Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-2098 (GCVE-0-2016-2098)
Vulnerability from cvelistv5 – Published: 2016-04-07 23:00 – Updated: 2024-08-05 23:17
VLAI
EPSS
Summary
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.debian.org/security/2016/dsa-3509 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/83725 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1035122 | vdb-entryx_refsource_SECTRACK |
| https://www.exploit-db.com/exploits/40086/ | exploitx_refsource_EXPLOIT-DB |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://groups.google.com/forum/message/raw?msg=r… | mailing-listx_refsource_MLIST |
| http://weblog.rubyonrails.org/2016/2/29/Rails-4-2… | x_refsource_CONFIRM |
Date Public
2016-02-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2016:0867",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html"
},
{
"name": "SUSE-SU-2016:0967",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html"
},
{
"name": "DSA-3509",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3509"
},
{
"name": "83725",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83725"
},
{
"name": "1035122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035122"
},
{
"name": "40086",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40086/"
},
{
"name": "SUSE-SU-2016:0854",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html"
},
{
"name": "openSUSE-SU-2016:0790",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html"
},
{
"name": "SUSE-SU-2016:1146",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"name": "openSUSE-SU-2016:0835",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html"
},
{
"name": "[ruby-security-ann] 20160229 [CVE-2016-2098] Possible remote code execution vulnerability in Action Pack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application\u0027s unrestricted use of the render method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SU-2016:0867",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html"
},
{
"name": "SUSE-SU-2016:0967",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html"
},
{
"name": "DSA-3509",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3509"
},
{
"name": "83725",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83725"
},
{
"name": "1035122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035122"
},
{
"name": "40086",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40086/"
},
{
"name": "SUSE-SU-2016:0854",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html"
},
{
"name": "openSUSE-SU-2016:0790",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html"
},
{
"name": "SUSE-SU-2016:1146",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"name": "openSUSE-SU-2016:0835",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html"
},
{
"name": "[ruby-security-ann] 20160229 [CVE-2016-2098] Possible remote code execution vulnerability in Action Pack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application\u0027s unrestricted use of the render method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:0867",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html"
},
{
"name": "SUSE-SU-2016:0967",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html"
},
{
"name": "DSA-3509",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3509"
},
{
"name": "83725",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83725"
},
{
"name": "1035122",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035122"
},
{
"name": "40086",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40086/"
},
{
"name": "SUSE-SU-2016:0854",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html"
},
{
"name": "openSUSE-SU-2016:0790",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html"
},
{
"name": "SUSE-SU-2016:1146",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"name": "openSUSE-SU-2016:0835",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html"
},
{
"name": "[ruby-security-ann] 20160229 [CVE-2016-2098] Possible remote code execution vulnerability in Action Pack",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ"
},
{
"name": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/",
"refsource": "CONFIRM",
"url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2098",
"datePublished": "2016-04-07T23:00:00.000Z",
"dateReserved": "2016-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2016-2098",
"date": "2026-05-29",
"epss": "0.84091",
"percentile": "0.99319"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-2098\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2016-04-07T23:59:06.643\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application\u0027s unrestricted use of the render method.\"},{\"lang\":\"es\",\"value\":\"Action Pack en Ruby on Rails en versiones anteriores a 3.2.22.2, 4.x en versiones anteriores a 4.1.14.2 y 4.2.x en versiones anteriores a 4.2.5.2 permite a atacantes remotos ejecutar c\u00f3digo Ruby arbitrario aprovechando el uso no restringido del m\u00e9todo render de una aplicaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E950E33-CD03-45F5-83F9-F106060B4A8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"547C62C8-4B3E-431B-AA73-5C42ED884671\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CDAD329-35F7-4C82-8019-A0CF6D069059\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"56D3858B-0FEE-4E8D-83C2-68AF0431F478\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"254884EE-EBA4-45D0-9704-B5CB22569668\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"35FC7015-267C-403B-A23D-EDA6223D2104\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C913A56-959D-44F1-BD89-D246C66D1F09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D5BA926-38EE-47BE-9D16-FDCF360A503B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"18EA25F1-279A-4F1A-883D-C064369F592E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD794856-6F30-4ABF-8AE4-720BB75E6F89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4199B8B-A6F9-4BFD-8D27-0E663D8C579D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F11E76A3-FA5B-4038-AB52-3D7D5E54D8A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C583ACDE-55D5-4D2F-838F-BEC5BDCDE3B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"767C481D-6616-4CA9-9A9B-C994D9121796\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5496953-0C5E-45F8-A7FB-240CEC2CCEB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA46B621-125E-497F-B2DE-91C989B25936\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3239443-2E19-4540-BA0C-05A27E44CB6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"104AC9CF-6611-4469-9852-7FDAF4EC7638\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC9E1864-B1E5-42C3-B4AF-9A002916B66D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31AC91AA-6A9A-43B4-B3E9-A66A34B6E612\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A462C151-982E-4A83-A376-025015F40645\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"578CC013-776B-4868-B448-B7ACAF3AF832\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"C310EA3E-399A-48FD-8DE9-6950E328CF23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"293B2998-5169-4960-BEC4-21DAC837E32B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB42A8E7-D273-4CE2-9182-D831D8089BFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB757DFD-BF47-4483-A2C0-DF37F7D10989\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6C375F2-5027-4B55-9112-C5DD2F787E43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAB8D57F-9849-428C-B8E9-D0A1020728BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0359DA8-6B41-46C5-AA95-41B1B366DD4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0965BDB6-9644-465C-AA32-9278B2D53197\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6B15CF-37C1-4C9B-8457-4A8C9A480188\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"072EB16D-1325-4869-B156-65E786A834C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"847B3C3D-8656-404D-A954-09C159EDC8E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65CA2D50-B33C-4088-BDDF-EB964C9A092C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CADB5989-5260-4F60-ACF2-BEB6D7F97654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"509597D0-22E1-4BE8-95AD-C54FE4D15FA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B86E26CB-2376-4EBC-913C-B354E2D6711B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"539C550D-FEDD-415E-95AE-40E1AE2BAF1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5150753-E86D-4859-A046-97B83EAE2C14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59C5B869-74FC-4051-A103-A721332B3CF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F11E9791-7BCE-43E5-A4BA-6449623FE4F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE521626-2876-455C-9D99-DB74726DC724\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DFDD32E-F49E-47F7-B033-B6C3C0E07FC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCBA26F1-FBBA-444D-9C14-F15AB14A4FC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"16D3B0EA-49F7-401A-A1D9-437429D33EAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"17EBD8B4-C4D3-44A6-9DC1-89D948F126A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCB08CD7-E9B9-454F-BAF7-96162D177677\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D3DA0B4-E374-4ED4-8C3B-F723C968666F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1730A9A-6810-4470-AE6C-A5356D5BFF43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"709A19A5-8FD1-4F9C-A38C-F06242A94D68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"8104482C-E8F5-40A7-8B27-234FEF725FD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CFF8677-EA00-4F7E-BFF9-272482206DB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D7DF5CD-DA28-492D-B5EE-D252ECCC8D96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"85435026-9855-4BF4-A436-832628B005FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"56C2308F-A590-47B0-9791-7865D189196F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A266882-DABA-4A4C-88E6-60E993EE0947\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83F1142C-3BFB-4B72-A033-81E20DB19D02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FA738A1-227B-4665-B65E-666883FFAE96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F00718C-A9E8-4E85-8DA6-33BF11F2DCCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"10789A2D-6401-4119-BFBE-2EE4C16216D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"70ABD462-7142-4831-8EB6-801EC1D05573\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81D717DB-7C80-48AA-A774-E291D2E75D6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06B357FB-0307-4EFA-9C5B-3C2CDEA48584\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4BD8840-0F1C-49D3-B843-9CFE64948018\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79D5B492-43F9-470F-BD21-6EFD93E78453\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EC1F602-D48C-458A-A063-4050BE3BB25F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6A1C015-56AD-489C-B301-68CF1DBF1BEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD191625-ACE2-46B6-9AAD-12D682C732C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"02C7DB56-267B-4057-A9BA-36D1E58C6282\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC163D49-691B-4125-A983-6CF6F6D86DEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.2.22.1\",\"matchCriteriaId\":\"DBD4FBDC-F05B-4CDD-8928-7122397A7651\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91AB2B26-A6F1-44D2-92EB-8078DD6FD63A\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3509\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/83725\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1035122\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.exploit-db.com/exploits/40086/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3509\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/83725\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1035122\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/40086/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
SUSE-SU-2016:0854-1
Vulnerability from csaf_suse - Published: 2016-03-22 13:34 - Updated: 2016-03-22 13:34Summary
Security update for rubygem-actionview-4_1
Severity
Important
Notes
Title of the patch: Security update for rubygem-actionview-4_1
Description of the patch:
This update for rubygem-actionview-4_1 fixes the following issues:
- CVE-2016-2097: rubygem-actionview: Possible Information
Leak Vulnerability in Action View. (bsc#968850)
- CVE-2016-2098: rubygem-actionpack: Possible remote
code execution vulnerability in Action Pack (bsc#968849)
Patchnames: sleclo50sp3-rubygem-actionview-4_1-12467
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionview-4_1-4.1.9-12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.3 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionview-4_1-4.1.9-12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rubygem-actionview-4_1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for rubygem-actionview-4_1 fixes the following issues:\n\n- CVE-2016-2097: rubygem-actionview: Possible Information\n Leak Vulnerability in Action View. (bsc#968850)\n\n- CVE-2016-2098: rubygem-actionpack: Possible remote\n code execution vulnerability in Action Pack (bsc#968849)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleclo50sp3-rubygem-actionview-4_1-12467",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_0854-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:0854-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160854-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:0854-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-March/001962.html"
},
{
"category": "self",
"summary": "SUSE Bug 968849",
"url": "https://bugzilla.suse.com/968849"
},
{
"category": "self",
"summary": "SUSE Bug 968850",
"url": "https://bugzilla.suse.com/968850"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2097 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2098 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2098/"
}
],
"title": "Security update for rubygem-actionview-4_1",
"tracking": {
"current_release_date": "2016-03-22T13:34:50Z",
"generator": {
"date": "2016-03-22T13:34:50Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:0854-1",
"initial_release_date": "2016-03-22T13:34:50Z",
"revision_history": [
{
"date": "2016-03-22T13:34:50Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.1-rubygem-actionview-4_1-4.1.9-12.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-actionview-4_1-4.1.9-12.1.x86_64",
"product_id": "ruby2.1-rubygem-actionview-4_1-4.1.9-12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 5",
"product": {
"name": "SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:cloud:5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionview-4_1-4.1.9-12.1.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionview-4_1-4.1.9-12.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-actionview-4_1-4.1.9-12.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-2097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2097"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionview-4_1-4.1.9-12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2097",
"url": "https://www.suse.com/security/cve/CVE-2016-2097"
},
{
"category": "external",
"summary": "SUSE Bug 963332 for CVE-2016-2097",
"url": "https://bugzilla.suse.com/963332"
},
{
"category": "external",
"summary": "SUSE Bug 968850 for CVE-2016-2097",
"url": "https://bugzilla.suse.com/968850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionview-4_1-4.1.9-12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionview-4_1-4.1.9-12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-22T13:34:50Z",
"details": "moderate"
}
],
"title": "CVE-2016-2097"
},
{
"cve": "CVE-2016-2098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2098"
}
],
"notes": [
{
"category": "general",
"text": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application\u0027s unrestricted use of the render method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionview-4_1-4.1.9-12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2098",
"url": "https://www.suse.com/security/cve/CVE-2016-2098"
},
{
"category": "external",
"summary": "SUSE Bug 968849 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/968849"
},
{
"category": "external",
"summary": "SUSE Bug 969943 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/969943"
},
{
"category": "external",
"summary": "SUSE Bug 993313 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/993313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionview-4_1-4.1.9-12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionview-4_1-4.1.9-12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-22T13:34:50Z",
"details": "important"
}
],
"title": "CVE-2016-2098"
}
]
}
SUSE-SU-2016:0867-1
Vulnerability from csaf_suse - Published: 2016-03-23 14:29 - Updated: 2016-03-23 14:29Summary
Security update for rubygem-actionview-4_2
Severity
Important
Notes
Title of the patch: Security update for rubygem-actionview-4_2
Description of the patch:
This update for rubygem-actionview-4_2 fixes the following issues:
- CVE-2016-2098: rubygem-actionpack: Possible remote
code execution vulnerability in Action Pack (bsc#968849)
Patchnames: SUSE-OpenStack-Cloud-6-2016-501,SUSE-Storage-2.1-2016-501
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.3 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionview-4_2-4.2.2-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionview-4_2-4.2.2-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rubygem-actionview-4_2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for rubygem-actionview-4_2 fixes the following issues:\n\n- CVE-2016-2098: rubygem-actionpack: Possible remote\n code execution vulnerability in Action Pack (bsc#968849)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-OpenStack-Cloud-6-2016-501,SUSE-Storage-2.1-2016-501",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_0867-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:0867-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160867-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:0867-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-March/001965.html"
},
{
"category": "self",
"summary": "SUSE Bug 968849",
"url": "https://bugzilla.suse.com/968849"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2098 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2098/"
}
],
"title": "Security update for rubygem-actionview-4_2",
"tracking": {
"current_release_date": "2016-03-23T14:29:01Z",
"generator": {
"date": "2016-03-23T14:29:01Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:0867-1",
"initial_release_date": "2016-03-23T14:29:01Z",
"revision_history": [
{
"date": "2016-03-23T14:29:01Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.1-rubygem-actionview-4_2-4.2.2-8.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-actionview-4_2-4.2.2-8.1.x86_64",
"product_id": "ruby2.1-rubygem-actionview-4_2-4.2.2-8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 6",
"product": {
"name": "SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:6"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 2.1",
"product": {
"name": "SUSE Enterprise Storage 2.1",
"product_id": "SUSE Enterprise Storage 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:2.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionview-4_2-4.2.2-8.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionview-4_2-4.2.2-8.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-actionview-4_2-4.2.2-8.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionview-4_2-4.2.2-8.1.x86_64 as component of SUSE Enterprise Storage 2.1",
"product_id": "SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionview-4_2-4.2.2-8.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-actionview-4_2-4.2.2-8.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 2.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-2098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2098"
}
],
"notes": [
{
"category": "general",
"text": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application\u0027s unrestricted use of the render method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionview-4_2-4.2.2-8.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionview-4_2-4.2.2-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2098",
"url": "https://www.suse.com/security/cve/CVE-2016-2098"
},
{
"category": "external",
"summary": "SUSE Bug 968849 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/968849"
},
{
"category": "external",
"summary": "SUSE Bug 969943 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/969943"
},
{
"category": "external",
"summary": "SUSE Bug 993313 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/993313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionview-4_2-4.2.2-8.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionview-4_2-4.2.2-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionview-4_2-4.2.2-8.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionview-4_2-4.2.2-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-23T14:29:01Z",
"details": "important"
}
],
"title": "CVE-2016-2098"
}
]
}
SUSE-SU-2016:0967-1
Vulnerability from csaf_suse - Published: 2016-04-07 07:10 - Updated: 2016-04-07 07:10Summary
Security update for rubygem-actionpack-3_2
Severity
Important
Notes
Title of the patch: Security update for rubygem-actionpack-3_2
Description of the patch:
This update for rubygem-actionpack-3_2 fixes the following issues:
- CVE-2016-2097: rubygem-actionview: Possible Information
Leak Vulnerability in Action View. (bsc#968850)
- CVE-2016-2098: rubygem-actionpack: Possible remote
code execution vulnerability in Action Pack (bsc#968849)
Patchnames: sdksp4-rubygem-actionpack-3_2-12497,sleslms13-rubygem-actionpack-3_2-12497,slestso13-rubygem-actionpack-3_2-12497,slewyst13-rubygem-actionpack-3_2-12497
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Lifecycle Management Server 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Studio Onsite 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.3 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Lifecycle Management Server 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Studio Onsite 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rubygem-actionpack-3_2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for rubygem-actionpack-3_2 fixes the following issues:\n\n- CVE-2016-2097: rubygem-actionview: Possible Information\n Leak Vulnerability in Action View. (bsc#968850)\n\n- CVE-2016-2098: rubygem-actionpack: Possible remote\n code execution vulnerability in Action Pack (bsc#968849)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp4-rubygem-actionpack-3_2-12497,sleslms13-rubygem-actionpack-3_2-12497,slestso13-rubygem-actionpack-3_2-12497,slewyst13-rubygem-actionpack-3_2-12497",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_0967-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:0967-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160967-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:0967-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-April/001988.html"
},
{
"category": "self",
"summary": "SUSE Bug 968849",
"url": "https://bugzilla.suse.com/968849"
},
{
"category": "self",
"summary": "SUSE Bug 968850",
"url": "https://bugzilla.suse.com/968850"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2097 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2098 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2098/"
}
],
"title": "Security update for rubygem-actionpack-3_2",
"tracking": {
"current_release_date": "2016-04-07T07:10:35Z",
"generator": {
"date": "2016-04-07T07:10:35Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:0967-1",
"initial_release_date": "2016-04-07T07:10:35Z",
"revision_history": [
{
"date": "2016-04-07T07:10:35Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rubygem-actionpack-3_2-3.2.12-0.26.1.i586",
"product": {
"name": "rubygem-actionpack-3_2-3.2.12-0.26.1.i586",
"product_id": "rubygem-actionpack-3_2-3.2.12-0.26.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-actionpack-3_2-3.2.12-0.26.1.ia64",
"product": {
"name": "rubygem-actionpack-3_2-3.2.12-0.26.1.ia64",
"product_id": "rubygem-actionpack-3_2-3.2.12-0.26.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-actionpack-3_2-3.2.12-0.26.1.ppc64",
"product": {
"name": "rubygem-actionpack-3_2-3.2.12-0.26.1.ppc64",
"product_id": "rubygem-actionpack-3_2-3.2.12-0.26.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-actionpack-3_2-3.2.12-0.26.1.s390x",
"product": {
"name": "rubygem-actionpack-3_2-3.2.12-0.26.1.s390x",
"product_id": "rubygem-actionpack-3_2-3.2.12-0.26.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64",
"product": {
"name": "rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64",
"product_id": "rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Lifecycle Management Server 1.3",
"product": {
"name": "SUSE Lifecycle Management Server 1.3",
"product_id": "SUSE Lifecycle Management Server 1.3",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-slms:1.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Studio Onsite 1.3",
"product": {
"name": "SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-studioonsite:1.3"
}
}
},
{
"category": "product_name",
"name": "SUSE WebYast 1.3",
"product": {
"name": "SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:webyast:1.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-3_2-3.2.12-0.26.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.i586"
},
"product_reference": "rubygem-actionpack-3_2-3.2.12-0.26.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-3_2-3.2.12-0.26.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.ia64"
},
"product_reference": "rubygem-actionpack-3_2-3.2.12-0.26.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-3_2-3.2.12-0.26.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.ppc64"
},
"product_reference": "rubygem-actionpack-3_2-3.2.12-0.26.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-3_2-3.2.12-0.26.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.s390x"
},
"product_reference": "rubygem-actionpack-3_2-3.2.12-0.26.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64"
},
"product_reference": "rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64 as component of SUSE Lifecycle Management Server 1.3",
"product_id": "SUSE Lifecycle Management Server 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64"
},
"product_reference": "rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64",
"relates_to_product_reference": "SUSE Lifecycle Management Server 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64"
},
"product_reference": "rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-3_2-3.2.12-0.26.1.i586 as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.i586"
},
"product_reference": "rubygem-actionpack-3_2-3.2.12-0.26.1.i586",
"relates_to_product_reference": "SUSE WebYast 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-3_2-3.2.12-0.26.1.ia64 as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.ia64"
},
"product_reference": "rubygem-actionpack-3_2-3.2.12-0.26.1.ia64",
"relates_to_product_reference": "SUSE WebYast 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-3_2-3.2.12-0.26.1.ppc64 as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.ppc64"
},
"product_reference": "rubygem-actionpack-3_2-3.2.12-0.26.1.ppc64",
"relates_to_product_reference": "SUSE WebYast 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-3_2-3.2.12-0.26.1.s390x as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.s390x"
},
"product_reference": "rubygem-actionpack-3_2-3.2.12-0.26.1.s390x",
"relates_to_product_reference": "SUSE WebYast 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64 as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64"
},
"product_reference": "rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64",
"relates_to_product_reference": "SUSE WebYast 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-2097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2097"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Lifecycle Management Server 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64",
"SUSE Studio Onsite 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.i586",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.ia64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.ppc64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.s390x",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2097",
"url": "https://www.suse.com/security/cve/CVE-2016-2097"
},
{
"category": "external",
"summary": "SUSE Bug 963332 for CVE-2016-2097",
"url": "https://bugzilla.suse.com/963332"
},
{
"category": "external",
"summary": "SUSE Bug 968850 for CVE-2016-2097",
"url": "https://bugzilla.suse.com/968850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Lifecycle Management Server 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64",
"SUSE Studio Onsite 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.i586",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.ia64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.ppc64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.s390x",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Lifecycle Management Server 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64",
"SUSE Studio Onsite 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.i586",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.ia64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.ppc64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.s390x",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-04-07T07:10:35Z",
"details": "moderate"
}
],
"title": "CVE-2016-2097"
},
{
"cve": "CVE-2016-2098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2098"
}
],
"notes": [
{
"category": "general",
"text": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application\u0027s unrestricted use of the render method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Lifecycle Management Server 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64",
"SUSE Studio Onsite 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.i586",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.ia64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.ppc64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.s390x",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2098",
"url": "https://www.suse.com/security/cve/CVE-2016-2098"
},
{
"category": "external",
"summary": "SUSE Bug 968849 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/968849"
},
{
"category": "external",
"summary": "SUSE Bug 969943 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/969943"
},
{
"category": "external",
"summary": "SUSE Bug 993313 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/993313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Lifecycle Management Server 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64",
"SUSE Studio Onsite 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.i586",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.ia64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.ppc64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.s390x",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Lifecycle Management Server 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64",
"SUSE Studio Onsite 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.i586",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.ia64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.ppc64",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.s390x",
"SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-04-07T07:10:35Z",
"details": "important"
}
],
"title": "CVE-2016-2098"
}
]
}
SUSE-SU-2016:1146-1
Vulnerability from csaf_suse - Published: 2016-04-25 14:28 - Updated: 2016-04-25 14:28Summary
Security update for portus
Severity
Important
Notes
Title of the patch: Security update for portus
Description of the patch:
Portus was updated to version 2.0.3, which brings several fixes and enhancements:
- Fixed crono job when a repository could not be found.
- Fixed compatibility issues with Docker 1.10 and Distribution 2.3.
- Handle multiple scopes in token requests.
- Add optional fields to token response.
- Fixed notification events for Distribution v2.3.
- Paginate through the catalog properly.
- Do not remove all the repositories if fetching one fails.
- Fixed SMTP setup.
- Don't let crono overflow the 'log' column on the DB.
- Show the actual LDAP error on invalid login.
- Fixed the location of crono logs.
- Always use relative paths.
- Set RUBYLIB when using portusctl.
- Don't count hidden teams on the admin panel.
- Warn developers on unsupported docker-compose versions.
- Directly invalidate LDAP logins without name and password.
- Don't show the 'I forgot my password' link on LDAP.
The following Rubygems bundled within Portus have been updated to fix security
issues:
- CVE-2016-2098: rubygem-actionpack (bsc#969943).
- CVE-2015-7578: rails-html-sanitizer (bsc#963326).
- CVE-2015-7579: rails-html-sanitizer (bsc#963327).
- CVE-2015-7580: rails-html-sanitizer (bsc#963328).
- CVE-2015-7576: rubygem-actionpack, rubygem-activesupport (bsc#963563).
- CVE-2015-7577: rubygem-activerecord (bsc#963604).
- CVE-2016-0751: rugygem-actionpack (bsc#963627).
- CVE-2016-0752: rubygem-actionpack, rubygem-actionview (bsc#963608).
- CVE-2016-0753: rubygem-activemodel, rubygem-activesupport, rubygem-activerecord (bsc#963617).
- CVE-2015-7581: rubygem-actionpack (bsc#963625).
Patchnames: SUSE-SLE-Module-Containers-12-2016-672
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.3 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
57 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for portus",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nPortus was updated to version 2.0.3, which brings several fixes and enhancements:\n\n- Fixed crono job when a repository could not be found.\n- Fixed compatibility issues with Docker 1.10 and Distribution 2.3.\n- Handle multiple scopes in token requests.\n- Add optional fields to token response.\n- Fixed notification events for Distribution v2.3.\n- Paginate through the catalog properly.\n- Do not remove all the repositories if fetching one fails.\n- Fixed SMTP setup.\n- Don\u0027t let crono overflow the \u0027log\u0027 column on the DB.\n- Show the actual LDAP error on invalid login.\n- Fixed the location of crono logs.\n- Always use relative paths.\n- Set RUBYLIB when using portusctl.\n- Don\u0027t count hidden teams on the admin panel.\n- Warn developers on unsupported docker-compose versions.\n- Directly invalidate LDAP logins without name and password.\n- Don\u0027t show the \u0027I forgot my password\u0027 link on LDAP.\n\nThe following Rubygems bundled within Portus have been updated to fix security\nissues:\n\n- CVE-2016-2098: rubygem-actionpack (bsc#969943).\n- CVE-2015-7578: rails-html-sanitizer (bsc#963326).\n- CVE-2015-7579: rails-html-sanitizer (bsc#963327).\n- CVE-2015-7580: rails-html-sanitizer (bsc#963328).\n- CVE-2015-7576: rubygem-actionpack, rubygem-activesupport (bsc#963563).\n- CVE-2015-7577: rubygem-activerecord (bsc#963604).\n- CVE-2016-0751: rugygem-actionpack (bsc#963627).\n- CVE-2016-0752: rubygem-actionpack, rubygem-actionview (bsc#963608).\n- CVE-2016-0753: rubygem-activemodel, rubygem-activesupport, rubygem-activerecord (bsc#963617).\n- CVE-2015-7581: rubygem-actionpack (bsc#963625).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Module-Containers-12-2016-672",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1146-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:1146-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20161146-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:1146-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-April/002027.html"
},
{
"category": "self",
"summary": "SUSE Bug 963326",
"url": "https://bugzilla.suse.com/963326"
},
{
"category": "self",
"summary": "SUSE Bug 963327",
"url": "https://bugzilla.suse.com/963327"
},
{
"category": "self",
"summary": "SUSE Bug 963328",
"url": "https://bugzilla.suse.com/963328"
},
{
"category": "self",
"summary": "SUSE Bug 963563",
"url": "https://bugzilla.suse.com/963563"
},
{
"category": "self",
"summary": "SUSE Bug 963604",
"url": "https://bugzilla.suse.com/963604"
},
{
"category": "self",
"summary": "SUSE Bug 963608",
"url": "https://bugzilla.suse.com/963608"
},
{
"category": "self",
"summary": "SUSE Bug 963617",
"url": "https://bugzilla.suse.com/963617"
},
{
"category": "self",
"summary": "SUSE Bug 963625",
"url": "https://bugzilla.suse.com/963625"
},
{
"category": "self",
"summary": "SUSE Bug 963627",
"url": "https://bugzilla.suse.com/963627"
},
{
"category": "self",
"summary": "SUSE Bug 969943",
"url": "https://bugzilla.suse.com/969943"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7576 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7576/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7577 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7578 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7579 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7580 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7581 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0751 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0752 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0753 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2098 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2098/"
}
],
"title": "Security update for portus",
"tracking": {
"current_release_date": "2016-04-25T14:28:51Z",
"generator": {
"date": "2016-04-25T14:28:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:1146-1",
"initial_release_date": "2016-04-25T14:28:51Z",
"revision_history": [
{
"date": "2016-04-25T14:28:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "portus-2.0.3-2.4.x86_64",
"product": {
"name": "portus-2.0.3-2.4.x86_64",
"product_id": "portus-2.0.3-2.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 12",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "portus-2.0.3-2.4.x86_64 as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
},
"product_reference": "portus-2.0.3-2.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-7576",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7576"
}
],
"notes": [
{
"category": "general",
"text": "The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7576",
"url": "https://www.suse.com/security/cve/CVE-2015-7576"
},
{
"category": "external",
"summary": "SUSE Bug 963329 for CVE-2015-7576",
"url": "https://bugzilla.suse.com/963329"
},
{
"category": "external",
"summary": "SUSE Bug 963563 for CVE-2015-7576",
"url": "https://bugzilla.suse.com/963563"
},
{
"category": "external",
"summary": "SUSE Bug 970715 for CVE-2015-7576",
"url": "https://bugzilla.suse.com/970715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-04-25T14:28:51Z",
"details": "moderate"
}
],
"title": "CVE-2015-7576"
},
{
"cve": "CVE-2015-7577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7577"
}
],
"notes": [
{
"category": "general",
"text": "activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7577",
"url": "https://www.suse.com/security/cve/CVE-2015-7577"
},
{
"category": "external",
"summary": "SUSE Bug 963330 for CVE-2015-7577",
"url": "https://bugzilla.suse.com/963330"
},
{
"category": "external",
"summary": "SUSE Bug 963604 for CVE-2015-7577",
"url": "https://bugzilla.suse.com/963604"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-04-25T14:28:51Z",
"details": "moderate"
}
],
"title": "CVE-2015-7577"
},
{
"cve": "CVE-2015-7578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7578"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7578",
"url": "https://www.suse.com/security/cve/CVE-2015-7578"
},
{
"category": "external",
"summary": "SUSE Bug 963326 for CVE-2015-7578",
"url": "https://bugzilla.suse.com/963326"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-04-25T14:28:51Z",
"details": "moderate"
}
],
"title": "CVE-2015-7578"
},
{
"cve": "CVE-2015-7579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7579"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7579",
"url": "https://www.suse.com/security/cve/CVE-2015-7579"
},
{
"category": "external",
"summary": "SUSE Bug 963326 for CVE-2015-7579",
"url": "https://bugzilla.suse.com/963326"
},
{
"category": "external",
"summary": "SUSE Bug 963327 for CVE-2015-7579",
"url": "https://bugzilla.suse.com/963327"
},
{
"category": "external",
"summary": "SUSE Bug 963328 for CVE-2015-7579",
"url": "https://bugzilla.suse.com/963328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-04-25T14:28:51Z",
"details": "moderate"
}
],
"title": "CVE-2015-7579"
},
{
"cve": "CVE-2015-7580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7580"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7580",
"url": "https://www.suse.com/security/cve/CVE-2015-7580"
},
{
"category": "external",
"summary": "SUSE Bug 963326 for CVE-2015-7580",
"url": "https://bugzilla.suse.com/963326"
},
{
"category": "external",
"summary": "SUSE Bug 963327 for CVE-2015-7580",
"url": "https://bugzilla.suse.com/963327"
},
{
"category": "external",
"summary": "SUSE Bug 963328 for CVE-2015-7580",
"url": "https://bugzilla.suse.com/963328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-04-25T14:28:51Z",
"details": "moderate"
}
],
"title": "CVE-2015-7580"
},
{
"cve": "CVE-2015-7581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7581"
}
],
"notes": [
{
"category": "general",
"text": "actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application\u0027s use of a wildcard controller route.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7581",
"url": "https://www.suse.com/security/cve/CVE-2015-7581"
},
{
"category": "external",
"summary": "SUSE Bug 963335 for CVE-2015-7581",
"url": "https://bugzilla.suse.com/963335"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-04-25T14:28:51Z",
"details": "moderate"
}
],
"title": "CVE-2015-7581"
},
{
"cve": "CVE-2016-0751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0751"
}
],
"notes": [
{
"category": "general",
"text": "actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0751",
"url": "https://www.suse.com/security/cve/CVE-2016-0751"
},
{
"category": "external",
"summary": "SUSE Bug 963331 for CVE-2016-0751",
"url": "https://bugzilla.suse.com/963331"
},
{
"category": "external",
"summary": "SUSE Bug 963627 for CVE-2016-0751",
"url": "https://bugzilla.suse.com/963627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-04-25T14:28:51Z",
"details": "low"
}
],
"title": "CVE-2016-0751"
},
{
"cve": "CVE-2016-0752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0752"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application\u0027s unrestricted use of the render method and providing a .. (dot dot) in a pathname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0752",
"url": "https://www.suse.com/security/cve/CVE-2016-0752"
},
{
"category": "external",
"summary": "SUSE Bug 963332 for CVE-2016-0752",
"url": "https://bugzilla.suse.com/963332"
},
{
"category": "external",
"summary": "SUSE Bug 963608 for CVE-2016-0752",
"url": "https://bugzilla.suse.com/963608"
},
{
"category": "external",
"summary": "SUSE Bug 968850 for CVE-2016-0752",
"url": "https://bugzilla.suse.com/968850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-04-25T14:28:51Z",
"details": "moderate"
}
],
"title": "CVE-2016-0752"
},
{
"cve": "CVE-2016-0753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0753"
}
],
"notes": [
{
"category": "general",
"text": "Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0753",
"url": "https://www.suse.com/security/cve/CVE-2016-0753"
},
{
"category": "external",
"summary": "SUSE Bug 963334 for CVE-2016-0753",
"url": "https://bugzilla.suse.com/963334"
},
{
"category": "external",
"summary": "SUSE Bug 963617 for CVE-2016-0753",
"url": "https://bugzilla.suse.com/963617"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-04-25T14:28:51Z",
"details": "moderate"
}
],
"title": "CVE-2016-0753"
},
{
"cve": "CVE-2016-2098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2098"
}
],
"notes": [
{
"category": "general",
"text": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application\u0027s unrestricted use of the render method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2098",
"url": "https://www.suse.com/security/cve/CVE-2016-2098"
},
{
"category": "external",
"summary": "SUSE Bug 968849 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/968849"
},
{
"category": "external",
"summary": "SUSE Bug 969943 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/969943"
},
{
"category": "external",
"summary": "SUSE Bug 993313 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/993313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-04-25T14:28:51Z",
"details": "important"
}
],
"title": "CVE-2016-2098"
}
]
}
SUSE-SU-2017:2716-1
Vulnerability from csaf_suse - Published: 2017-10-12 12:43 - Updated: 2017-10-12 12:43Summary
Security update for the Ruby on Rails stack
Severity
Moderate
Notes
Title of the patch: Security update for the Ruby on Rails stack
Description of the patch: This update brings version 4.2.9 of the Ruby on Rails stack to provide the latest fixes and
improvements from upstream.
The following security issues have been fixed by upstream:
rubygem-actionpack-4_2
- CVE-2016-2098: Action Pack in Ruby on Rails allowed remote attackers to execute arbitrary Ruby code by leveraging
an application's unrestricted use of the render method (bsc#968849).
rubygem-activerecord-4_2
- CVE-2016-6317: Action Record did not properly consider differences in parameter handling between the Active Record
component and the JSON implementation, which allowed remote attackers to bypass intended database-query restrictions
and perform NULL checks or trigger missing WHERE clauses via a crafted request (bsc#993313).
rubygem-actionview-4_2
- CVE-2016-6316: Cross-site scripting (XSS) vulnerability in Action View might have allowed remote attackers to inject
arbitrary web script or HTML via text declared as 'HTML safe' and used as attribute values in tag handlers
(bsc#993302).
Additionally, the following packages have been updated to version 4.2.9:
- rubygem-rails-4_2
- rubygem-railties-4_2
- rubygem-activesupport-4_2
- rubygem-activerecord-4_2
- rubygem-activejob-4_2
- rubygem-actionview-4_2
- rubygem-actionpack-4_2
- rubygem-actionmailer-4_2
Patchnames: SUSE-OpenStack-Cloud-6-2017-1679,SUSE-OpenStack-Cloud-7-2017-1679,SUSE-Storage-3-2017-1679,SUSE-Storage-4-2017-1679
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.3 (High)
Affected products
Recommended
80 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
80 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
80 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Ruby on Rails stack",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update brings version 4.2.9 of the Ruby on Rails stack to provide the latest fixes and\nimprovements from upstream.\n\nThe following security issues have been fixed by upstream:\n\nrubygem-actionpack-4_2\n\n- CVE-2016-2098: Action Pack in Ruby on Rails allowed remote attackers to execute arbitrary Ruby code by leveraging\n an application\u0027s unrestricted use of the render method (bsc#968849).\n\nrubygem-activerecord-4_2\n\n- CVE-2016-6317: Action Record did not properly consider differences in parameter handling between the Active Record\n component and the JSON implementation, which allowed remote attackers to bypass intended database-query restrictions\n and perform NULL checks or trigger missing WHERE clauses via a crafted request (bsc#993313).\n\nrubygem-actionview-4_2\n\n- CVE-2016-6316: Cross-site scripting (XSS) vulnerability in Action View might have allowed remote attackers to inject\n arbitrary web script or HTML via text declared as \u0027HTML safe\u0027 and used as attribute values in tag handlers\n (bsc#993302).\n\nAdditionally, the following packages have been updated to version 4.2.9:\n\n- rubygem-rails-4_2\n- rubygem-railties-4_2\n- rubygem-activesupport-4_2\n- rubygem-activerecord-4_2\n- rubygem-activejob-4_2\n- rubygem-actionview-4_2\n- rubygem-actionpack-4_2\n- rubygem-actionmailer-4_2",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-OpenStack-Cloud-6-2017-1679,SUSE-OpenStack-Cloud-7-2017-1679,SUSE-Storage-3-2017-1679,SUSE-Storage-4-2017-1679",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2716-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:2716-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172716-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:2716-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-October/003293.html"
},
{
"category": "self",
"summary": "SUSE Bug 1055962",
"url": "https://bugzilla.suse.com/1055962"
},
{
"category": "self",
"summary": "SUSE Bug 968849",
"url": "https://bugzilla.suse.com/968849"
},
{
"category": "self",
"summary": "SUSE Bug 993302",
"url": "https://bugzilla.suse.com/993302"
},
{
"category": "self",
"summary": "SUSE Bug 993313",
"url": "https://bugzilla.suse.com/993313"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2098 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6316 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6316/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6317 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6317/"
}
],
"title": "Security update for the Ruby on Rails stack",
"tracking": {
"current_release_date": "2017-10-12T12:43:34Z",
"generator": {
"date": "2017-10-12T12:43:34Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:2716-1",
"initial_release_date": "2017-10-12T12:43:34Z",
"revision_history": [
{
"date": "2017-10-12T12:43:34Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"product_id": "ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"product_id": "ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"product_id": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"product_id": "ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"product_id": "ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"product_id": "ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"product_id": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"product_id": "ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"product_id": "ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"product_id": "ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.s390x",
"product": {
"name": "ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.s390x",
"product_id": "ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.s390x",
"product": {
"name": "ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.s390x",
"product_id": "ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.s390x",
"product": {
"name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.s390x",
"product_id": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.s390x",
"product": {
"name": "ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.s390x",
"product_id": "ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.s390x",
"product": {
"name": "ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.s390x",
"product_id": "ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.s390x",
"product": {
"name": "ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.s390x",
"product_id": "ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.s390x",
"product": {
"name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.s390x",
"product_id": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.s390x",
"product": {
"name": "ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.s390x",
"product_id": "ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.s390x",
"product": {
"name": "ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.s390x",
"product_id": "ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.s390x",
"product": {
"name": "ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.s390x",
"product_id": "ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"product_id": "ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"product_id": "ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"product_id": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"product_id": "ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"product_id": "ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"product_id": "ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"product_id": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"product_id": "ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"product_id": "ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"product_id": "ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 6",
"product": {
"name": "SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:6"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 3",
"product": {
"name": "SUSE Enterprise Storage 3",
"product_id": "SUSE Enterprise Storage 3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 4",
"product": {
"name": "SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.s390x"
},
"product_reference": "ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.s390x"
},
"product_reference": "ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.s390x"
},
"product_reference": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.s390x"
},
"product_reference": "ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.s390x"
},
"product_reference": "ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.s390x"
},
"product_reference": "ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.s390x"
},
"product_reference": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.s390x"
},
"product_reference": "ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.s390x"
},
"product_reference": "ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.s390x"
},
"product_reference": "ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64 as component of SUSE Enterprise Storage 3",
"product_id": "SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64 as component of SUSE Enterprise Storage 3",
"product_id": "SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64 as component of SUSE Enterprise Storage 3",
"product_id": "SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64 as component of SUSE Enterprise Storage 3",
"product_id": "SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64 as component of SUSE Enterprise Storage 3",
"product_id": "SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64 as component of SUSE Enterprise Storage 3",
"product_id": "SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64 as component of SUSE Enterprise Storage 3",
"product_id": "SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64 as component of SUSE Enterprise Storage 3",
"product_id": "SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64 as component of SUSE Enterprise Storage 3",
"product_id": "SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64 as component of SUSE Enterprise Storage 3",
"product_id": "SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64 as component of SUSE Enterprise Storage 3",
"product_id": "SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64 as component of SUSE Enterprise Storage 3",
"product_id": "SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64 as component of SUSE Enterprise Storage 3",
"product_id": "SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64 as component of SUSE Enterprise Storage 3",
"product_id": "SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64 as component of SUSE Enterprise Storage 3",
"product_id": "SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64 as component of SUSE Enterprise Storage 3",
"product_id": "SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64 as component of SUSE Enterprise Storage 3",
"product_id": "SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64 as component of SUSE Enterprise Storage 3",
"product_id": "SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64 as component of SUSE Enterprise Storage 3",
"product_id": "SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64 as component of SUSE Enterprise Storage 3",
"product_id": "SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-2098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2098"
}
],
"notes": [
{
"category": "general",
"text": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application\u0027s unrestricted use of the render method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2098",
"url": "https://www.suse.com/security/cve/CVE-2016-2098"
},
{
"category": "external",
"summary": "SUSE Bug 968849 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/968849"
},
{
"category": "external",
"summary": "SUSE Bug 969943 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/969943"
},
{
"category": "external",
"summary": "SUSE Bug 993313 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/993313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-10-12T12:43:34Z",
"details": "important"
}
],
"title": "CVE-2016-2098"
},
{
"cve": "CVE-2016-6316",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6316"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as \"HTML safe\" and used as attribute values in tag handlers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6316",
"url": "https://www.suse.com/security/cve/CVE-2016-6316"
},
{
"category": "external",
"summary": "SUSE Bug 993302 for CVE-2016-6316",
"url": "https://bugzilla.suse.com/993302"
},
{
"category": "external",
"summary": "SUSE Bug 993313 for CVE-2016-6316",
"url": "https://bugzilla.suse.com/993313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-10-12T12:43:34Z",
"details": "moderate"
}
],
"title": "CVE-2016-6316"
},
{
"cve": "CVE-2016-6317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6317"
}
],
"notes": [
{
"category": "general",
"text": "Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6317",
"url": "https://www.suse.com/security/cve/CVE-2016-6317"
},
{
"category": "external",
"summary": "SUSE Bug 993313 for CVE-2016-6317",
"url": "https://bugzilla.suse.com/993313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 3:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE OpenStack Cloud 6:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2-4.2.9-9.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activejob-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2-4.2.9-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2-4.2.9-3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-10-12T12:43:34Z",
"details": "moderate"
}
],
"title": "CVE-2016-6317"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…