DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 12th February 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,116
Thanked 182 Times in 149 Posts
Default More 'Ruby on Rails' security fixes released

From http://h-online.com/-1802628

Quote:
The Ruby on Rails Developers have released updates to Rails 3.2, 3.1 and 2.3 and made users aware of an update to the JSON gem to close an important security flaw. Most notable of the problems is CVE-2013-0277, another problem with serialised attributes in YAML. The flaw, which only affects Rails 2.3 and 3.0, can be exploited so that a crafted request would deserialize arbitrary YAML inside the server with the risk of denial of service or remote code execution.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Ruby on Rails has SQL injection vulnerability J65nko News 0 4th January 2013 04:54 AM
Security Ruby on Rails patches more SQL injection holes J65nko News 0 14th June 2012 08:43 PM
Ruby on Rails updates fix security holes J65nko News 0 10th February 2011 04:00 PM
Ruby on Rails 2.3.6 released, rapidly updated to 2.3.7 J65nko News 4 26th May 2010 09:50 AM
Python Vs Ruby & Django Vs Rails. tetrodozombie Programming 11 6th February 2010 11:21 PM


All times are GMT. The time now is 11:35 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick