[v2.5] ruby-actionpack: multiple fixes (CVE-2014-0081 CVE-2014-0082 CVE-2014-0130)
CVE-2014-0081:
Multiple cross-site scripting (XSS) vulnerabilities in
actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails
before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow
remote attackers to inject arbitrary web script or HTML via the (1)
format, (2) negative_format, or (3) units parameter to the (a)
number_to_currency, (b) number_to_percentage, or © number_to_human
helper.
•MLIST:[oss-security] 20140218 XSS Vulnerability in
number_to_currency, number_to_percentage and number_to_human
(CVE-2014-0081)
•URL: http://openwall.com/lists/oss-security/2014/02/18/8
•MLIST:[rubyonrails-security] 20140218 XSS Vulnerability in
number_to_currency, number_to_percentage and number_to_human
(CVE-2014-0081)
•URL:
https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ
•REDHAT:RHSA-2014:0215
•URL: http://rhn.redhat.com/errata/RHSA-2014-0215.html
•REDHAT:RHSA-2014:0306
•URL: http://rhn.redhat.com/errata/RHSA-2014-0306.html
•SUSE:openSUSE-SU-2014:0295
•URL: http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html
•SECUNIA:57376
•URL: http://secunia.com/advisories/57376
CVE-2014-0081:
actionpack/lib/action_view/template/text.rb in Action View in Ruby on
Rails 3.x before 3.2.17 converts MIME type strings to symbols during use
of the :text option to the render method, which allows remote attackers
to cause a denial of service (memory consumption) by including these
strings in headers.
•MLIST:[oss-security] 20140218 Denial of Service Vulnerability in
Action View when using render :text (CVE-2014-0082)
•URL: http://openwall.com/lists/oss-security/2014/02/18/10
•MLIST:[rubyonrails-security] 20140218 Denial of Service Vulnerability
in Action View when using render :text (CVE-2014-0082)
•URL:
https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO\_3\_eCuc/ozGBEhKaJbIJ
•CONFIRM:
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
•REDHAT:RHSA-2014:0215
•URL: http://rhn.redhat.com/errata/RHSA-2014-0215.html
•REDHAT:RHSA-2014:0306
•URL: http://rhn.redhat.com/errata/RHSA-2014-0306.html
•SUSE:openSUSE-SU-2014:0295
•URL: http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html
•SECUNIA:57376
•URL: http://secunia.com/advisories/57376
•SECUNIA:57836
•URL: http://secunia.com/advisories/57836
CVE-2014-0130:
Directory traversal vulnerability in
actionpack/lib/abstract_controller/base.rb in the implicit-render
implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and
4.1.x before 4.1.1, when certain route globbing configurations are
enabled, allows remote attackers to read arbitrary files via a crafted
request.
•MLIST:[rubyonrails-security] 20140506 [CVE-2014-0130] Directory
Traversal Vulnerability With Certain Route Configurations
•URL:
https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW\_PDBSG3AJ
(from redmine: issue id 2941, created on 2014-05-23, closed on 2015-05-07)
- Relations:
- parent #2940 (closed)