvas 5
nessus 3
debian 1
fedora 3
hackerone 2
ubuntucve 2
prion 2
redhat 2
osv 2
gitlab 2
github 2
veracode 2
cve 2
debiancve 2
rubygems 2
mageia 1
securityvulns 1
openvas
openvas
Debian Security Advisory DSA 2982-1 (ruby-activerecord-3.2 - security update)
2014-07-19 00:00:00
Debian Security Advisory DSA 2982-1 (ruby-activerecord-3.2 - security update)
2014-07-19 00:00:00
Fedora Update for rubygem-activerecord FEDORA-2014-8089
2014-08-23 00:00:00
nessus
nessus
Debian DSA-2982-1 : ruby-activerecord-3.2 - security update
2014-07-21 00:00:00
Fedora 19 : rubygem-activerecord-3.2.13-2.fc19 (2014-8089)
2014-08-23 00:00:00
Fedora 20 : rubygem-activerecord-4.0.0-4.fc20 (2014-8065)
2014-08-23 00:00:00
debian
debian
[SECURITY] [DSA 2982-1] ruby-activerecord-3.2 security update
2014-07-19 10:09:34
fedora
fedora
[SECURITY] Fedora 19 Update: rubygem-activerecord-3.2.13-2.fc19
2014-08-23 01:55:32
[SECURITY] Fedora 20 Update: rubygem-activerecord-4.0.0-4.fc20
2014-08-23 02:01:38
[SECURITY] Fedora 20 Update: rubygem-activerecord-4.0.0-5.fc20
2014-09-26 09:01:18
hackerone
hackerone
Ruby on Rails: Active Record SQL Injection Vulnerability Affecting PostgreSQL
2014-07-02 00:00:00
Ruby on Rails: Active Record SQL Injection Vulnerability Affecting PostgreSQL
2014-07-02 00:00:00
ubuntucve
ubuntucve
CVE-2014-3482
2014-07-07 00:00:00
CVE-2014-3483
2014-07-07 00:00:00
prion
prion
Sql injection
2014-07-07 11:01:00
Sql injection
2014-07-07 11:01:00
redhat
redhat
(RHSA-2014:0877) Moderate: ror40-rubygem-activerecord security update
2014-07-14 00:00:00
(RHSA-2014:0876) Moderate: ruby193-rubygem-activerecord security update
2014-07-14 00:00:00
osv
osv
Active Record contains SQL Injection via improper range quoting
2017-10-24 18:33:36
SQL Injection in Active Record
2017-10-24 18:33:36
gitlab
gitlab
SQL Injection Vulnerabilities Affecting PostgreSQL
2014-07-07 00:00:00
SQL Injection Vulnerabilities Affecting PostgreSQL
2014-07-07 00:00:00
github
github
SQL Injection in Active Record
2017-10-24 18:33:36
Active Record contains SQL Injection via improper range quoting
2017-10-24 18:33:36
veracode
veracode
SQL Command Injection By Leveraging Improper Range Quoting
2019-01-15 08:56:06
SQL Command Injection By Leveraging Improper Bitstring Quoting
2019-01-15 08:56:04
cve
cve
CVE-2014-3483
2014-07-07 11:01:00
CVE-2014-3482
2014-07-07 11:01:00
debiancve
debiancve
CVE-2014-3483
2014-07-07 11:01:00
CVE-2014-3482
2014-07-07 11:01:00
rubygems
rubygems
CVE-2014-3483 rubygem-activerecord: SQL injection vulnerability in 'range' quoting
2014-07-01 20:00:00
CVE-2014-3482 rubygem-activerecord: SQL injection vulnerability in 'bitstring' quoting
2014-07-01 20:00:00
mageia
mageia
Updated ruby-actionpack packages fix security issues
2014-07-26 17:09:43
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2014-10-17 00:00:00
JSON
Related for SECURITYVULNS:DOC:31271
openvas5nessus3debian1fedora3hackerone2ubuntucve2prion2redhat2osv2gitlab2github2veracode2cve2debiancve2rubygems2mageia1securityvulns1