Security update for rubygem-actionpack-4_2, rubygem-actionview-4_2, rubygem-activemodel-4_2, rubygem-activerecord-4_2, rubygem-activesupport-4_2
This update for rubygem-actionpack-4_2, rubygem-actionview-4_2, rubygem-activemodel-4_2, rubygem-activerecord-4_2, rubygem-activesupport-4_2 fixes the following issues:
- CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller (boo#963329)
- CVE-2016-0752: directory traversal and information leak in Action View (boo#963332)
- CVE-2015-7581: unbounded memory growth DoS via wildcard controller routes (boo#963335)
- CVE-2016-0751: rubygem-actionpack: Object Leak DoS (boo#963331)
- CVE-2016-0753: Input Validation Circumvention (boo#963334)
- CVE-2015-7577: Nested attributes rejection proc bypass (boo#963330)
-
Submitted by
Jürgen Löhel (jloehel)
Fixed bugs
bnc#963329
VUL-0: CVE-2015-7576: rubygem-actionpack, rubygem-activesupport: Timing attack vulnerability in basic authentication in Action Controller
bnc#963334
VUL-0: CVE-2016-0753: rubygem-activemodel, rubygem-activesupport, rubygem-activerecord: Input Validation Circumvention
bnc#963335
VUL-0: CVE-2015-7581: rubygem-actionpack: unbounded memory growth DoS via wildcard controller routes
bnc#963330
VUL-0: CVE-2015-7577: rubygem-activerecord: Nested attributes rejection proc bypass
bnc#963331
VUL-1: CVE-2016-0751: rubygem-actionpack: Object Leak DoS
bnc#963332
VUL-0: CVE-2016-0752: rubygem-actionpack, rubygem-actionview: directory traversal and information leak in Action View
