Security update for rubygem-actionview-4_2 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:0867-1 Final 1 1 2016-03-23T14:29:01Z current 2016-03-23T14:29:01Z 2016-03-23T14:29:01Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for rubygem-actionview-4_2 This update for rubygem-actionview-4_2 fixes the following issues: - CVE-2016-2098: rubygem-actionpack: Possible remote code execution vulnerability in Action Pack (bsc#968849) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-OpenStack-Cloud-6-2016-501,SUSE-Storage-2.1-2016-501 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20160867-1/ Link for SUSE-SU-2016:0867-1 https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html E-Mail link for SUSE-SU-2016:0867-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/968849 SUSE Bug 968849 https://www.suse.com/security/cve/CVE-2016-2098/ SUSE CVE CVE-2016-2098 page SUSE Enterprise Storage 2.1 SUSE OpenStack Cloud 6 ruby2.1-rubygem-actionview-4_2-4.2.2-8.1 ruby2.1-rubygem-actionview-4_2-4.2.2-8.1 as a component of SUSE Enterprise Storage 2.1 ruby2.1-rubygem-actionview-4_2-4.2.2-8.1 as a component of SUSE OpenStack Cloud 6 Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method. CVE-2016-2098 SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionview-4_2-4.2.2-8.1 SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionview-4_2-4.2.2-8.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20160867-1/ https://www.suse.com/security/cve/CVE-2016-2098.html CVE-2016-2098 https://bugzilla.suse.com/968849 SUSE Bug 968849 https://bugzilla.suse.com/969943 SUSE Bug 969943 https://bugzilla.suse.com/993313 SUSE Bug 993313