ruby2.2-rubygem-railties-4_2-4.2.7.1-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10207 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ruby2.2-rubygem-railties-4_2-4.2.7.1-1.1 on GA media These are all security issues fixed in the ruby2.2-rubygem-railties-4_2-4.2.7.1-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10207 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10207 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2014-3514/ SUSE CVE CVE-2014-3514 page openSUSE Tumbleweed ruby2.2-rubygem-railties-4_2-4.2.7.1-1.1 ruby2.2-rubygem-railties-5_0-5.0.0.1-1.1 ruby2.2-rubygem-railties-doc-4_2-4.2.7.1-1.1 ruby2.2-rubygem-railties-doc-5_0-5.0.0.1-1.1 ruby2.3-rubygem-railties-4_2-4.2.7.1-1.1 ruby2.3-rubygem-railties-5_0-5.0.0.1-1.1 ruby2.3-rubygem-railties-doc-4_2-4.2.7.1-1.1 ruby2.3-rubygem-railties-doc-5_0-5.0.0.1-1.1 ruby2.2-rubygem-railties-4_2-4.2.7.1-1.1 as a component of openSUSE Tumbleweed ruby2.2-rubygem-railties-5_0-5.0.0.1-1.1 as a component of openSUSE Tumbleweed ruby2.2-rubygem-railties-doc-4_2-4.2.7.1-1.1 as a component of openSUSE Tumbleweed ruby2.2-rubygem-railties-doc-5_0-5.0.0.1-1.1 as a component of openSUSE Tumbleweed ruby2.3-rubygem-railties-4_2-4.2.7.1-1.1 as a component of openSUSE Tumbleweed ruby2.3-rubygem-railties-5_0-5.0.0.1-1.1 as a component of openSUSE Tumbleweed ruby2.3-rubygem-railties-doc-4_2-4.2.7.1-1.1 as a component of openSUSE Tumbleweed ruby2.3-rubygem-railties-doc-5_0-5.0.0.1-1.1 as a component of openSUSE Tumbleweed activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls. CVE-2014-3514 openSUSE Tumbleweed:ruby2.2-rubygem-railties-4_2-4.2.7.1-1.1 openSUSE Tumbleweed:ruby2.2-rubygem-railties-5_0-5.0.0.1-1.1 openSUSE Tumbleweed:ruby2.2-rubygem-railties-doc-4_2-4.2.7.1-1.1 openSUSE Tumbleweed:ruby2.2-rubygem-railties-doc-5_0-5.0.0.1-1.1 openSUSE Tumbleweed:ruby2.3-rubygem-railties-4_2-4.2.7.1-1.1 openSUSE Tumbleweed:ruby2.3-rubygem-railties-5_0-5.0.0.1-1.1 openSUSE Tumbleweed:ruby2.3-rubygem-railties-doc-4_2-4.2.7.1-1.1 openSUSE Tumbleweed:ruby2.3-rubygem-railties-doc-5_0-5.0.0.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3514.html CVE-2014-3514 https://bugzilla.suse.com/892777 SUSE Bug 892777