View Single Post
  #1   (View Single Post)  
Old 12th February 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default More 'Ruby on Rails' security fixes released

From http://h-online.com/-1802628

Quote:
The Ruby on Rails Developers have released updates to Rails 3.2, 3.1 and 2.3 and made users aware of an update to the JSON gem to close an important security flaw. Most notable of the problems is CVE-2013-0277, another problem with serialised attributes in YAML. The flaw, which only affects Rails 2.3 and 3.0, can be exploited so that a crafted request would deserialize arbitrary YAML inside the server with the risk of denial of service or remote code execution.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote