Security update for rubygem-actionview-4_1
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2016:0599-1
Final
1
1
2016-02-26T15:08:28Z
current
2016-02-26T15:08:28Z
2016-02-26T15:08:28Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for rubygem-actionview-4_1
This update for rubygem-actionview-4_1 fixes the following issues:
- CVE-2016-0752: directory traversal and information leak in Action View (bsc#963332)
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
sleclo50sp3-rubygem-actionview-4_1-12421
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2016/suse-su-20160599-1/
Link for SUSE-SU-2016:0599-1
https://lists.suse.com/pipermail/sle-security-updates/2016-February/001898.html
E-Mail link for SUSE-SU-2016:0599-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/963332
SUSE Bug 963332
https://www.suse.com/security/cve/CVE-2016-0752/
SUSE CVE CVE-2016-0752 page
SUSE OpenStack Cloud 5
ruby2.1-rubygem-actionview-4_1-4.1.9-9.1
ruby2.1-rubygem-actionview-4_1-4.1.9-9.1 as a component of SUSE OpenStack Cloud 5
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
CVE-2016-0752
SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionview-4_1-4.1.9-9.1
moderate
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20160599-1/
https://www.suse.com/security/cve/CVE-2016-0752.html
CVE-2016-0752
https://bugzilla.suse.com/963332
SUSE Bug 963332
https://bugzilla.suse.com/963608
SUSE Bug 963608
https://bugzilla.suse.com/968850
SUSE Bug 968850