Security update for rubygem-actionview-4_2 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:0790-1 Final 1 1 2016-03-16T15:05:18Z current 2016-03-16T15:05:18Z 2016-03-16T15:05:18Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for rubygem-actionview-4_2 This update for rubygem-actionview-4_2 fixes the following issues: - CVE-2016-2098: rubygem-actionpack: Possible remote code execution vulnerability in Action Pack (boo#968849) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html E-Mail link for openSUSE-SU-2016:0790-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 ruby2.1-rubygem-actionview-4_2-4.2.4-9.1 ruby2.1-rubygem-actionview-doc-4_2-4.2.4-9.1 rubygem-actionview-4_2-4.2.4-9.1 ruby2.1-rubygem-actionview-4_2-4.2.4-9.1 as a component of openSUSE Leap 42.1 ruby2.1-rubygem-actionview-doc-4_2-4.2.4-9.1 as a component of openSUSE Leap 42.1 rubygem-actionview-4_2-4.2.4-9.1 as a component of openSUSE Leap 42.1 Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method. CVE-2016-2098 openSUSE Leap 42.1:ruby2.1-rubygem-actionview-4_2-4.2.4-9.1 openSUSE Leap 42.1:ruby2.1-rubygem-actionview-doc-4_2-4.2.4-9.1 openSUSE Leap 42.1:rubygem-actionview-4_2-4.2.4-9.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html https://www.suse.com/security/cve/CVE-2016-2098.html CVE-2016-2098 https://bugzilla.suse.com/968849 SUSE Bug 968849 https://bugzilla.suse.com/993313 SUSE Bug 993313